Senior Application Security Specialist (AI)

TL;DR

Senior Application Security Specialist (AI): Designing and implementing secure SDLC processes and AI security controls for a sustainability ratings platform with an accent on AI-driven application security and penetration testing. Focus on mitigating LLM-specific risks, automating vulnerability detection in CI/CD pipelines, and conducting deep-dive security code reviews.

Location: Must be based in Poland (Hybrid in Warsaw or Full remote within the country)

Company

hirify.global is the leading provider of business sustainability ratings, analyzing data to provide actionable insights into environmental, social, and ethical risks.

What you will do

• Integrate security gates into CI/CD pipelines and deploy AI-powered vulnerability detection tools.
• Conduct internal penetration tests for web, mobile, and AI-based applications and coordinate third-party audits.
• Perform threat modeling and security reviews for AI/ML features to mitigate risks like Prompt Injection and Training Data Poisoning.
• Establish organizational guidelines for the secure use of AI coding assistants and third-party AI APIs.
• Triage vulnerabilities from automated tools and manual assessments, coordinating remediation with engineering teams.
• Provide consultancy on OWASP Top 10 and secure coding standards for product teams.

Requirements

• 3+ years of professional experience in Application Security, Penetration Testing, or Secure Software Development.
• Practical experience with Azure cloud solutions and securing SaaS platforms.
• Familiarity with OWASP Top 10 for LLM Applications and common GenAI/ML risks.
• Hands-on experience with application security tools and integrating checks into CI/CD (e.g., Azure DevOps).
• Bachelor’s or Master’s degree in Computer Science, Cyber Security, or a related technical field.
• Fluency in English (written and verbal) and legal eligibility to work and live in Poland.

Nice to have

• Professional certifications such as OSCP, OSWE, or specific cloud/AI security credentials.
• Experience with AI/ML security frameworks like MITRE ATLAS or NIST AI RMF.
• Knowledge of Kubernetes and securing applications in Azure, AWS, or GCP.
• Understanding of APM, observability, BCP, or Disaster Recovery strategies.

Culture & Benefits

• Flexible working hours and hybrid work organization.
• Wellness allowance, professional mental health support, and Multisport card.
• Learning and development opportunities and a referral bonus policy.
• Internet and electricity bill allowance.
• Optional health care and life insurance, plus lunch and cafeteria cards.
• Remote work from abroad policy and a community service day for volunteering.