Application Security Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science, Engineering, or related field
• Minimum 2 years of software development or software security experience in an agile environment
• Hands-on experience applying Generative AI and/or ML to security use cases—such as vulnerability triage, threat detection, or secure code review automation—and a strong drive to stay current as AI security tooling evolves.
• Hands-on experience with SAST, DAST, IAST, and SCA tools (e.g., Checkmarx, Fortify, Veracode, SonarQube, Burp Suite, ZAP)
• Fluent in one or more programming languages, such as Python, Java, JavaScript
• Strong knowledge of secure coding principles and application security frameworks
• Familiarity with security tools (e.g., static and dynamic analysis tools, vulnerability scanners)
• Understanding of security standards and regulations (e.g., OWASP, NIST)
• Experience with cloud security best practices in AWS, Azure, or GCP
• Familiarity with AI/LLM-specific security risks including prompt injection, model poisoning, insecure output handling, and the OWASP Top 10 for LLM Applications.
• Strong work ethic with a commitment to meeting business needs and effectively collaborating with global colleagues
• Effective interpersonal skills; ability to collaborate successfully with both technical and non-technical stakeholders
• Ability to articulate complex technical concepts with clarity, supported by effective written and verbal communication skills

Responsibilities

• Evaluate and establish guardrails for the secure use of AI coding assistants (e.g., Copilot, Cursor, Claude) within the engineering organization, including policy development around AI-generated code review, training data exposure risks, and prompt injection vulnerabilities in AI-integrated applications.
• Work closely with development teams to integrate security into the SDLC, including threat modeling, secure code reviews, and security testing.
• Identify, triage, and remediate security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA) tools.
• Conduct manual and automated penetration testing of web, mobile, and cloud applications to detect security flaws.
• Analyze source code using both manual review and AI-assisted code analysis tools (e.g., GitHub Copilot Autofix, Semgrep, or similar) to surface vulnerabilities earlier in the development cycle and deliver actionable, in-context remediation guidance to developers.
• Perform threat modeling to anticipate potential attack vectors and improve security architecture.
• Support and enhance DevSecOps initiatives by integrating AI-assisted security automation within CI/CD pipelines, including AI-powered SAST/DAST tools and LLM-based code scanning to accelerate vulnerability detection at the point of commit.
• Assist in investigating security incidents related to applications and work with engineering teams to remediate threats.
• Educate and mentor developers on OWASP Top 10, SANS 25, and other security best practices.