Principal Security Engineer – DevSecOps and Security Architect

About us

PhysicsX is a deep-tech company with roots in numerical physics and Formula One, dedicated to accelerating hardware innovation at the speed of software. We are building an AI-driven simulation software stack for engineering and manufacturing across advanced industries. By enabling high-fidelity, multi-physics simulation through AI inference across the entire engineering lifecycle, PhysicsX unlocks new levels of optimization and automation in design, manufacturing, and operations — empowering engineers to push the boundaries of possibility. Our customers include leading innovators in Aerospace & Defense, Materials, Energy, Semiconductors, and Automotive.

The Role

As a Principal Security Engineer, you will partner closely with engineering teams to design and implement secure development practices, integrate security into our CI/CD pipeline, and lead security and design reviews.

You’ll bring deep expertise in DevSecOps, application security, hands-on experience securing web applications and APIs, and a strong understanding of modern development workflows. This is a unique opportunity to shape the future of our security program while working in a high-ownership, high-impact environment.

What you will do

• Architect and integrate security tooling directly into CI/CD pipelines to automate the detection and prevention of vulnerabilities, ensuring "shift-left" security at scale.
• Lead threat modeling and secure design reviews for web applications, APIs, and cloud services.
• Oversee the end-to-end product vulnerability lifecycle, from issue triage, prioritization, remediation support, with clear risk communication.
• Drive secure coding standards, develop playbooks, and provide hand-on training and mentorship to instill a security-first mindset across the organization.
• Design and scale secure development practices by collaborating cross-functionally with engineering teams throughout the entire software lifecycle.
• Engage with customers during security reviews

What you bring to the table

• 10+ years in security, with a focus on DevSecOps and security design reviews
• Hands-on experience with secure coding, OWASP Top 10, threat modeling, and SDLC integration
• Experience with GitHub/GitLab, CI/CD, IaC, and containerized environments
• Experience deploying and working with SAST tooling (e.g. Semgrep, Snyk)
• Experience developing in Python and Go.
• Track record of balancing pragmatism and security rigor in a fast-paced setting
• Strong communication skills

Nice to Have Skills

• Understanding of AI security fundamentals and how application security and AI security intersect
• Experience securing cloud infrastructure
• Participation in bug bounty programs and managing security disclosure
• Familiarity with the BSIMM framework
• Experience in cloud security including identity and access management and cloud-native services.

What we offer

Build what actually matters

Help shape an AI-native engineering company at a formative stage, tackling problems that genuinely matter for industry and society. This is work with real-world impact - and something you can be proud to stand behind.

Learn alongside exceptional people

Work with a high-caliber, collaborative team of engineers, scientists, and operators who care deeply about doing great work, and about helping each other get better. We come from diverse backgrounds, but we share a commitment to operating at the highest level and addressing some of the most complex challenges out there. If you’re ambitious, thoughtful, and driven by impact, you’ll feel at home.

Influence over hierarchy

We operate with a flat structure: good ideas win - wherever they come from. Questioning assumptions and challenging the status quo isn’t just welcomed, it’s expected.

Sustainable pace, long-term ambition

Building meaningful technology is a marathon, not a sprint. We believe in balancing focused, ambitious work with a life beyond it. Our hybrid model blends time together in our New York office with work-from-home days, giving you the flexibility to work sustainably while staying connected in person.

And it doesn’t stop there …

🚀Equity options - share meaningfully in the company you’re helping to build.

💰5% contribution to401(k) - build long-term security with a strong retirement plan.

🍽️Free team lunch 1x/week - good food, great company, and space to connect.

🏥Private health insurance – comprehensive cover for you, offering total peace of mind.

👶Enhanced parental leave – 3 months full pay paternity and 6 months full pay maternity leave, to provide extra flexibility during the moments that matter most.

☀️ 20 days of Annual Leave (+ Public Holidays) - because taking time to rest matters.

📈Personal development – dedicated support for learning, development, and leveling up over time.

💪Gympass / Wellhub (subsidized) – for you and up to 3 family members, supporting both physical and mental wellbeing.

💳Flexible Spending Account (FSA) – set aside pre-tax dollars for eligible healthcare expenses.

🔎 Watch this space, we’re continuing to build this as we grow…

Salary for this position is from $200,000 to $300,000

We value diversity and are committed to equal employment opportunity regardless of sex, race, religion, ethnicity, nationality, disability, age, sexual orientation or gender identity. We strongly encourage individuals from groups traditionally underrepresented in tech to apply. To help make a change, we sponsor bright women from disadvantaged backgrounds through their university degrees in science and mathematics. We collect diversity and inclusion data solely for the purpose of monitoring the effectiveness of our equal opportunities policies and ensuring compliance with UK employment and equality legislation. This information is confidential, used only in aggregate form, and will not influence the outcome of your application.