As a Principal Security Engineer, you will partner closely with engineering teams to design and implement secure development practices, integrate security into our CI/CD pipeline, and lead security and design reviews.
You’ll bring deep expertise in DevSecOps, application security, hands‑on experience securing web applications and APIs, and a strong understanding of modern development workflows. This is a unique opportunity to shape the future of our security program while working in a high‑ownership, high‑impact environment.
What you will do
- Architect and integrate security tooling directly into CI/CD pipelines to automate the detection and prevention of vulnerabilities, ensuring "shift-left" security at scale.
- Lead threat modeling and secure design reviews for web applications, APIs, and cloud services.
- Oversee the end-to-end product vulnerability lifecycle, from issue triage, prioritization, remediation support, with clear risk communication.
- Drive secure coding standards, develop playbooks, and provide hand‑on training and mentorship to instill a security‑first mindset across the organization.
- Design and scale secure development practices by collaborating cross-functionally with engineering teams throughout the entire software lifecycle.
- Engage with customers during security reviews.
What you bring to the table
- 10+ years in security, with a focus on DevSecOps and security design reviews
- Hands‑on experience with secure coding, OWASP Top 10, threat modeling, and SDLC integration
- Experience with GitHub/GitLab, CI/CD, IaC, and containerized environments
- Experience deploying and working with SAST tooling (e.g. Semgrep, Snyk)
- Experience developing in Python and Go.
- Track record of balancing pragmatism and security rigor in a fast‑paced setting.
Nice to Have Skills
- Understanding of AI security fundamentals and how application security and AI security intersect
- Experience securing cloud infrastructure
- Participation in bug bounty programs and managing security disclosure
- Familiarity with the BSIMM framework
- Experience in cloud security including identity and access management and cloud‑native services.
What we offer
Build what actually matters
Help shape an AI‑native engineering company at a formative stage, tackling problems that genuinely matter for industry and society. This is work with real‑world impact – and something you can be proud to stand behind.
Learn alongside exceptional people
Work with a high‑caliber, collaborative team of engineers, scientists, and operators who care deeply about doing great work, and about helping each other get better. We come from diverse backgrounds, but we share a commitment to operating at the highest level and addressing some of the most complex challenges out there. If you’re ambitious, thoughtful, and driven by impact, you’ll feel at home.
Influence over hierarchy
We operate with a flat structure: good ideas win – wherever they come from. Questioning assumptions and challenging the status quo isn’t just welcomed, it’s expected.
Building meaningful technology is a marathon, not a sprint. We believe in balancing focused, ambitious work with a life beyond it. Our hybrid model blends time together in our New York office with work‑from‑home days, giving you the flexibility to work sustainably while staying connected in person.
Equity options; 10% pension employer contribution; 25 days holiday plus public holidays; private health insurance; enhanced parental leave; free lunch onsite.
#J-18808-Ljbffr”, “datePosted”: “2026-04-30”, “hiringOrganization”: { “@type”: “Organization”, “name”: “PhysicsX”, “sameAs”: “https://uk.whatjobs.com/pub_api__cpl__417961753__4861?utm_campaign=publisher&utm_medium=api&utm_source=4861&geoID=33” }, “jobLocation”: { “@type”: “Place”, “address”: { “@type”: “PostalAddress”, “addressLocality”: “London” } } }As a Principal Security Engineer, you will partner closely with engineering teams to design and implement secure development practices, integrate security into our CI/CD pipeline, and lead security and design reviews.
You’ll bring deep expertise in DevSecOps, application security, hands‑on experience securing web applications and APIs, and a strong understanding of modern development workflows. This is a unique opportunity to shape the future of our security program while working in a high‑ownership, high‑impact environment.
What you will do
- Architect and integrate security tooling directly into CI/CD pipelines to automate the detection and prevention of vulnerabilities, ensuring “shift-left” security at scale.
- Lead threat modeling and secure design reviews for web applications, APIs, and cloud services.
- Oversee the end-to-end product vulnerability lifecycle, from issue triage, prioritization, remediation support, with clear risk communication.
- Drive secure coding standards, develop playbooks, and provide hand‑on training and mentorship to instill a security‑first mindset across the organization.
- Design and scale secure development practices by collaborating cross-functionally with engineering teams throughout the entire software lifecycle.
- Engage with customers during security reviews.
What you bring to the table
- 10+ years in security, with a focus on DevSecOps and security design reviews
- Hands‑on experience with secure coding, OWASP Top 10, threat modeling, and SDLC integration
- Experience with GitHub/GitLab, CI/CD, IaC, and containerized environments
- Experience deploying and working with SAST tooling (e.g. Semgrep, Snyk)
- Experience developing in Python and Go.
- Track record of balancing pragmatism and security rigor in a fast‑paced setting.
Nice to Have Skills
- Understanding of AI security fundamentals and how application security and AI security intersect
- Experience securing cloud infrastructure
- Participation in bug bounty programs and managing security disclosure
- Familiarity with the BSIMM framework
- Experience in cloud security including identity and access management and cloud‑native services.
What we offer
Build what actually matters
Help shape an AI‑native engineering company at a formative stage, tackling problems that genuinely matter for industry and society. This is work with real‑world impact – and something you can be proud to stand behind.
Learn alongside exceptional people
Work with a high‑caliber, collaborative team of engineers, scientists, and operators who care deeply about doing great work, and about helping each other get better. We come from diverse backgrounds, but we share a commitment to operating at the highest level and addressing some of the most complex challenges out there. If you’re ambitious, thoughtful, and driven by impact, you’ll feel at home.
Influence over hierarchy
We operate with a flat structure: good ideas win – wherever they come from. Questioning assumptions and challenging the status quo isn’t just welcomed, it’s expected.
Building meaningful technology is a marathon, not a sprint. We believe in balancing focused, ambitious work with a life beyond it. Our hybrid model blends time together in our New York office with work‑from‑home days, giving you the flexibility to work sustainably while staying connected in person.
Equity options; 10% pension employer contribution; 25 days holiday plus public holidays; private health insurance; enhanced parental leave; free lunch onsite.
#J-18808-Ljbffr…