Principal Information Security Engineer

MathWorks has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in-person time with colleagues and flexible at-home life optimizations.

• Enhance and expand vulnerability scanning across MathWorks’ business applications, infrastructure (servers, containers), CI/CD pipelines, and third-party components.
• Lead operational vulnerability management activities, including scanning, triage, and response, especially for expanded scopes and cloud platforms, ensuring compliance.
• Assist in cloud-native application security projects.
• Automate vulnerability management workflows to increase efficiency and repeatability.
• Collaborate with IT and development teams to integrate security practices into the development lifecycle, to enhance DevSecOps capabilities.
• Develop and refine security procedures to reflect best practices in vulnerability management and cloud-native security capabilities.

• A bachelor's degree and 10 years of professional work experience (or equivalent experience) is required.

• Required Knowledge and Education:
• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Understanding of compliance standards (ISO, CMMC, SOC 2, etc.).
• Knowledge of cloud computing platforms (AWS, Azure, GCP), including cloud security best practices.
• Familiarity with cloud-native application security protocols and best practices.

• Required Experience and Skills:
• Experience in information security, specifically in vulnerability management, cloud security, and application security.
• Proven experience with vulnerability scanning tools and operational management in diverse environments.
• Hands-on experience with Cloud-Native Application Protection Platforms (CNAPP), Cloud Posture Management Platforms (CSPM), or similar.
• Skill in automating security processes and workflows for improved efficiency and repeatability.
• Experience with DevSecOps principles and implementing security processes within CI/CD pipelines for cloud-native applications.
• Experience with automation tooling such as Puppet or Ansible.
• Strong analytical skills and the ability to work independently on complex security tasks.