Principal Security Engineer

Overview

Math Works has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in-person time with colleagues and flexible at-home life optimizations. Learn More:

We’re looking for a hands-on, highly collaborative Principal Security Engineer to secure our software delivery pipeline. You’ll take ownership of protecting our CI/CD processes, Artifactory, and Internal Developer Platform against supply chain risks and malware attacks. This is a technical, impact-driven role where your expertise in threat modeling, security architecture, and systems design will shape our approach to secure software delivery at scale.

Math Works nurtures growth, appreciates inclusivity, encourages initiative, values teamwork, shares success, and rewards excellence.

• Design, implement, and continuously improve security controls across our CI/CD pipeline, Artifactory, and developer platforms
• Collaborate with various teams and key stakeholders within the organization to embed security best practices in software delivery workflows
• Lead threat modeling and risk assessments for our build and release pipelines
• Build and deploy custom security solutions and integrations as needed
• Monitor, detect, and respond to threats targeting our development infrastructure
• Drive innovation in automation, security architecture, and systems design
• Foster a strong security culture through knowledge sharing and mentorship
• Stay ahead of the latest threats, attacker methodologies, and evolving security trends to continuously refine our efforts

• A bachelor's degree and 10 years of professional work experience (or equivalent experience) is required.

• Proficiency in programming languages such as Python, Rust, or Go
• Experience with security threat modeling, penetration testing, and security reviews.
• Deep understanding of the software development lifecycle (SDLC), particularly in large, complex enterprise environments, and a passion for improving the developer experience
• Deep understanding of modern attack vectors targeting software supply-chain through malicious code, third-party libraries, and CI/CD systems
• Advanced knowledge of developer tools, internal build and dependency systems
• Experience with trusted software supply chain concepts, including security standards and best practices (e.g., SLSA), dependency/package management, vulnerability scanning, signing, provenance, and tools such as Team City, Jenkins, Git Hub, Git Lab, Artifactory, and Kubernetes
• Experience with Cloud Native Computing Foundation (CNCF) projects related to CI/CD, security, and developer workflow
• Ability to collaborate with large, distributed engineering teams to contextualize and prioritize supply chain threats