Summary MathWorks has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in-person time with colleagues and flexible at-home life optimizations. Learn More: https://www.mathworks.com/company/jobs/resources/applying-and-interviewing.html#onboarding. We’re looking for a hands-on, highly collaborative Principal Security Engineer to secure our software delivery pipeline. You’ll take ownership of protecting our CI/CD processes, Artifactory, and Internal Developer Platform against supply chain risks and malware attacks. This is a technical, impact-driven role where your expertise in threat modeling, security architecture, and systems design will shape our approach to secure software delivery at scale. MathWorks nurtures growth, appreciates inclusivity, encourages initiative, values teamwork, shares success, and rewards excellence. Responsibilities
Design, implement, and continuously improve security controls across our CI/CD pipeline, Artifactory, and developer platforms
Collaborate with various teams and key stakeholders within the organization to embed security best practices in software delivery workflows
Lead threat modeling and risk assessments for our build and release pipelines
Build and deploy custom security solutions and integrations as needed
Monitor, detect, and respond to threats targeting our development infrastructure
Drive innovation in automation, security architecture, and systems design
Foster a strong security culture through knowledge sharing and mentorship
Stay ahead of the latest threats, attacker methodologies, and evolving security trends to continuously refine our efforts
Minimum Qualifications
A bachelor's degree and 10 years of professional work experience (or equivalent experience) is required.
Additional Qualifications
Proficiency in programming languages such as Python, Rust, or Go
Experience with security threat modeling, penetration testing, and security reviews.
Deep understanding of the software development lifecycle (SDLC), particularly in large, complex enterprise environments, and a passion for improving the developer experience
Deep understanding of modern attack vectors targeting software supply-chain through malicious code, third-party libraries, and CI/CD systems
Advanced knowledge of developer tools, internal build and dependency systems
Experience with trusted software supply chain concepts, including security standards and best practices (e.g., SLSA), dependency/package management, vulnerability scanning, signing, provenance, and tools such as TeamCity, Jenkins, GitHub, GitLab, Artifactory, and Kubernetes
Experience with Cloud Native Computing Foundation (CNCF) projects related to CI/CD, security, and developer workflow
Ability to collaborate with large, distributed engineering teams to contextualize and prioritize supply chain threats