Mozn is a rapidly growing and leading data science and product development firm based in Riyadh, recognized for its excellence in supporting and growing the analytics ecosystem in Saudi Arabia. As a trusted analytics partner for major government organizations, corporations, and startups, Mozn is looking to enhance its applications security posture during a critical scaling phase aligned with Saudi Arabia's Vision 2030 initiative.
We are seeking a highly skilled and experienced Principal Engineer - Application Security / DevSecOps to design, implement, and maintain robust security measures across the software development lifecycle (SDLC) and DevOps pipeline. The ideal candidate will have expertise in secure software development, DevSecOps practices, threat modeling, and security frameworks.
Responsibilities:
- Develop and drive the strategic roadmap for application security and DevSecOps within the organization.
- Collaborate with engineering, operations, and product teams to integrate security best practices into SDLC and CI/CD pipelines.
- Advocate for a security-first culture across the organization.
- Design and implement security solutions for cloud-native, microservices-based, and legacy applications.
- Integrate automated security tools into CI/CD pipelines (e.g., SAST, DAST, SCA, IAST, RASP).
- Develop and maintain threat models to identify and mitigate risks proactively.
- Monitor, analyze, and respond to application and system vulnerabilities.
- Lead vulnerability management efforts, including prioritization and remediation.
- Conduct security assessments, code reviews, and penetration tests.
- Mentor and coach teams on secure development and DevSecOps practices.
Qualifications:
- Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related field.
- Minimum of 8-10 years of experience in application security, DevSecOps, or a related field.
- Proven track record of leading security initiatives in DevOps environments.
- Proficiency in programming and scripting languages (e.g., Python, Java, JavaScript, Go).
- Strong understanding of security frameworks such as OWASP Top 10 and SANS/CWE 25.
Language Requirements:
Proficiency in English is required.
Benefits:
- Engage in impactful projects entrusted by clients and users to solve mission-critical problems.
- Work in a fast-paced environment with minimal operational overhead to empower your best work.
- Enjoy a culture that values responsibility and trust, allowing you the freedom to make decisions for the products you work on.
