Edtech.com's Summary

MathWorks is hiring a Principal Security Engineer to secure their software delivery pipeline. The role involves designing and improving security controls for CI/CD processes, Artifactory, and the Internal Developer Platform, as well as leading threat modeling, risk assessments, and building custom security solutions.

Highlights

Design and enhance security controls across CI/CD pipelines and developer platforms
Collaborate with teams to integrate security best practices into software delivery workflows
Lead threat modeling, risk assessments, and response to development infrastructure threats
Develop and deploy custom security solutions and automation
Mentor and promote a strong security culture within the organization
Proficient in programming languages such as Python, Rust, or Go
Experienced with security threat modeling, penetration testing, and security reviews
Strong understanding of SDLC and supply chain security standards like SLSA
Knowledgeable about developer tools and CI/CD platforms including TeamCity, Jenkins, GitHub, GitLab, Artifactory, and Kubernetes
Salary range: $153,800 - $246,100 per year

Principal Security Engineer Full Description

Principal Security Engineer

Team: Product Development
Location: US-MA-Natick
Salary Range: $153,800 - $246,100

Job Summary

We’re looking for a hands-on, highly collaborative Principal Security Engineer to secure our software delivery pipeline. You’ll take ownership of protecting our CI/CD processes, Artifactory, and Internal Developer Platform against supply chain risks and malware attacks. This is a technical, impact-driven role where your expertise in threat modeling, security architecture, and systems design will shape our approach to secure software delivery at scale.

Responsibilities

Design, implement, and continuously improve security controls across our CI/CD pipeline, Artifactory, and developer platforms
Collaborate with various teams and key stakeholders within the organization to embed security best practices in software delivery workflows
Lead threat modeling and risk assessments for our build and release pipelines
Build and deploy custom security solutions and integrations as needed
Monitor, detect, and respond to threats targeting our development infrastructure
Drive innovation in automation, security architecture, and systems design
Foster a strong security culture through knowledge sharing and mentorship
Stay ahead of the latest threats, attacker methodologies, and evolving security trends to continuously refine our efforts

Minimum Qualifications

A bachelor's degree and 10 years of professional work experience (or equivalent experience) is required.

Additional Qualifications

Proficiency in programming languages such as Python, Rust, or Go
Experience with security threat modeling, penetration testing, and security reviews.
Deep understanding of the software development lifecycle (SDLC), particularly in large, complex enterprise environments, and a passion for improving the developer experience
Deep understanding of modern attack vectors targeting software supply-chain through malicious code, third-party libraries, and CI/CD systems
Advanced knowledge of developer tools, internal build and dependency systems
Experience with trusted software supply chain concepts, including security standards and best practices (e.g., SLSA), dependency/package management, vulnerability scanning, signing, provenance, and tools such as TeamCity, Jenkins, GitHub, GitLab, Artifactory, and Kubernetes
Experience with Cloud Native Computing Foundation (CNCF) projects related to CI/CD, security, and developer workflow
Ability to collaborate with large, distributed engineering teams to contextualize and prioritize supply chain threats

Original Job Description

Principal Security Engineer

Team: Product Development
Location: US-MA-Natick
Salary Range: $153,800 - $246,100

Job Summary

Responsibilities

Design, implement, and continuously improve security controls across our CI/CD pipeline, Artifactory, and developer platforms
Collaborate with various teams and key stakeholders within the organization to embed security best practices in software delivery workflows
Lead threat modeling and risk assessments for our build and release pipelines
Build and deploy custom security solutions and integrations as needed
Monitor, detect, and respond to threats targeting our development infrastructure
Drive innovation in automation, security architecture, and systems design
Foster a strong security culture through knowledge sharing and mentorship
Stay ahead of the latest threats, attacker methodologies, and evolving security trends to continuously refine our efforts

Minimum Qualifications

A bachelor's degree and 10 years of professional work experience (or equivalent experience) is required.

Additional Qualifications

Proficiency in programming languages such as Python, Rust, or Go
Experience with security threat modeling, penetration testing, and security reviews.
Deep understanding of the software development lifecycle (SDLC), particularly in large, complex enterprise environments, and a passion for improving the developer experience
Deep understanding of modern attack vectors targeting software supply-chain through malicious code, third-party libraries, and CI/CD systems
Advanced knowledge of developer tools, internal build and dependency systems
Experience with trusted software supply chain concepts, including security standards and best practices (e.g., SLSA), dependency/package management, vulnerability scanning, signing, provenance, and tools such as TeamCity, Jenkins, GitHub, GitLab, Artifactory, and Kubernetes
Experience with Cloud Native Computing Foundation (CNCF) projects related to CI/CD, security, and developer workflow
Ability to collaborate with large, distributed engineering teams to contextualize and prioritize supply chain threats

Let me find your next job.

Thanks - you're signed up.

Principal Security Engineer

Edtech.com's Summary

Principal Security Engineer Full Description

Principal Security Engineer

Director of Information Security

IT Security Analyst II, Application Security

Associate IT Security Analyst, Governance Risk & Compliance (GRC)

Cyber Information Assurance Analyst

Information Security Assistant