Senior Staff Engineer (AI Developer AppSec)

Requirements

• Experience : 7.5years
• Strong experience as an Application Security Engineer Application Security Developer or Software Engineer with strong Application Security specialization.
• Strong expertise in Application Security principles secure SDLC secure coding practices vulnerability assessment and secure code review methodologies.
• Deep knowledge of OWASP Top 10 CWE Top 25 common application vulnerabilities and secure software development practices.
• Hands-on experience with Application Security toolchains including SAST DAST SCA IAST and secrets scanning solutions.
• Strong programming skills in Python with experience using AI/ML libraries such as Scikit-learn PyTorch or TensorFlow Pandas and NumPy.
• Experience building AI-powered security automation using Large Language Models (LLMs) Azure OpenAI OpenAI APIs prompt engineering and Retrieval-Augmented Generation (RAG) architectures.
• Experience developing intelligent code analysis vulnerability detection remediation recommendation and AI-assisted security tooling.
• Hands-on experience integrating security tools into CI/CD platforms such as Jenkins GitHub Actions and Azure DevOps.
• Experience developing REST APIs and microservices using FastAPI or Flask.
• Good understanding of containerization technologies such as Docker and modern Git-based development workflows.
• Working knowledge of cloud platforms including Microsoft Azure AWS or Google Cloud Platform for deploying AI-powered security services.
• Strong understanding of vulnerability management risk prioritization remediation workflows and security automation.
• Familiarity with software composition analysis dependency management API security testing and secrets management.
• Experience with MLOps platforms such as Azure ML MLflow or equivalent model deployment and monitoring frameworks.
• Knowledge of LangChain Semantic Kernel AutoGen or similar AI orchestration frameworks is an added advantage.
• Familiarity with OWASP SAMM BSIMM software security maturity frameworks and secure application architecture is preferred.
• Experience with API security testing tools Postman REST-assured or OWASP API Security Top 10 is desirable.
• Exposure to mobile application security testing for Android and iOS platforms is an advantage.
• Strong analytical troubleshooting and problem-solving skills with the ability to develop scalable AI-powered security solutions.
• Excellent communication and collaboration skills with experience working in Agile DevSecOps and cross-functional engineering teams.
• Bachelors degree in Computer Science Information Technology Engineering MCA or a related discipline.
• Professional certifications such as CSSLP CEH GWEB CompTIA Security Microsoft Azure AI Engineer Associate or SC-100 are desirable.

Responsibilities

• Design develop and maintain AI-powered application security solutions that integrate seamlessly into the software development lifecycle (SDLC).
• Build intelligent SAST automation that contextualizes findings reduces false positives identifies root causes and generates developer-friendly remediation guidance using Large Language Models (LLMs).
• Develop AI-powered secure code review assistants capable of identifying OWASP Top 10 and CWE Top 25 vulnerabilities during pull requests and code reviews.
• Design and implement machine learning models for Software Composition Analysis (SCA) detecting vulnerable dependencies outdated libraries malicious packages and license compliance risks.
• Develop AI-driven DAST orchestration capabilities to automate attack surface discovery payload generation vulnerability prioritization and security testing.
• Build Retrieval-Augmented Generation (RAG) pipelines leveraging internal security knowledge bases OWASP standards CVE/NVD repositories and penetration testing playbooks to provide contextual security guidance.
• Develop agentic AI workflows that automate the complete vulnerability lifecycle including detection triage deduplication risk scoring ticket creation SLA tracking and remediation validation.
• Design prompt engineering strategies and continuously optimize LLM models for secure code analysis threat modeling remediation guidance vulnerability reasoning and developer coaching.
• Integrate AI-powered application security capabilities into CI/CD pipelines using platforms such as Jenkins GitHub Actions and Azure DevOps to enforce security gates and real-time feedback.
• Develop developer-focused security tooling including IDE extensions REST APIs and microservices using FastAPI or Flask to deliver contextual security recommendations.
• Build aggregation platforms that consolidate findings from SAST DAST SCA IAST and secrets scanning tools into a unified application security risk dashboard.
• Develop intelligent secrets detection capabilities using pattern recognition and AI-based contextual analysis to identify exposed credentials API keys and sensitive configuration data.
• Write unit tests integration tests and participate in peer code reviews to ensure high-quality secure and maintainable code.
• Monitor AI model performance track security detection metrics implement drift detection and maintain automated retraining processes using MLOps practices.
• Develop and maintain CI/CD pipelines for AI model deployment versioning monitoring and production release using Azure ML MLflow or equivalent platforms.
• Prepare technical documentation including architecture designs API specifications integration guides operational runbooks and security documentation.
• Collaborate closely with application security engineers developers DevSecOps teams cloud engineers and penetration testers to continuously improve security automation and developer experience.

Qualifications :

Bachelors or masters degree in computer science Information Technology or a related field.

Remote Work :

No

Employment Type :

Full-time