Senior Application Security Engineer - DevSecOps & AI Security
Back to search results
Job Description:
Position will be hybrid (4 days in office and 1 day remote (remote day can be flexible).
10+ years of experience
Strong experience designing and implementing AppSec programs within DevSecOps, including integration of SAST, SCA, DAST, and related tooling into CI/CD pipelines.
Deep understanding of application security testing approaches (SAST for code analysis, DAST for runtime testing, SCA for open-source risk) and how they complement each other.
Experience with application vulnerability management and metrics, including:
Defining KPIs (e.g., MTTR, severity trends, SLA compliance)
Delivering actionable dashboards and executive reporting
Position will be hybrid (4 days in office and 1 day remote (remote day can be flexible).
10+ years of experience
Strong experience designing and implementing AppSec programs within DevSecOps, including integration of SAST, SCA, DAST, and related tooling into CI/CD pipelines.
Deep understanding of application security testing approaches (SAST for code analysis, DAST for runtime testing, SCA for open-source risk) and how they complement each other.
Experience with application vulnerability management and metrics, including:
Defining KPIs (e.g., MTTR, severity trends, SLA compliance)
Delivering actionable dashboards and executive reporting
- Hands-on experience with enterprise AppSec platforms and ecosystems, including: GitHub Enterprise, ADO, Sonatype, Fortify, Snyk, Jfrog, etc.
- Experience evaluating and securing AI-enabled application components, including LLM integrations, agent-based workflows, and AI-driven APIs.
- Proficiency in one or more coding languages, such as C#, Python, Java, or JavaScript.
- Strong background in application and cloud security architecture, including APIs, microservices, and modern application patterns.
- Experience ensuring secure development practices for AI-generated code, including integration with SAST, SCA, and CI/CD pipelines for automated scanning and policy enforcement.
- Ability to perform detailed information security risk assessments and recommend mitigating controls.
- Experience promoting security as a business enablement function with documentation, metrics, and strong verbal communication.
- Experience embedding security controls into developer workflows, enabling “shift-left” security while maintaining delivery velocity.
- Ability to translate technical findings into business risk, supporting prioritization, remediation strategies, and leadership reporting.
- Working knowledge of industry frameworks and standards (e.g., OWASP Top 10, secure coding practices, NIST/ISO).
- At least 5 years in application security, DevSecOps, or related roles; relevant industry certifications (CISSP, CSSLP, CCSP, CISA, GIAC, OSCP, etc.) preferred.
- Must pass Insider Threat Protection background checks.