We are seeking a highly skilled and experienced Principal Engineer in Application Security / DevSecOps to lead and enhance our applications' security posture. The ideal candidate will have deep expertise in secure software development, DevSecOps practices, threat modeling, and security frameworks. This role is for an expert who will design, implement, and maintain robust security measures across the software development lifecycle (SDLC) and DevOps pipeline.
About Mozn:
Mozn is a rapidly growing and leading data science and product development firm based in Riyadh, with a proven track record of excellence in supporting and advancing the analytics ecosystem in Saudi Arabia. We are a trusted analytics partner for major government organizations, large corporations, and startups in the region, with significant opportunities for growth through Saudi Arabia's Vision 2030 initiative.
Key Responsibilities:
- Technical Leadership: Develop and drive the strategic roadmap for application security and DevSecOps within the organization, integrating security best practices seamlessly into SDLC and CI/CD pipelines.
- Technical Expertise: Design and implement security solutions for cloud-native, microservices-based, and legacy applications, while ensuring automated security tools (e.g., SAST, DAST, SCA, IAST, RASP) are integrated into CI/CD pipelines.
- Operational Excellence: Monitor, analyze, and respond to application and system vulnerabilities, leading vulnerability management efforts and conducting security assessments and penetration tests.
- Collaboration and Mentorship: Mentor teams to adopt secure development and DevSecOps practices, partnering with stakeholders to design secure development environments.
- Continuous Improvement: Stay updated on emerging security threats and lead initiatives to enhance the organization’s security posture, while measuring and reporting key security metrics.
Qualifications:
- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.
- Relevant certifications (CISSP, CISM, OSCP, CEH, or AWS/Azure/GCP Security) are highly desirable.
- Minimum 8–10 years of experience in application security, DevSecOps, or a related field.
- Proven track record of leading security initiatives in DevOps environments, with hands-on experience with CI/CD pipelines and automation tools.
- Expertise in cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes).
- Proficiency in programming and scripting languages (e.g., Python, Java, JavaScript, or Go).
- Strong understanding of OWASP Top 10, SANS/CWE 25, and other security frameworks.
- Excellent problem-solving and critical-thinking abilities, along with strong leadership and communication skills.
Work Conditions:
- Hybrid work environment.
- Full-time position.
Language Requirements: Proficiency in English is essential; additional language skills may be beneficial.
Benefits:
- Opportunity to work on impactful projects.
- Flexible and empowering work culture.
- Responsibilities aligned with your skills to achieve the best results.
