Staff Application Security Engineer (AI)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Staff Application Security Engineer (AppSec/AI): Defining and driving the application and product security architecture for a cloud-native SaaS platform with an accent on secure SDLC, shift-left automation, and AI/agentic technologies. Focus on establishing security guardrails for LLMs, leading complex threat modeling, and developing novel defense techniques against AI-layer attacks.
Location: Must be based in the United States
Salary: $114,000 - $240,000 USD
Company
is an SAP company providing a cloud-native Context Intelligence Platform that harmonizes and governs enterprise data for AI agents and systems.
What you will do
- Define and drive the overall application security architecture, vision, and roadmap across the SaaS platform.
- Embed security throughout the SDLC by implementing secure coding standards and shift-left automation.
- Design and operationalize security controls (SAST, SCA, DAST) within CI/CD pipelines.
- Lead threat modeling and technical risk assessments for complex, high-impact systems.
- Establish AI security guardrails for LLMs and agentic workflows, including Model Context Protocol (MCP) security.
- Perform penetration testing on applications, APIs, and AI layers to validate control effectiveness.
Requirements
- 8+ years of experience in application security or software development within cloud-native or SaaS environments.
- Strong expertise in OWASP Top 10 and OWASP API Top 10 vulnerabilities and prevention strategies.
- Hands-on experience with Java, Spring Boot, Node.js, or C# and modern UI frameworks.
- Experience with AWS, GCP, or Azure, and securing Kubernetes/containerized environments.
- Proficiency with Burp Suite Pro and application security platforms (Wiz preferred).
- Must be based in the United States.
Nice to have
- Experience securing LLM applications and agentic guardrail frameworks (e.g., NeMo, AWS Bedrock).
- Experience building AppSec automation or using orchestration tools like DefectDojo.
- Knowledge of industry frameworks such as SOC 2, HITRUST, or ISO 27001.
- Experience applying ML/AI techniques to enhance security detection and risk prioritization.
Culture & Benefits
- Flexible work arrangements based on a distributed workforce model.
- Collaborative environment driven by values of "Customer First" and "Better Together".
- Opportunity to work with unrivaled technology enabling digital transformation via connected data.
- Inclusive workplace committed to equal employment opportunity.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →