BankUnited is seeking an Application Security AI Engineer to provide unified application security triage and drive AI-enabled security tooling initiatives across their vulnerability management and software supply chain security programs. The role involves assessing vulnerabilities, providing remediation guidance, and enhancing software supply chain security through various AI-driven initiatives.
Responsibilities:
- Provide unified application security triage coverage across SCA, SAST, and DAST findings, including validation of critical and high-risk vulnerabilities
- Perform false positive analysis and exploitability assessment to prioritize remediation efforts
- Provide remediation guidance, escalation support, and handle PatchNow Critical events
- Assess and coordinate responses for threat intelligence escalations and monitor newly disclosed vulnerabilities
- Engineer, test, and implement AI-enabled security tooling, including support for evaluation of new AI capabilities and technical proof-of-value execution
- Strengthen software supply chain security through secure open-source dependency selection, SBOM and component visibility support, and detection of malicious packages
- Assess and improve developer IDE security, including securing plugins/extensions and developer workflows
Requirements:
- 8-10 years of experience in application security
- Expertise in code scanning methodologies including static scanning (SAST), dynamic scanning (DAST), and open source scanning (SCA)
- Strong background in SCA/SAST/DAST triage, vulnerability management, and threat intelligence
- Hands-on experience with AI-assisted security tooling and AI-enabled security tools, including frontier models and coding assistants
- Working knowledge of prompt and tool orchestration, model evaluation, and AI governance
- Proficiency with scripting and automation, APIs, and CI/CD workflows
- Experience with developer tooling, security platform integrations, IDE security, and package managers
- Capability to detect and assess malicious code in open-source dependencies
- Understanding of software supply chain security best practices