Application Security AI Engineer

Our client is seeking an Application Security AI Engineer to provide unified application security triage and drive AI-enabled security tooling initiatives across their vulnerability management and software supply chain security programs.

Responsibilities & Qualifications

  • Provide unified application security triage coverage across SCA, SAST, and DAST findings, including validation of critical and high-risk vulnerabilities
  • Perform false positive analysis and exploitability assessment to prioritize remediation efforts
  • Provide remediation guidance, escalation support, and handle Patch Now Critical events
  • Assess and coordinate responses for threat intelligence escalations and monitor newly disclosed vulnerabilities
  • Engineer, test, and implement AI-enabled security tooling, including support for evaluation of new AI capabilities and technical proof-of-value execution
  • Strengthen software supply chain security through secure open-source dependency selection, SBOM and component visibility support, and detection of malicious packages
  • Assess and improve developer IDE security, including securing plugins/extensions and developer workflows

Requirements

  • 8-10 years of experience in application security
  • Expertise in code scanning methodologies including static scanning (SAST), dynamic scanning (DAST), and open source scanning (SCA)
  • Strong background in SCA/SAST/DAST triage, vulnerability management, and threat intelligence
  • Hands-on experience with AI-assisted security tooling and AI-enabled security tools, including frontier models and coding assistants
  • Working knowledge of prompt and tool orchestration, model evaluation, and AI governance
  • Proficiency with scripting and automation, APIs, and CI/CD workflows
  • Experience with developer tooling, security platform integrations, IDE security, and package managers
  • Capability to detect and assess malicious code in open-source dependencies
  • Understanding of software supply chain security best practices