Partner closely with engineering, cloud, and product teams to safeguard applications, services, and AI-driven components
Combine hands-on technical testing with scalable automation and developer enablement to mature AppSec program
Ensure secure, resilient applications at speed
Manual source code review SAST/DAST scanning
Expand the Security Champions program
Develop automated source code review processes
Work with product teams to ensure secure SDLC processes are in place
Provide detailed vulnerability reports to businesses

2–4 years of hands-on application security experience
Experience integrating security tooling and automated checks into CI/CD pipelines
Familiarity and experience with OWASP Top 10 and web testing methodologies
Experience with effectively assessing and communicating risks and appropriate levels of urgency to management and engineering staff
Experience with technical report writing and communication
Strong manual code review experience in at least one major language (Java, JavaScript/TypeScript, C#, PHP, etc.)
Solid threat-modeling expertise (STRIDE, attack trees, misuse cases) for both traditional systems and AI/LLM-integrated features
Proficiency with SAST, SCA, DAST, web and mobile pentesting, container scanners, secrets-detection tools, and ideally AI-security scanning platforms
Scripting/automation skills (Python, Bash, Node) for building custom tooling and automating manual processes
Good understanding of AI/LLM attack surfaces including prompt injection, insecure output handling, model-data leakage, and RAG vulnerabilities
Strong knowledge of web/API security concepts (session management, secure storage, transport security)

Cybersecurity Application Security Engineer

Key skills