Application Security Lead (AI)

TL;DR

Application Security Lead (AI): Designing and owning the application security strategy for a human data infrastructure platform with an accent on SSDLC, threat modelling, and vulnerability management. Focus on embedding security into the engineering lifecycle, managing security tooling, and ensuring compliance with ISO 27001 and SOC 2.

Location: Remote (must be based in the UK)

Company

hirify.global provides the human data infrastructure essential for developing accurate and aligned AI systems.

What you will do

• Own and evolve the end-to-end application security strategy, balancing risk and velocity.
• Define and drive the Secure Software Development Lifecycle (SSDLC) across the organization.
• Perform hands-on code reviews, threat modelling, and security testing of apps and APIs.
• Manage and mentor a Senior Application Security Engineer.
• Lead the compliance program, translating ISO 27001 and SOC 2 controls into engineering practices.
• Partner cross-functionally with product engineering, platform, data, and legal teams.

Requirements

• Several years of experience in software engineering building production systems at scale.
• Deep expertise in application security, OWASP Top 10, and modern attack paths.
• Proficiency in Python for security tooling and automation.
• Experience scaling SSDLCs and implementing CI/CD security tooling (SAST, SCA, DAST).
• Experience leading threat modelling and security design reviews.
• Must be based in the UK.

Nice to have

• Experience with Django, Vue.js, MongoDB, or GCP.
• Knowledge of infrastructure security, including Terraform and Kubernetes.
• Hands-on certifications such as OSCP, GWAPT, BSCP, or CISSP.
• Experience managing bug bounty programs or security champions.

Culture & Benefits

• Work at the forefront of AI innovation using a unique human data platform.
• Remote-first working environment.
• Impactful, mission-driven culture focused on ethical data collection.
• Competitive salary and comprehensive benefits package.