Application Security Engineer (AI)

TL;DR

Application Security Engineer (AI): Leading application security engineering efforts, designing scalable security architectures, and performing advanced risk assessments with an accent on integrating security across the SDLC and driving AI-related security controls. Focus on evaluating vendor solutions, scaling automation, and contributing to incident response and strategic security improvements.

Location: Arlington

Company

hirify.global is a leading source of legal, tax, regulatory, government, and business information for professionals.

What you will do

• Design and implement security architectures and controls for large-scale, cloud-native applications.
• Conduct in-depth risk assessments, including penetration testing and code reviews.
• Collaborate with developers and DevOps teams to integrate security at all stages of the software development lifecycle (SDLC).
• Drive security for AI-powered features by defining secure architectures, assessing AI/ML risks, and implementing advanced testing and controls for AI models, agents, and MCP servers.
• Build, improve, and scale security automation, integrating tooling across CI/CD pipelines and cloud platforms.
• Participate in incident response efforts and investigations into security incidents.

Requirements

• Deep expertise in application security, secure software design, and risk management, including frameworks such as OWASP ASVS, OWASP Top 10, and NIST 800‑53.
• Extensive experience conducting complex security assessments and building automated security controls for large engineering environments.
• Proficiency in multiple programming languages (e.g., Python, Java, JavaScript) and hands-on experience with SAST, DAST, SCA, IaC, container, and cloud security tools.
• Strong understanding of modern architectures (cloud-native, microservices, Kubernetes, containers, serverless) and DevSecOps processes.
• Advanced understanding of AI/ML security, including model vulnerability analysis, AI threat modeling, secure LLM integration patterns, and familiarity with NIST AI RMF or OWASP Top 10 for LLMs.
• 5-7 years of relevant experience in Application Security, AppSec engineering, Cloud Security, or Software Engineering.

Nice to have

• Certifications such as AWS Certified Security – Specialty, CSSLP or CISSP, or Certified DevSecOps Expert (CDE) or equivalent.
• A bachelor's degree in information security, Computer Science, or a related field, or equivalent experience.

Culture & Benefits

• hirify.global maintains a continuing policy of non-discrimination in employment.
• Committed to attracting, retaining, developing, and promoting the most qualified individuals.
• Provides equal opportunity and access for all persons.