Security Engineer

• Own the end-to-end AppSec program — from secure SDLC to runtime protection — and align it with business velocity and risk appetite.
• Institutionalize systematic threat modeling across all product teams; personally lead modeling for flagship AI products and high-risk features.
• Author, maintain, and evangelize production-grade secure coding guidelines, libraries, and reference architectures (API security, authentication, input validation, LLM-specific risks, etc.).
• Select, deploy, and continuously improve the AppSec toolchain (SAST, DAST, SCA, IAST, runtime protection, secret scanning, etc.) deeply integrated into CI/CD pipelines.
• Plan and execute advanced application pen tests; scope and oversee external red team engagements focused on business logic, AI-specific attacks, and prompt injection.
• Serve as the primary AppSec escalation point during security incidents affecting applications.
• Hire, grow, and lead a high-performing application security team; mentor engineers organization-wide on secure development practices.
• Drive alignment with OWASP ASVS, OWASP Top 10 (including LLM Top 10), NIST SSDF, and emerging AI security regulations.

Associate Director – Lead Application Security

Network and Security Support