Principal Engineer - Application Security / DevSecOps

Mozn is a rapidly growing and leading data science & product development firm based in Riyadh, recognized for its excellence in enhancing the analytics ecosystem in Saudi Arabia. As a trusted analytics partner for major government organizations and corporations, we are at a pivotal stage of scaling our operations to build institutional analytics knowledge across the region.

We are seeking a highly skilled and experienced Principal Engineer - Application Security / DevSecOps to lead and enhance our applications security posture. The ideal candidate will possess deep expertise in secure software development, DevSecOps practices, threat modeling, and security frameworks. This role involves designing, implementing, and maintaining robust security measures throughout the software development lifecycle (SDLC) and DevOps pipeline.

Key Responsibilities:

• Technical Leadership:

  • Develop and drive the strategic roadmap for application security and DevSecOps.
  • Collaborate with engineering, operations, and product teams to seamlessly integrate security best practices into SDLC and CI/CD pipelines.
  • Advocate for a security-first culture across the organization.

• Technical Expertise:

  • Design and implement security solutions for cloud-native, microservices-based, and legacy applications.
  • Integrate automated security tools into CI/CD pipelines.
  • Develop and maintain threat models to proactively identify and mitigate risks.
  • Establish and enforce secure coding standards and guidelines.

• Operational Excellence:

  • Monitor, analyze, and respond to application and system vulnerabilities.
  • Lead vulnerability management efforts, including prioritization and remediation.
  • Conduct security assessments, code reviews, and penetration tests.
  • Provide guidance on secure architecture patterns and solutions.

• Collaboration and Mentorship:

  • Mentor and coach teams in adopting secure development and DevSecOps practices.
  • Partner with stakeholders to design and implement security-aware development environments.
  • Collaborate with compliance and governance teams to ensure adherence to industry standards.

• Continuous Improvement:

  • Stay updated on emerging security threats, technologies, and trends.
  • Lead initiatives to enhance the security posture and incident response capabilities.
  • Measure and report key metrics to track security effectiveness and compliance.

Qualifications:

• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• Relevant certifications such as CISSP, CISM, OSCP, CEH, or cloud security certifications (AWS/Azure/GCP) are highly desirable.
• 8–10 years of experience in application security, DevSecOps, or a related field.
• Proven experience leading security initiatives in DevOps environments.
• Hands-on experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitHub Actions).
• Expertise in cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes).
• Proficiency in programming and scripting languages (e.g., Python, Java, JavaScript, Go).
• Strong understanding of OWASP Top 10, SANS/CWE 25, and other security frameworks.
• Knowledge of security tools and platforms (e.g., SonarQube, Veracode, Burp Suite).
• Experience with infrastructure-as-code (IaC) security and tools like Terraform and Ansible.
• Excellent problem-solving and critical-thinking skills.
• Strong leadership and communication skills to influence and collaborate with cross-functional teams.

Work Conditions:

• Hybrid work environment allowing remote work.
• Full-time position with responsibilities that require management and prioritization of multiple initiatives in a fast-paced environment.

Language Requirements:

• Proficiency in English is expected for this role.

This is an exciting opportunity to contribute to a mission-critical organization at a time of significant change and growth in Saudi Arabia.