Principal Engineer - Application Security / DevSecOps

Mozn is a rapidly growing and leading data science & product development firm based in Riyadh with a proven track record of excellence in supporting and growing the analytics ecosystem in Saudi Arabia. Mozn is a trusted analytics partner for the largest government organizations in Saudi Arabia, as well as many large corporations and startups. We are in a critical stage of scaling the company to build institutional analytics knowledge within Mozn and Saudi Arabia. It is an exciting time to work in Saudi Arabia; through Vision 2030, the rate of social and industrial change is staggering.

We are seeking a highly skilled and experienced Principal Engineer - Application Security / DevSecOps to lead and enhance our applications security posture. The ideal candidate will have deep expertise in secure software development, DevSecOps practices, threat modeling, and security frameworks. This role is for an expert who will design, implement, and maintain robust security measures across the software development lifecycle (SDLC) and DevOps pipeline.

Requirements

Technical Leadership:

- Develop and drive the strategic roadmap for application security and DevSecOps within the organization.
- Collaborate with engineering, operations, and product teams to integrate security best practices seamlessly into SDLC and CI/CD pipelines.
- Advocate for a security-first culture across the organization.

Technical Expertise:

- Design and implement security solutions for cloud-native, microservices-based, and legacy applications.
- Integrate automated security tools into CI/CD pipelines (e.g., SAST, DAST, SCA, IAST, and RASP).
- Develop and maintain threat models to identify and mitigate risks proactively.
- Establish and enforce coding standards and guidelines for secure coding practices.

Operational Excellence:

- Monitor, analyze, and respond to application and system vulnerabilities.
- Lead vulnerability management efforts, including prioritization and remediation.
- Conduct security assessments, code reviews, and penetration tests.
- Provide guidance on secure architecture patterns and solutions.

Collaboration and Mentorship:

- Mentor and coach teams to adopt secure development and DevSecOps practices.
- Partner with stakeholders to design and implement security-aware development environments.
- Work with compliance and governance teams to ensure adherence to industry standards (e.g., ISO 27001, GDPR, PCI-DSS, SOC 2).

Continuous Improvement:

- Stay abreast of emerging security threats, technologies, and industry trends.
- Lead initiatives to enhance the organization’s security posture and incident response capabilities.
- Measure and report key metrics to track security effectiveness and compliance.

Qualifications: 

Educational Background:

- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or related field.
- Relevant certifications such as CISSP, CISM, OSCP, CEH, or AWS/Azure/GCP Security certifications are highly desirable.

Experience:

- Minimum of 8–10 years of experience in application security, DevSecOps, or a related field.
- Proven track record of leading security initiatives in DevOps environments.
- Hands-on experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitHub Actions, GitLab CI/CD).
- Expertise in cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes).

Technical Skills:

- Proficiency in programming and scripting languages (e.g., Python, Java, JavaScript, or Go).
- Strong understanding of OWASP Top 10, SANS/CWE 25, and other security frameworks.
- Knowledge of security tools and platforms (e.g., SonarQube, Veracode, Burp Suite, Aqua, Prisma Cloud).
- Experience with infrastructure-as-code (IaC) security and tools like Terraform and Ansible.

Soft Skills:

- Excellent problem-solving and critical-thinking abilities.
- Strong leadership and communication skills to influence and collaborate with cross-functional teams.
- Ability to manage and prioritize multiple initiatives in a fast-paced environment.

Benefits

We think you'll enjoy working at Mozn. Here's why:

• We selectively choose to undertake projects with impact; our users and clients trust us to solve mission-critical problems.
• We move quickly, but carefully and confidently. Iterations happen on the scale of days to weeks, and we invest considerable effort in minimizing the operational overhead to empower you to do your best work.
• You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a product are given the freedom to do what they think is best.