Senior Application Security Engineer, AI

About The Position

Requirements

• Experience: 5+ years of experience in Product/Application Security, with a strong background in software engineering.
• Demonstrated AI Expertise: Proven experience at the intersection of AI and security, including securing AI workloads and leveraging AI agents to enhance defensive capabilities.
• Modern AppSec: Experience implementing tools and driving for secure outcomes throughout the Secure Software Development Lifecycle including Threat Modeling, Code Scanning, and Penetration testing.
• Automation Mindset: Proven ability to prompt, script, and automate security tasks. You prefer building a tool to solve a problem over fixing it manually.

Responsibilities

• Secure-by-Design Engineering Pipeline Automation: Embed security directly into the development pipeline through intelligent prompting and AI driven agents. Secure-by-Default Code: Collaborate with Engineering to develop and maintain secure microservice templates and libraries that have security controls built in from the start. Supply Chain Protections: Implement controls to secure dependencies, build artifacts, and third party integrations. Partner with engineering to enforce integrity, provenance, and policy checks within build and release workflows.
• AI-Driven Security Testing & Validation Automated Scanning: Evaluate, configure, and implement AI agentic tooling to autonomously test our web applications for vulnerabilities. Simulation & Validation: Use agentic tooling to run proactive simulations based on emerging threats to validate our defenses in real time. Outcome Accountability: Drive adherence to vulnerability remediation SLAs by partnering with engineering teams to track, prioritize, and resolve security issues. Ensure clear ownership, measurable progress, and consistent follow through to reduce risk and maintain accountability.
• AI & Identity Security AI Guardrails: Design and implement technical guardrails for AI Coding Agents and Model Context Protocols (MCP) to ensure safe adoption of AI in the development lifecycle. AI-Driven Tooling: Help operationalize AI based tooling to act as a "GPS" for developers, tuning the system to provide accurate, on demand threat modeling, design, and development advice. Non-Human Identity Management: Partner with engineering to define and implement strategies for managing machine identities across AI systems, including service accounts, API keys, and agent authentication. Enforce least privilege access, credential lifecycle management, and integration with secrets management and CI CD pipelines to reduce risk and prevent misuse.
• Developer Enablement & Security Operations Technical "Pit Crew": Act as the AppSec technical expert for the Security Champions Program. While leadership manages the program logistics, you will be the expert answering complex coding questions and guiding Champions on how to fix vulnerabilities. Contextual Training: Assist in setting up "Just in Time" training campaigns that trigger micro-trainings when engineers introduce vulnerabilities, allowing them to fix their own code. Triage to Automate: Own the initial triage of incoming vulnerability tickets (SAST/SCA). You will use this hands on work to identify the "noise" and pattern match recurring issues, directly informing which guardrails you build next.

Benefits

• Flextime, recognition, and support for autonomous work: Flexible time off with ample learning and development opportunities to continue growing your career. We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events. Great work is rewarded through Bonusly, peer-nominated awards, and more.
• Holistic health and wellness benefits: Company-paid medical, dental, and vision (with 100% employer paid options and 90% coverage for dependents), FSA and HSA, 401k match, and telehealth options including memberships to One Medical.
• Support for Titans at all stages of life: Parental leave and support, up to $20k in fertility services (i.e. IUI and IVF), surrogacy, and adoption reimbursement, on demand maternity support through Maven Maternity, free breast milk shipping through Maven Milk, pet insurance, legal advisory services, financial planning tools, and more.