Principal Engineer - Application Security / DevSecOps
Remote
United Kingdom
Full Time
27-03-2025
Job Specifications
Mozn is a rapidly growing and leading data science & product development firm based in Riyadh with a proven track record of excellence in supporting and growing the analytics ecosystem in Saudi Arabia. Mozn is a trusted analytics partner for the largest government organizations in Saudi Arabia, as well as many large corporations and startups. We are in a critical stage of scaling the company to build institutional analytics knowledge within Mozn and Saudi Arabia. It is an exciting time to work in Saudi Arabia; through Vision 2030, the rate of social and industrial change is staggering.
We are seeking a highly skilled and experienced Principal Engineer - Application Security / DevSecOps to lead and enhance our applications security posture. The ideal candidate will have deep expertise in secure software development, DevSecOps practices, threat modeling, and security frameworks. This role is for an expert who will design, implement, and maintain robust security measures across the software development lifecycle (SDLC) and DevOps pipeline.
Requirements
Technical Leadership:
- Develop and drive the strategic roadmap for application security and DevSecOps within the organization.
- Collaborate with engineering, operations, and product teams to integrate security best practices seamlessly into SDLC and CI/CD pipelines.
- Advocate for a security-first culture across the organization.
Technical Expertise:
- Design and implement security solutions for cloud-native, microservices-based, and legacy applications.
- Integrate automated security tools into CI/CD pipelines (e.g., SAST, DAST, SCA, IAST, and RASP).
- Develop and maintain threat models to identify and mitigate risks proactively.
- Establish and enforce coding standards and guidelines for secure coding practices.
Operational Excellence:
- Monitor, analyze, and respond to application and system vulnerabilities.
- Lead vulnerability management efforts, including prioritization and remediation.
- Conduct security assessments, code reviews, and penetration tests.
- Provide guidance on secure architecture patterns and solutions.
Collaboration and Mentorship:
- Mentor and coach teams to adopt secure development and DevSecOps practices.
- Partner with stakeholders to design and implement security-aware development environments.
- Work with compliance and governance teams to ensure adherence to industry standards (e.g., ISO 27001, GDPR, PCI-DSS, SOC 2).
Continuous Improvement:
- Stay abreast of emerging security threats, technologies, and industry trends.
- Lead initiatives to enhance the organization's security posture and incident response capabilities.
- Measure and report key metrics to track security effectiveness and compliance.
Qualifications:
Educational Background:
- Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related field.
- Relevant certifications such as CISSP, CISM, OSCP, CEH, or AWS/Azure/GCP Security certifications are highly desirable.
Experience:
- Minimum of 8-10 years of experience in application security, DevSecOps, or a related field.
- Proven track record of leading security initiatives in DevOps environments.
- Hands-on experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitHub Actions, GitLab CI/CD).
- Expertise in cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes).
Technical Skills:
- Proficiency in programming and scripting languages (e.g., Python, Java, JavaScript, or Go).
- Strong understanding of OWASP Top 10, SANS/CWE 25, and other security frameworks.
- Knowledge of security tools and platforms (e.g., SonarQube, Veracode, Burp Suite, Aqua, Prisma Cloud).
- Experience with infrastructure-as-code (IaC) security and tools like Terraform and Ansible.
Soft Skills:
- Excellent problem-solving and critical-thinking abilities.
- Strong leadership and communication skills to influence and collaborate with cross-functional teams.
- Ability to manage and prioritize multiple initiatives in a fast-paced environment.
Benefits
We think you'll enjoy working at Mozn. Here's why:
We selectively choose to undertake projects with impact; our users and clients trust us to solve mission-critical problems
We move quickly, but carefully and confidently. Iterations happen on the scale of days to weeks, and we invest considerable effort in minimizing the operational overhead to empower you to do your best work
You will be given a lot of responsibility and trust. We believe that the best results come when the people responsible for a product are given the freedom to do what they think is best
About the Company
Mozn is a Saudi technology company committed to advancing digital humanity through the harnessing of artificial intelligence to build enterprise AI-powered products – FOCAL, the end-to-end Risk and Compliance platform and OSOS, the leading Arabic Gen AI platform – along with tailored AI solutions designed to meet the unique needs of enterprises across various sectors. Know more
Related Jobs
- Company Name
- EnerMech
- Job Title
- Information Security Manager
- Job Description
- We are? We are EnerMech, a specialist service company that delivers safe, integrated solutions for complex energy projects. For over 50 years, we've been energizing our clients across the world with unrivalled expertise, equipment, and technology that supports the entire asset life-cycle - offshore and on land. We enable progress through our three global business lines: Energy Solutions, Infrastructure & Industrial Solutions, and Lifting Solutions. Within these areas, we offer a wide range of services, including cranes, lifting, fluid power, training, equipment rental, pipeline and subsea, process, and valves - all designed to help our clients optimize performance, enhance reliability, and improve efficiency. With a focus on operational excellence, we deliver value through our customized integrated solutions. This approach reduces risk and enhances efficiencies making us a leading and trusted partner every step of the way. The Role and Responsibilities EnerMech have a new opportunity for an experienced Information Security Manager to join our global IT team. The successful candidate will be tasked with leading the awareness and management of cyber security across EnerMech in line with the organisation's risk posture. Specifically you will develop, implement and maintain a comprehensive information security program and work with the Infrastructure team to design and implement security architecture. You should be comfortable reporting to the C-Suite and risk committees on cyber security matters and operational activities. The Requirements Someone who stays up to date with emerging threats and technologies related to cyber security, with extensive experience in information security including in a management or leadership role. You should have a strong knowledge of cyber security frameworks and regulatory requirements specific to the oil and gas industry, hands-on experience in implementing and managing security technologies such as EDR, Firewalls, DLP, and IAM systems and a strong knowledge of the Microsoft environment. Diversity & Inclusion EnerMech is dedicated to fostering a diverse and inclusive organisation. We believe that diversity enriches our team, and we welcome applications from candidates of all backgrounds, cultures, and identities. Company benefits Generous holiday entitlement Pension scheme Private health cover Various staff discount schemes Canteen on site Employee referral scheme
- Company Name
- Mastercard
- Job Title
- Business Security Officer, Vocalink Limited-R-242290
- Job Description
- Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title And Summary Business Security Officer, Vocalink Limited Overview Vocalink Limited, a Mastercard Company, is looking for a Business Security Officer to oversee Vocalink’s information, cyber and technology security. This is an exciting opportunity to lead a team that delivers security for Critical National Infrastructure to key customers in the United Kingdom. The services we offer to our customers in the United Kingdom account for 90% of salaries paid, nearly all benefit payments, all cheques cleared and the majority of ATM transactions. These roles do not come around very often, and you would be joining a high functioning team dedicated to ensuring that this service remains robust, secure, and seamless for 60+million citizens every day – in numbers, that is 11 billion transactions every year with a value of over £10 trillion. The Vocalink Business Security Officer (BSO) is a senior management role, with dual reporting lines to the Vocalink Limited Chief Executive Officer, as well as to the Mastercard Chief Security Officer. Vocalink has confidence that its security work streams are executed in a timely and effective manner with appropriate governance and communication updates. This ensures that security initiatives are focused on balancing business needs and security controls that align with Vocalink’s position as a supplier of Critical National Infrastructure services. The communications and outcomes managed by the role will also form evidential artefacts for audit purposes and articulate effective Cyber resilience capabilities as defined by regulators. All candidates will need to go through the non-objection process with the Bank of England before they are able to take up the role. The role holder will: Develop, implement and enforce security policies to protect critical data and infrastructure Provide guidance on Vocalink’s Cybersecurity programme on a strategic level and ensure Vocalink remains compliant with Security standards, policies, regulations and legislation. Oversee the day-to-day technical activities of the Security team such as Security Operations and Incident Response, Governance, Risk, and Compliance, Vulnerability Management, Physical Security and Business Continuity Planning Convey security risks and potential threats to senior executives, the Vocalink Board, the Mastercard Group, Regulators and Government, including inward-facing committees as well as outward-facing customer and client committees, in business terms, present solutions, and provide actionable insights backed by data Ensure UK Core Services meet or exceed contracted and regulated obligations for Vocalink’s customers as well as the Bank of England Promote a culture of strong security and facilitate security cultural change across the organisation Oversee Vocalink’s cyber controls framework Use the allocated budget for Vocalink security programs efficiently and effectively and help Vocalink make smart decisions when it comes to investing in Cybersecurity Lead, manage and deliver outcomes whilst working as part of a larger matrixed organisation. Take the lead in championing the corporate values, through the implementation of robust processes, standard procedures, and quality working practices. Maintain Vocalink’s and Mastercard's security profile across the industry through relationships with relevant external parties together with presentations and media coverage where appropriate. 3LoD role in line within the Risk Management Framework with accountability for the identification, mitigation and management of 1st line risks and operation of key controls Strong leadership and management of the Vocalink security team of approximately 60 FTE Knowledge Skills And Experience Extensive experience working and operating effectively at executive level in global financial service organisations including working with a Board of Directors Relevant experience of working in a complex (preferably multi-national) stakeholder environment that includes complex customers and experience of working with regulators Experience engaging with and reporting into a Board of Directors Deep expertise in cybersecurity and reporting standards Experience collaborating cross-functionally to identify and implement best practice security, logging, and monitoring processes. Understanding of CPMI-IOSCO Annex F and its impact on Financial Market Infrastructure provision. Strong influencing skills; organizationally savvy Ethics – strong personal and professional ethics Highly motivated and conscientious individual Strategic thinker – able to develop and communicate direction Ability to motivate, inspire and lead people effectively Corporate Security Responsibility All Activities Involving Access To Mastercard Assets, Information, And Networks Comes With An Inherent Risk To The Organization And, Therefore, It Is Expected That Every Person Working For, Or On Behalf Of, Mastercard Is Responsible For Information Security And Must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines. R-242290
- Company Name
- Bonhill Partners
- Job Title
- Cyber Security Engineer
- Job Description
- Bonhill Partners are looking for a highly motivated and detail-oriented Associate Cyber Security Engineer to join an exciting Fintech based in London. Salary: £40k - 60k DOE Location: London, Victoria (3 days per week in office) Responsibilities/Requirements: 1-5 years experience in a Security role, collaborating with IT/Ops. Assist in Threat and Vulnerability Management, including identifying, assessing, and mitigating security risks. Support Identity and Access Management (IAM) by ensuring proper user authentication, authorisation, and account security. Monitor and analyse security alerts, logs, and reports to detect and respond to potential threats. Collaborate with different teams to implement security controls and best practices. Conduct security assessments and contribute to the development of security policies and procedures. Stay updated on emerging security threats, trends, and technologies.
- Company Name
- Wiz
- Job Title
- Cloud Security Research Engineer
- Job Description
- Come join the company that is reinventing cloud security and empowering businesses to thrive in the cloud. As the fastest-growing startup ever, Wiz is on a mission to help organizations secure cloud environments that will accelerate their businesses. Trusted by security teams all over the world, we have a proven track record of success and a culture that values world-class talent. Our Wizards from over 13 countries work together to protect the infrastructure of our hundreds of customers, including over 45% of the Fortune 100, who trust us to scan and secure over 230 billion files daily. We’re the leading player in a massive and growing market, but it’s still early enough for you to make a significant impact. At Wiz, you’ll have the freedom to think creatively, dream big, and use your full range of skills to contribute to our record growth. Come join our team and help us create secure cloud environments that allow the best companies to move faster. Summary We’re looking for a Cloud Security Research Engineer to join the Product team and spread the power of Wiz. In this role, you’ll play a key part in safeguarding our customers' cloud environments from cyber threats. Your contributions will directly impact customer success and advance the field of cloud security. This isn’t just a job—it’s a significant growth opportunity. You’ll gain practical experience that can lead to exciting career paths in product management, research, or development. What You’ll Do Research, innovate, and develop cutting-edge detection mechanisms, advanced algorithms, and automated solutions to precisely identify and categorize technologies within complex cloud environments. Conduct comprehensive analysis of cloud services, APIs, and log payloads to ensure strict adherence to industry standards and customer-specific requirements. Continuously update knowledge and skills to stay abreast of the latest technologies and emerging trends in the industry. Implement customer requests and industry-standard practices to establish Wiz as a market leader in cloud security. Collaborate closely with our Research and Backend teams to leverage their expertise in developing and refining technical solutions. What You’ll Bring Hands-on proficiency in Linux, Windows, Python, Bash, Docker, Kubernetes, PowerShell, and a strong understanding of the OSI model. Solid knowledge of networking concepts and cloud infrastructure. Proven experience in applying cybersecurity best practices to real-world scenarios. Self-motivated and capable of working both independently and collaboratively within a team. Strong communication skills. Wiz is on a mission to build a special company. To achieve our goal, we are focused on hiring Wizards with different backgrounds, perspectives, and experiences. Wiz is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. By submitting your application, you acknowledge that Wiz will process your personal data in accordance with Wiz's Privacy Policy.