Principal Security Engineer – DevSecOps and Security Architect

🔒 Confidential Employer
Posted 8 May 2026
LOCATION
New York City or London
TYPE
Full-time
LEVEL
Director
SALARY
£300,000 / year
CATEGORY
Cyber Security
This employer holds a UK Home Office sponsor license — sponsorship for this specific role is at the employer’s discretion

SKILLS

DevSecOps CI/CD pipeline integration Secure coding (OWASP Top 10) Threat modeling Python Go SAST tooling (Semgrep, Snyk) Cloud security

FULL DESCRIPTION

Principal Security Engineer – DevSecOps and Security Architect

[Employer hidden — sign up to reveal] is a deep-tech company with roots in numerical physics and Formula One. We are building an AI-driven simulation software stack. This role is based in New York City or London.

About Us

[Employer hidden — sign up to reveal] is a deep-tech company with roots in numerical physics and Formula One, dedicated to accelerating hardware innovation at the speed of software. Our customers include leading innovators in Aerospace & Defense, Materials, Energy, Semiconductors, and Automotive.

The Role

As a Principal Security Engineer, you will partner closely with engineering teams to design and implement secure development practices, integrate security into our CI/CD pipeline, and lead security and design reviews. You’ll bring deep expertise in DevSecOps, application security, hands-on experience securing web applications and APIs, and a strong understanding of modern development workflows.

What You Will Do

  • Architect and integrate security tooling directly into CI/CD pipelines to automate the detection and prevention of vulnerabilities, ensuring 'shift-left' security at scale.
  • Lead threat modeling and secure design reviews for web applications, APIs, and cloud services.
  • Oversee the end-to-end product vulnerability lifecycle, from issue triage, prioritization, remediation support, with clear risk communication.
  • Drive secure coding standards, develop playbooks, and provide hands-on training and mentorship.
  • Design and scale secure development practices by collaborating cross-functionally with engineering teams.
  • Engage with customers during security reviews.

What You Bring to the Table

  • 10+ years in security, with a focus on DevSecOps and security design reviews
  • Hands-on experience with secure coding, OWASP Top 10, threat modeling, and SDLC integration
  • Experience with GitHub/GitLab, CI/CD, IaC, and containerized environments
  • Experience deploying and working with SAST tooling (e.g. Semgrep, Snyk)
  • Experience developing in Python and Go.
  • Track record of balancing pragmatism and security rigor in a fast-paced setting
  • Strong communication skills

Nice to Have Skills

  • Understanding of AI security fundamentals
  • Experience securing cloud infrastructure
  • Participation in bug bounty programs
  • Familiarity with BSIMM framework
  • Experience in cloud security including IAM

What We Offer

Build what actually matters. Learn alongside exceptional people. Influence over hierarchy. Sustainable pace, long-term ambition. UK Benefits: Equity options; 10% pension employer contribution; 25 days holiday plus public holidays; private health insurance; enhanced parental leave; free lunch onsite. US Benefits: Equity options; 5% 401(k) contribution; free team lunch 1x/week; private health insurance; enhanced parental leave; 20 days annual leave + public holidays; personal development; Gympass/Wellhub; Flexible Spending Account.

Salary for this position in the USA is from $200,000 to $300,000.

Sign up free — access 45,000+ UK sponsor-licensed jobs