Senior Application Security Engineer II
New
Open to candidates residing within the United StatesFull-TimeSenior
Salary$180,000 - $205,500
Apply NowOpens the employer's application page
Job Details
- Experience
- 7+ years
- Required Skills
- PythonJavascriptRubyGoCI/CD
Requirements
- 7+ years of professional experience in application security or a closely related security engineering discipline.
- Hands-on experience with DAST, SAST, and SCA tools, and manual testing techniques (OWASP, SANS Top 25).
- Demonstrated experience securing CI/CD pipelines with commercial and custom-built tooling.
- Experience with IaaS cloud infrastructure (AWS, Azure, or GCP), container technologies, and service-oriented architectures.
- Security automation experience in at least one of: Go, Python, JavaScript, or Ruby.
- Familiarity with AI/ML security concepts — prompt injection, adversarial inputs, model supply-chain risks, and the OWASP LLM Top 10.
- Working knowledge of AI and LLM tooling (e.g., OpenAI, Anthropic, LangChain, or equivalent).
- Experience implementing controls aligned to NIST CSF, HIPAA, HITRUST, ISO-27001, or SOC-2.
- Strong cross-functional collaboration skills.
- Bachelor’s degree in Computer Science, Engineering, MIS, IT, or equivalent work experience.
Responsibilities
- Contribute to the advancement of secure-by-design practices within the team’s S-SDLC program, including participation in architecture reviews, design consultations, and security guidance across the development lifecycle.
- Mentor engineers on secure coding practices, AppSec fundamentals, and career growth, fostering a collaborative environment where the team grows stronger together.
- Facilitate the development of an AI-assisted threat modeling program, spanning risk identification, security architecture, and proactive program maturity, enabling the ability to scale threat modeling across the organization.
- Contribute to maturing the team’s established SAST, SCA, and DAST programs through rule tuning, coverage improvements, and identifying opportunities to strengthen security controls as the organization scales.
- Perform security-focused code reviews of internal and open-source libraries, prioritizing findings by exploitability and business impact.
- Support vulnerability remediation efforts by assessing impact, proposing solutions, and validating fixes in accordance with the team’s established remediation workflows.
- Identify and implement process improvements and security automation using languages such as Go, Python, JavaScript, or Ruby, including the integration of AI tooling to improve team workflows and program efficiency.
- Contribute to security assessments of AI-integrated product features, including LLM APIs, vector databases, and RAG pipelines, with a focus on risks such as prompt injection, data leakage, and model supply-chain vulnerabilities.
- Contribute to the research, design, and development of a Secure AI Development Lifecycle (ADLC) in accordance with the OWASP Top 10 for LLM Applications and emerging adversarial ML guidance.
- Evaluate and recommend AI-assisted security tooling, including AI-augmented SAST and LLM-powered code review, to improve program coverage and team efficiency.
View Full Description & ApplyYou'll be redirected to the employer's site