Application Security Engineer Jobs

About The Position

Requirements

• 6–10 years in Application Security, with a hands-on engineering orientation
• Demonstrable experience with LLM and agent security — OWASP LLM Top 10, MITRE ATLAS, prompt/output filtering, agent identity, and tool-use risk
• You’ve built end-to-end threat models for production platforms and translated them into corrective controls
• SAST, DAST, and infrastructure scanning tools in production CI/CD environments
• Taking policy, codifying it as infrastructure-as-code (Terraform), and gating CI/CD pipelines on security findings
• Significant AWS experience (GCP or Azure background acceptable; AWS is learnable, but cloud depth is required)
• Background in regulated environments — healthcare (HIPAA/HITRUST), federal (FedRAMP), or fintech (PCI)
• Strong cross-functional communicator;able to partner with engineers and AI builders, find the secure path together.

Nice To Haves

• Direct experience threat modeling agentic AI systems (rare — but if you have it, you're the cherry on top)
• AWS Agent Core, MCP, or similar agent-platform exposure
• Experience at a growth-stage company (~50–500 people) that has already adopted agentic AI
• Background in fintech transitioning into agentic systems (a common path into this kind of work today)
• Past ownership of an AI monitoring tool rollout or evaluation

Responsibilities

• Threat-model agentic and LLM-powered features end-to-end: data ingress/egress, agent identity, tool-use boundaries, and the unique risks that come with frontier AI work
• Build the secure SDLC paved road — secure SDLC guardrails, prompt/agent identity patterns, secrets management, PHI/PII redaction patterns
• Embed SAST, DAST, SCA, and infrastructure scanning into CI/CD so security gates are part of the pipeline, not an afterthought
• Identify and pilot an AI monitoring tool to fill the gap our current tooling (Zscaler) doesn't cover
• Translate existing security policy into safe tool-use patterns for the Artera Primitives team, Systems Engineers, and other AI Builder squads
• Partner cross-functionally with DevOps, Systems Engineering, and the AI builder teams — meeting AI Builders and engineers in the middle and finding the secure path forward, not the "no" path
• Own AWS identity and access management patterns, secrets management, and security tooling decisions in our AWS environment. Collaborate with System Engineers / DevOps on implementation.
• Apply frameworks like MITRE ATT&CK, MITRE ATLAS, OWASP Top 10, and OWASP LLM Top 10 to architectural decisions.

Benefits

• Full health benefits (medical, dental, and vision)
• flexible spending accounts
• company paid life insurance
• company paid short-term & long-term disability
• company equity
• voluntary benefits
• 401(k)
• Manager development cohorts
• employee development funds
• Company holidays
• Winter & Summer break
• flexible time off