Principal Security Engineer – DevSecOps and Security Architect

About us PhysicsX is a deep-tech company with roots in numerical physics and Formula One, dedicated to accelerating hardware innovation at the speed of software. We are building an AI-driven simulation software stack for engineering and manufacturing across advanced industries. By enabling high-fidelity, multi-physics simulation through AI inference across the entire engineering lifecycle, PhysicsX unlocks new levels of optimization and automation in design, manufacturing, and operations — empowering engineers to push the boundaries of possibility. Our customers include leading innovators in Aerospace & Defense, Materials, Energy, Semiconductors, and Automotive. The Role As a Principal Security Engineer, you will partner closely with engineering teams to design and implement secure development practices, integrate security into our CI/CD pipeline, and lead security and design reviews. You’ll bring deep expertise in DevSecOps, application security, hands-on experience securing web applications and APIs, and a strong understanding of modern development workflows. This is a unique opportunity to shape the future of our security program while working in a high-ownership, high-impact environment. What you will do Architect and integrate security tooling directly into CI/CD pipelines to automate the detection and prevention of vulnerabilities, ensuring "shift-left" security at scale. Lead threat modeling and secure design reviews for web applications, APIs, and cloud services. Oversee the end-to-end product vulnerability lifecycle, from issue triage, prioritization, remediation support, with clear risk communication. Drive secure coding standards, develop playbooks, and provide hand-on training and mentorship to instill a security-first mindset across the organization. Design and scale secure development practices by collaborating cross-functionally with engineering teams throughout the entire software lifecycle. Engage with customers during security reviews What you bring to the table 10+ years in security, with a focus on DevSecOps and security design reviews Hands-on experience with secure coding, OWASP Top 10, threat modeling, and SDLC integration Experience with GitHub/GitLab, CI/CD, IaC, and containerized environments Experience deploying and working with SAST tooling (e.g. Semgrep, Snyk) Experience developing in Python and Go. Track record of balancing pragmatism and security rigor in a fast-paced setting Strong communication skills Nice to Have Skills Understanding of AI security fundamentals and how application security and AI security intersect Experience securing cloud infrastructure Participation in bug bounty programs and managing security disclosure Familiarity with the BSIMM framework Experience in cloud security including identity and access management and cloud-native services. What we offer Build what actually matters Help shape an AI-native engineering company at a formative stage, tackling problems that genuinely matter for industry and society. This is work with real-world impact - and something you can be proud to stand behind. Learn alongside exceptional people Work with a high-caliber, collaborative team of engineers, scientists, and operators who care deeply about doing great work, and about helping each other get better. We come from diverse backgrounds, but we share a commitment to operating at the highest level and addressing some of the most complex challenges out there. If you’re ambitious, thoughtful, and driven by impact, you’ll feel at home. Influence over hierarchy We operate with a flat structure: good ideas win - wherever they come from. Questioning assumptions and challenging the status quo isn’t just welcomed, it’s expected. Sustainable pace, long-term ambition Building meaningful technology is a marathon, not a sprint. We believe in balancing focused, ambitious work with a life beyond it. Our hybrid model blends time together in our New York office with work-from-home days, giving you the flexibility to work sustainably while staying connected in person. And it doesn’t stop there … 🚀  Equity options  - share meaningfully in the company you’re helping to build. 💰  5% contribution to   401(k)   - build long-term security with a strong retirement plan. 🍽️  Free team lunch 1x/week   - good food, great company, and space to connect. 🏥  Private health insurance  – comprehensive cover for you, offering total peace of mind. 👶  Enhanced parental leave  – 3 months full pay paternity and 6 months full pay maternity leave, to provide extra flexibility during the moments that matter most. ☀️ 20 days of Annual Leave (+ Public Holidays)   - because taking time to rest matters. 📈  Personal development  – dedicated support for learning, development, and leveling up over time. 💪  Gympass / Wellhub (subsidized)  – for you and up to 3 family members, supportin