Principal Engineer - Application Security - DevSecOps

March 2

Apply Now

Receive Emails with Similar Jobs

Mozn

WebsiteLinkedInAll Job Openings

Mozn is the market leader in Enterprise AI Software focused on Language and Finance Intelligence. Mozn’s mission is to empower organizations in making critical decisions – through world-class SaaS products built on cutting edge R&D and intelligence engines:

Enterprise AI • Arabic NLU • Risk • Fraud • Compliance

201 - 500 employees

💰 $10M Series A on 2022-02

📋 Description

• Mozn is a rapidly growing and leading data science & product development firm based in Riyadh with a proven track record of excellence in supporting and growing the analytics ecosystem in Saudi Arabia. • We are seeking a highly skilled and experienced Principal Engineer - Application Security / DevSecOps to lead and enhance our applications security posture. • The ideal candidate will have deep expertise in secure software development, DevSecOps practices, threat modeling, and security frameworks. • This role is for an expert who will design, implement, and maintain robust security measures across the software development lifecycle (SDLC) and DevOps pipeline.

🎯 Requirements

• Develop and drive the strategic roadmap for application security and DevSecOps within the organization. • Collaborate with engineering, operations, and product teams to integrate security best practices seamlessly into SDLC and CI/CD pipelines. • Advocate for a security-first culture across the organization. • Design and implement security solutions for cloud-native, microservices-based, and legacy applications. • Integrate automated security tools into CI/CD pipelines (e.g., SAST, DAST, SCA, IAST, and RASP). • Develop and maintain threat models to identify and mitigate risks proactively. • Establish and enforce coding standards and guidelines for secure coding practices. • Monitor, analyze, and respond to application and system vulnerabilities. • Lead vulnerability management efforts, including prioritization and remediation. • Conduct security assessments, code reviews, and penetration tests. • Provide guidance on secure architecture patterns and solutions. • Mentor and coach teams to adopt secure development and DevSecOps practices. • Partner with stakeholders to design and implement security-aware development environments. • Work with compliance and governance teams to ensure adherence to industry standards (e.g., ISO 27001, GDPR, PCI-DSS, SOC 2). • Stay abreast of emerging security threats, technologies, and industry trends. • Lead initiatives to enhance the organization’s security posture and incident response capabilities. • Measure and report key metrics to track security effectiveness and compliance. • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or related field. • Relevant certifications such as CISSP, CISM, OSCP, CEH, or AWS/Azure/GCP Security certifications are highly desirable. • Minimum of 8–10 years of experience in application security, DevSecOps, or a related field. • Proven track record of leading security initiatives in DevOps environments. • Hands-on experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitHub Actions, GitLab CI/CD). • Expertise in cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes). • Proficiency in programming and scripting languages (e.g., Python, Java, JavaScript, or Go). • Strong understanding of OWASP Top 10, SANS/CWE 25, and other security frameworks. • Knowledge of security tools and platforms (e.g., SonarQube, Veracode, Burp Suite, Aqua, Prisma Cloud). • Experience with infrastructure-as-code (IaC) security and tools like Terraform and Ansible. • Excellent problem-solving and critical-thinking abilities. • Strong leadership and communication skills to influence and collaborate with cross-functional teams. • Ability to manage and prioritize multiple initiatives in a fast-paced environment.

🏖️ Benefits

We think you'll enjoy working at Mozn. Here's why: • We selectively choose to undertake projects with impact; our users and clients trust us to solve mission-critical problems. • We move quickly, but carefully and confidently. Iterations happen on the scale of days to weeks, and we invest considerable effort in minimizing the operational overhead to empower you to do your best work. • You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a product are given the freedom to do what they think is best.