Senior Application Security Champion

TEKsystems•Chandler, AZ

2d•Hybrid

About The Position

This role focuses on scaling the Application Security Champions (ASC) Community of Practice (CoP) by providing enablement, tooling, and standards to integrate AppSec into decentralized teams. The position aligns ASC initiatives with tiered control adoption and a quarterly roadmap. Key responsibilities include operationalizing AI security (LLM/GenAI) through adversarial testing, defining AI testing standards, performing vulnerability validation, and developing AI security playbooks and training. The role also involves developing ASC playbooks for threat modeling and secure design, rolling out CI/CD-integrated controls, establishing ASC KPIs, coordinating migration planning, facilitating escalations, promoting security awareness, acting as a liaison between development and security teams, leading security enablement activities, supporting secure development practices through code reviews and threat modeling, and contributing to organizational security standards.

Requirements

Application security
Owasp
Experience establishing champions programs or communities of practice.
Certifications: CSSLP, CRISC, or leadership-focused credentials.

Responsibilities

Operationalize LLM adversarial testing (e.g., garak-based testing) and integrate into CI/CD as a standard control for AI-enabled applications.
Define and maintain AI "Golden Test Suites" that AI-enabled applications must pass prior to deployment.
Perform advanced AI vulnerability validation and triage; distinguish true vulnerabilities from model limitations and false positives within application context.
Conduct manual adversarial testing (multi-turn prompt injection, jailbreak attempts, indirect injection) when automated tooling is insufficient.
Develop AI Security playbooks and tiered training/certification to mature ASCs from finding review to adversarial testing capability.
Map AI security findings to industry frameworks (OWASP Top 10 for LLMs, MITRE ATLAS) and ensure tracking/remediation through existing Jira/AVR workflows.
Develop ASC playbooks, training, and office hours for threat modeling and secure design.
Roll out CI/CD-integrated controls and AVR workflows.
Establish ASC KPIs and dashboards; report progress and compliance coverage.
Coordinate migration planning with application owners; track risks and dependencies.
Facilitate escalations and cross-functional alignment with SMEs and governance.
Promote security awareness and culture by educating teams on secure coding practices, potential threats, and encouraging open dialogue around security.
Act as the primary liaison between development teams and the security organization to ensure clear communication, timely resolution of security concerns, and alignment with security priorities.
Lead security enablement activities, including training sessions, workshops, and hands on exercises to enhance team security skills.
Support secure development practices by performing secure code reviews, participating in threat modeling sessions, and assisting teams with effective use of security testing tools and automated scans.
Contribute to organizational security standards by providing practical feedback and helping refine procedures to ensure they remain effective and adoptable across teams.