Granicus IndiaRemote
Senior Application Security Engineer
United States
Full-time
17 hours ago
H1B Sponsor
Key skills
JavaScriptTypeScriptPythonJavaC#CGoAILLMSDLCCI/CDCommunicationPenetration Testing
About this role
Granicus is a technology company transforming the Govtech industry by connecting governments with their constituents. As a Senior Application Security Engineer, you will identify and mitigate security vulnerabilities across software applications, work closely with development teams to integrate secure coding practices, and conduct security assessments to ensure the safety of AI-enabled features.
Responsibilities:
- Perform Security Assessments: Conduct regular security assessments, secure code reviews, threat modeling, and penetration testing (web, API, and cloud-native services) to identify vulnerabilities and provide clear remediation guidance
- AI / LLM Security Testing: Plan and execute security testing for LLM-enabled applications (chat, copilots, RAG, and agentic workflows), including prompt injection/jailbreak testing and indirect prompt injection via untrusted content
- Data Protection & Leakage Testing: Assess sensitive data exposure risks (system prompt leakage, retrieval leakage, secrets exposure, PII disclosure) and validate compensating controls such as redaction, access controls, and logging
- Tool/Agent Abuse Testing: Evaluate risks in tool/function calling and agent integrations (over-privileged tools, authorization gaps, unsafe actions, SSRF-style tool access) and recommend mitigations
- Develop and Implement Security Tools: Design, develop, and implement security tools and automation (CI/CD checks, security tests, reusable libraries) to prevent and detect vulnerabilities at scale
- Collaborate with Development Teams: Partner with engineering teams to embed security best practices across the SDLC, establish secure coding guidelines, and deliver pragmatic security enablement
- Vulnerability Management: Track, analyze, and manage vulnerabilities end-to-end (triage, prioritization, remediation support, and validation) and drive root-cause fixes to reduce recurrence
- Incident Response Support: Assist with investigation and response for application security incidents, ensuring timely resolution, documentation, and lessons learned
- Stay Current on Security Trends: Maintain awareness of emerging application and AI security threats, and continuously improve testing methods, controls, and developer guidance
Requirements:
- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
- 6–10+ years of experience in application security, product security, penetration testing, or secure software engineering (senior level)
- Demonstrated experience with secure SDLC practices, threat modeling, secure code review, and driving remediation with engineering teams
- Hands-on expertise in web and API security testing and common vulnerability classes (authn/authz, injection, SSRF, access control, crypto misuse, etc.)
- Proficiency in at least one programming language (e.g., Python, Java, Go, JavaScript/TypeScript, C#) and ability to review production code
- Experience building or operating security tooling and automation in CI/CD environments; comfort with scripting and APIs
- Required AI/LLM security experience: prompt injection/jailbreak testing and understanding of LLM application threat models (RAG leakage, system prompt exposure, tool/function calling abuse, agent misuse)
- Excellent written and verbal communication skills; ability to influence stakeholders and mentor engineers