Writer

Security engineer, application security

Writer

full-time

Posted on:

Location: New York • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

SeniorLead

Tech Stack

Cloud

About the role

  • Embed security in the build pipeline — Own pre-deployment application security, including automated vulnerability scanning, container scanning, and custom security gates in CI/CD.
  • Conduct advanced application penetration testing — Perform comprehensive testing on AI applications, APIs, and model endpoints, simulating adversarial attacks to validate controls.
  • Automate security testing at scale — Develop scripts, tools, and frameworks for continuous security assessment, including SAST, DAST, and SCA integration.
  • Lead application-layer red team exercises — Plan and execute engagements that mimic sophisticated adversary techniques targeting AI systems.
  • Hunt and validate vulnerabilities — Discover, reproduce, and chain vulnerabilities into realistic attack paths, providing actionable remediation guidance.
  • Advise on security architecture — Review designs for weaknesses, create secure patterns, and identify systemic issues across applications.
  • Collaborate across boundaries — Partner with Cloud/Infrastructure on deployment/runtime security, AI Security on threat modeling, and Detection & Response on defensive validation.

Requirements

  • 8+ years in application security, with a strong focus on hands-on testing.
  • 5+ years conducting penetration tests and security assessments.
  • Proven record of finding and exploiting critical vulnerabilities.
  • Deep experience integrating security into DevOps workflows and CI/CD pipelines.
  • Strong programming skills for exploit development and security automation.
  • Expertise in web application and API security, including cloud-native architectures.
  • Proficient with penetration testing tools (e.g., Burp Suite, OWASP ZAP, custom scripts).
  • Skilled in SAST, DAST, and SCA tools.
  • Strong understanding of application-layer attack techniques and exploitation.
  • Experience with supply chain security and build pipeline hardening.
  • Demonstrated ability to identify vulnerabilities others miss.
  • Proven track record of automating security testing in fast-paced development cycles.
  • Ability to translate red team findings into concrete defensive measures.
  • History of effective collaboration with engineering teams.
  • Background in software development or DevOps.
  • Experience testing AI/ML applications.
  • Security certifications such as OSCP, OSWE, or GWAPT.
  • Published security research or CVEs.
  • Experience with purple team operations.
AIG

Vice President, IT Application Security

AIG
Leadfull-time$140k–$165k / yearNew Jersey, North Carolina, Texas · 🇺🇸 United States
Posted: 39 minutes agoSource: corebridgefinancial.wd1.myworkdayjobs.com
CloudCyber SecurityPythonSDLC
DLA Piper

Data Privacy, Cybersecurity Litigation Associate

DLA Piper
Junior · Midfull-time$310k–$390k / yearCalifornia · 🇺🇸 United States
Posted: 1 hour agoSource: dlapiper.wd1.myworkdayjobs.com
Cyber Security
Horizon Industries, Limited

Cybersecurity Cloud Subject Matter Expert – SME

Horizon Industries, Limited
Senior · Leadfull-time🇺🇸 United States
Posted: 1 hour agoSource: boards.greenhouse.io
AWSAzureCloudCyber SecurityOracle
Arctic Wolf

Principal Software Developer – Data Engineering, Cybersecurity

Arctic Wolf
Leadfull-time🇺🇸 United States
Posted: 3 hours agoSource: arcticwolf.wd1.myworkdayjobs.com
Amazon RedshiftApacheAWSCloudCyber SecurityDistributed SystemsElasticSearchKafkaMongoDBNoSQLPostgresRabbitMQ+5 more
Adobe

Senior Applied AI/ML Engineer, Product Security Engineering

Adobe
Seniorfull-time$140k–$246k / yearCalifornia, Washington · 🇺🇸 United States
Posted: 4 hours agoSource: adobe.wd5.myworkdayjobs.com
AWSCloudCyber SecurityDockerEC2GoGoogle Cloud PlatformKubernetesPythonSparkSplunkSQL+1 more