PTR Global is seeking an Application Security AI Engineer to provide unified application security triage coverage and enhance the security posture of applications. The role involves monitoring vulnerabilities, engineering security tooling, and improving developer workflows while leveraging AI capabilities.
Responsibilities:
- Provide unified application security triage coverage across SCA, SAST, and DAST findings, including validation of critical and high-risk vulnerabilities, false positive analysis, exploitability assessment, remediation guidance, and escalation support for findings that may impact production, internet-facing, or business-critical applications
- Rapidly assess and coordinate responses for threat intelligence escalations and PatchNow Critical events, including scope analysis, owner routing, mitigation guidance, tracking, and closure verification
- Monitor and analyze newly disclosed and novel vulnerabilities, including faster-moving disclosures influenced by frontier-model-enabled research, and produce actionable briefs that drive remediation plans
- Engineer, test, and implement application security tooling that leverages frontier models or AI-enabled capabilities for vulnerability identification, code reasoning, triage acceleration, remediation recommendations, and analyst workflow automation while preserving human review, auditability, and secure use controls
- Support company processes for evaluating and onboarding new AI capabilities, including technical proof-of-value execution, security testing, control validation, data handling review, model output evaluation, success metrics, and documentation needed for internal governance and approval pathways
- Strengthen software supply chain security by helping secure open-source dependency selection, package intake, SBOM and component visibility, malicious package detection, dependency health assessment, and policy enforcement across developer, pipeline, and artifact management workflows
- Assess and improve developer IDE security, plugins/extensions, and developer workflows, including package managers, code-assist tools, and CI integrations, against malicious code, compromised extensions, and unsafe configurations
Requirements:
- 3 plus years Code scanning experience
- 3 plus years open-source scanning
- 3 plus years dynamic and static scanning
- Strong experience triaging SCA/SAST/DAST findings and managing high-severity escalations (threat intel and critical patch events) through remediation and closure
- Engineering experience with scripting, automation, APIs, CI/CD workflows, developer tooling, or security platform integrations
- Practical familiarity with AI-enabled security tools, frontier models, coding assistants, prompt and tool orchestration, model evaluation, or AI governance processes
- Experience securing the software supply chain and developer tooling (IDEs, plugins/extensions, package managers, CI/CD integrations) against compromise and malicious code
- Ability to translate technical vulnerability findings into clear remediation guidance, risk summaries, and prioritization recommendations for development and security stakeholders