Writer

Security engineer, application security

Writer

full-time

Posted on:

Origin:  • 🇺🇸 United States • New York

Visit company website
AI Apply
Manual Apply

Job Level

SeniorLead

Tech Stack

Cloud

About the role

  • Embed security in the build pipeline — Own pre-deployment application security, including automated vulnerability scanning, container scanning, and custom security gates in CI/CD.
  • Conduct advanced application penetration testing — Perform comprehensive testing on AI applications, APIs, and model endpoints, simulating adversarial attacks to validate controls.
  • Automate security testing at scale — Develop scripts, tools, and frameworks for continuous security assessment, including SAST, DAST, and SCA integration.
  • Lead application-layer red team exercises — Plan and execute engagements that mimic sophisticated adversary techniques targeting AI systems.
  • Hunt and validate vulnerabilities — Discover, reproduce, and chain vulnerabilities into realistic attack paths, providing actionable remediation guidance.
  • Advise on security architecture — Review designs for weaknesses, create secure patterns, and identify systemic issues across applications.
  • Collaborate across boundaries — Partner with Cloud/Infrastructure on deployment/runtime security, AI Security on threat modeling, and Detection & Response on defensive validation.

Requirements

  • 8+ years in application security, with a strong focus on hands-on testing.
  • 5+ years conducting penetration tests and security assessments.
  • Proven record of finding and exploiting critical vulnerabilities.
  • Deep experience integrating security into DevOps workflows and CI/CD pipelines.
  • Strong programming skills for exploit development and security automation.
  • Expertise in web application and API security, including cloud-native architectures.
  • Proficient with penetration testing tools (e.g., Burp Suite, OWASP ZAP, custom scripts).
  • Skilled in SAST, DAST, and SCA tools.
  • Strong understanding of application-layer attack techniques and exploitation.
  • Experience with supply chain security and build pipeline hardening.
  • Demonstrated ability to identify vulnerabilities others miss.
  • Proven track record of automating security testing in fast-paced development cycles.
  • Ability to translate red team findings into concrete defensive measures.
  • History of effective collaboration with engineering teams.
  • Background in software development or DevOps.
  • Experience testing AI/ML applications.
  • Security certifications such as OSCP, OSWE, or GWAPT.
  • Published security research or CVEs.
  • Experience with purple team operations.