Sr. Application Security Manager (AI)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Sr. Application Security Manager (AppSec/AI): Leading the secure software development lifecycle, application, API, and AI/LLM security programs to protect digital advertising integrity with an accent on SSDLC evolution and AI threat mitigation. Focus on implementing risk-based merge gates, securing AI agents against prompt injection, and scaling offensive security testing.
Location: NYC Global HQ
Salary: $153,000 - $260,000
Company
is a leading independent provider of marketing measurement software, data, and analytics that authenticates the quality and effectiveness of digital media for global brands.
What you will do
- Own and evolve the SSDLC, integrating SAST, SCA, DAST, and ASPM tooling to implement risk-based merge gates.
- Lead AI security governance, securing LLM-based applications and AI agents against threats like prompt injection and jailbreaking.
- Drive OWASP ASVS adoption and manage software supply chain security including SBOM and license compliance.
- Oversee the API security program and attack surface management (ASM) to discover shadow/zombie APIs.
- Lead offensive security and penetration testing programs, coordinating with external vendors and internal assessments.
- Manage and mentor a team of security engineers and contractors, handling budgeting and vendor relationships.
Requirements
- 10+ years of experience in information security, with at least 3 years in a technical management or lead role.
- Expertise in Application Security, AI/ML security, software supply chain security, or cloud security.
- Hands-on experience with AppSec tooling (e.g., Snyk, Veracode, Checkmarx, Ox Security) and API security.
- Knowledge of OWASP Top 10 for LLMs, NIST AI RMF, and agentic architectures.
- Proficiency in GCP, Kubernetes, and at least one scripting language like Python.
- Must be based in New York City to work from the Global HQ.
Culture & Benefits
- Eligible for bonus, commission, and equity.
- Direct executive support and a mandate to build a best-in-class security program.
- Access to modern tooling and a dedicated budget for security engineering.
- Commitment to equal opportunity employment and inclusive hiring practices.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →