Senior Application Security Champion

About The Position

Requirements

• 5+ years of application security experience with developer enablement - Experience with SAST/DAST/ SCA
• Hands on experience securing AI/LLM-enabled applications, including prompt injection and data leakage risk mitigation
• Familiarity with RAG architectures, vector databases, and agentic frameworks- ability to advise on isolation/guardrail patterns
• Deep experience with python to automate security testing and extend/customize adversarial testing probes
• Experience working with developers on secure coding and threat modeling
• Experience with automation and compliance enforcement in CI/CD
• Application security
• Owasp

Nice To Haves

• Experience establishing champions programs or communities of practice.
• Certifications: CSSLP, CRISC, or leadership-focused credentials.
• Background in enterprise governance and metrics.

Responsibilities

• Scale the Application Security Champions (ASC) Community of Practice (CoP)
• Provide enablement, tooling, and standards to embed AppSec into decentralized teams.
• Align ASC initiatives with tiered control adoption and quarterly roadmap.
• Operationalize LLM adversarial testing (e.g., garak-based testing) and integrate into CI/CD as a standard control for AI-enabled applications.
• Define and maintain AI "Golden Test Suites" that AI-enabled applications must pass prior to deployment.
• Perform advanced AI vulnerability validation and triage; distinguish true vulnerabilities from model limitations and false positives within application context.
• Conduct manual adversarial testing (multi-turn prompt injection, jailbreak attempts, indirect injection) when automated tooling is insufficient.
• Develop AI Security playbooks and tiered training/certification to mature ASCs from finding review to adversarial testing capability.
• Map AI security findings to industry frameworks (OWASP Top 10 for LLMs, MITRE ATLAS) and ensure tracking/remediation through existing Jira/AVR workflows.
• Develop ASC playbooks, training, and office hours for threat modeling and secure design.
• Roll out CI/CD-integrated controls and AVR workflows.
• Establish ASC KPIs and dashboards; report progress and compliance coverage.
• Coordinate migration planning with application owners; track risks and dependencies.
• Facilitate escalations and cross-functional alignment with SMEs and governance.
• Promote security awareness and culture by educating teams on secure coding practices, potential threats, and encouraging open dialogue around security.
• Act as the primary liaison between development teams and the security organization to ensure clear communication, timely resolution of security concerns, and alignment with security priorities.
• Lead security enablement activities, including training sessions, workshops, and hands on exercises to enhance team security skills.
• Support secure development practices by performing secure code reviews, participating in threat modeling sessions, and assisting teams with effective use of security testing tools and automated scans.
• Contribute to organizational security standards by providing practical feedback and helping refine procedures to ensure they remain effective and adoptable across teams.

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)