The Role
As a Principal Security Engineer, you will partner closely with engineering teams to design and implement secure development practices, integrate security into our CI/CD pipeline, and lead security and design reviews.
You’ll bring deep expertise in DevSecOps, application security, hands-on experience securing web applications and APIs, and a strong understanding of modern development workflows. This is a unique opportunity to shape the future of our security program while working in a high-ownership, high-impact environment.
What you will do
- Architect and integrate security tooling directly into CI/CD pipelines to automate the detection and prevention of vulnerabilities, ensuring "shift-left" security at scale.
- Lead threat modeling and secure design reviews for web applications, APIs, and cloud services.
- Oversee the end-to-end product vulnerability lifecycle, from issue triage, prioritization, remediation support, with clear risk communication.
- Drive secure coding standards, develop playbooks, and provide hand-on training and mentorship to instill a security-first mindset across the organization.
- Design and scale secure development practices by collaborating cross-functionally with engineering teams throughout the entire software lifecycle.
- Engage with customers during security reviews
What you bring to the table
- 10+ years in security, with a focus on DevSecOps and security design reviews
- Hands-on experience with secure coding, OWASP Top 10, threat modeling, and SDLC integration
- Experience with GitHub/GitLab, CI/CD, IaC, and containerized environments
- Experience deploying and working with SAST tooling (e.g. Semgrep, Snyk)
- Experience developing in Python and Go.
- Track record of balancing pragmatism and security rigor in a fast-paced setting
- Strong communication skills
Nice to Have Skills
- Understanding of AI security fundamentals and how application security and AI security intersect
- Experience securing cloud infrastructure
- Participation in bug bounty programs and managing security disclosure
- Familiarity with the BSIMM framework
- Experience in cloud security including identity and access management and cloud-native services.
Salary for this position is from $200,000 to $300,000
Similar Jobs
What We Do
PhysicsX is a deep-tech company of scientists and engineers, developing machine learning applications to accelerate physics simulations and enable a new frontier of optimization opportunities in design and engineering. Born out of numerical physics, we help our customers radically improve their concepts and designs, transform their engineering processes and drive operational product performance. We do this in some of the most advanced and important industries of our time – including Space, Aerospace, Medical Devices, Additive Manufacturing, Electric Vehicles, Motorsport, and Renewables. Our work creates positive impact for society, be it by improving the design of artificial hearts, reducing CO2 emissions from aircraft and road vehicles, and increasing the performance of wind turbines. We are currently recruiting for multiple positions, however please only apply for the role that best aligns with your skillset and career goals. We do not currently offer work experience
