We are seeking a highly skilled and experienced Principal Engineer - Application Security / DevSecOps to lead and enhance our application security posture. The ideal candidate will have deep expertise in secure software development, DevSecOps practices, threat modeling, and security frameworks. This role is designed for an expert who will design, implement, and maintain robust security measures across the software development lifecycle (SDLC) and DevOps pipeline.
Mozn is a rapidly growing and leading data science & product development firm based in Riyadh, with a proven track record of excellence in supporting and expanding the analytics ecosystem in Saudi Arabia. As a trusted analytics partner for major government organizations, large corporations, and startups in the region, Mozn is at a critical stage of scaling the company to build institutional analytics knowledge within the organization and the country. This is an exciting time to work in Saudi Arabia as the rate of social and industrial change driven by Vision 2030 is unprecedented.
Key Responsibilities:
-
Technical Leadership: Develop and drive the strategic roadmap for application security and DevSecOps. Collaborate with engineering, operations, and product teams to integrate security best practices into SDLC and CI/CD pipelines. Advocate for a security-first culture across the organization.
-
Technical Expertise: Design and implement security solutions for cloud-native, microservices-based, and legacy applications. Integrate automated security tools into CI/CD pipelines (e.g., SAST, DAST, SCA). Develop and maintain threat models to proactively identify and mitigate risks. Establish and enforce secure coding standards and guidelines.
-
Operational Excellence: Monitor and respond to application and system vulnerabilities. Lead vulnerability management efforts, including prioritization and remediation. Conduct security assessments, code reviews, and penetration tests. Provide guidance on secure architecture patterns.
-
Collaboration and Mentorship: Mentor and coach teams to adopt secure development and DevSecOps practices. Partner with stakeholders to design security-aware development environments and work with compliance teams to ensure adherence to industry standards.
-
Continuous Improvement: Stay updated on emerging security threats and industry trends. Lead initiatives to enhance security posture and incident response capabilities. Measure and report key metrics to track security effectiveness and compliance.
Qualifications:
- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or related field.
- Relevant certifications (CISSP, CISM, OSCP, CEH, or AWS/Azure/GCP Security) are highly desirable.
- Minimum of 8–10 years of experience in application security, DevSecOps, or a related field.
- Proven track record of leading security initiatives in DevOps environments.
- Hands-on experience with CI/CD pipelines and automation tools.
- Expertise in cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes).
- Proficiency in programming/scripting languages (Python, Java, JavaScript, or Go).
- Strong understanding of OWASP Top 10, SANS/CWE 25, and other security frameworks.
- Knowledge of security tools and platforms (SonarQube, Veracode, Burp Suite).
- Experience with infrastructure-as-code security tools (Terraform, Ansible).
- Excellent problem-solving, critical-thinking, leadership, and communication skills.
Work Conditions:
- Hybrid work model with flexibility for remote work.
- Full-time position.
Language Requirements:
- Proficiency in English is preferred.
Benefits:
- Selective project undertaking focused on impactful solutions.
- Quick yet careful operational processes fostering excellent work.
- High responsibility and trust, allowing freedom in product management.
This opportunity offers a chance to work at the forefront of application security in a dynamic environment, contributing to significant developments in the analytics landscape of Saudi Arabia.
