Principal Security Engineer – DevSecOps and Security Architect London

PhysicsX is a deep-tech company with roots in numerical physics and Formula One, dedicated to accelerating hardware innovation at the speed of software. We are building an AI-driven simulation software stack for engineering and manufacturing across advanced industries. By enabling high-fidelity, multi-physics simulation through AI inference across the entire engineering lifecycle, PhysicsX unlocks new levels of optimization and automation in design, manufacturing, and operations — empowering engineers to push the boundaries of possibility. Our customers include leading innovators in Aerospace & Defense, Materials, Energy, Semiconductors, and Automotive.

As a Principal Security Engineer, you will partner closely with engineering teams to design and implement secure development practices, integrate security into our CI/CD pipeline, and lead security and design reviews. You’ll bring deep expertise in DevSecOps, application security, hands-on experience securing web applications and APIs, and a strong understanding of modern development workflows. This is a unique opportunity to shape the future of our security program while working in a high-ownership, high-impact environment.

What you will do:

• Architect and integrate security tooling directly into CI/CD pipelines to automate the detection and prevention of vulnerabilities, ensuring "shift-left" security at scale.
• Lead threat modeling and secure design reviews for web applications, APIs, and cloud services.
• Oversee the end-to-end product vulnerability lifecycle, from issue triage, prioritization, remediation support, with clear risk communication.
• Drive secure coding standards, develop playbooks, and provide hands-on training and mentorship to instill a security-first mindset across the organization.
• Design and scale secure development practices by collaborating cross-functionally with engineering teams throughout the entire software lifecycle.
• Engage with customers during security reviews.

What you bring to the table:

• 10+ years in security, with a focus on DevSecOps and security design reviews.
• Hands-on experience with secure coding, OWASP Top 10, threat modeling, and SDLC integration.
• Experience with GitHub/GitLab, CI/CD, IaC, and containerized environments.
• Experience deploying and working with SAST tooling (e.g. Semgrep, Snyk).
• Experience developing in Python and Go.
• Track record of balancing pragmatism and security rigor in a fast-paced setting.

Nice to Have Skills:

• Understanding of AI security fundamentals and how application security and AI security intersect.
• Experience securing cloud infrastructure.
• Participation in bug bounty programs and managing security disclosure.
• Familiarity with the BSIMM framework.
• Experience in cloud security including identity and access management and cloud-native services.

We value diversity and are committed to equal employment opportunity regardless of sex, race, religion, ethnicity, nationality, disability, age, sexual orientation or gender identity. We strongly encourage individuals from groups traditionally underrepresented in tech to apply. To help make a change, we sponsor bright women from disadvantaged backgrounds through their university degrees in science and mathematics. We collect diversity and inclusion data solely for the purpose of monitoring the effectiveness of our equal opportunities policies and ensuring compliance with UK employment and equality legislation. This information is confidential, used only in aggregate form, and will not influence the outcome of your application.