Sr. Security Engineer

XTIUM Careers


Job Location:

Islamabad - Pakistan

Monthly Salary: Not Disclosed
Posted on: 1 hour ago
Vacancies: 1 Vacancy

Job Summary

About the Role

The Security Engineer Secure Development is responsible for establishing leading and enforcing security standards for all internally developed software automation and AIenabled solutions prior to customer delivery or internal production use. This role serves as the primary technical lead and designated expert to ensure that applications APIs infrastructureascode and AI models meet security privacy and compliance requirements before release. This is an individual contributor role within the security organization focused on handson execution technical depth and influence through standards tooling and partnership with development teams.

As a Managed Services Provider with proprietary platforms and customerfacing systems XTIUM requires strong governance over secure development practices. This role works closely with engineering platform infrastructure and compliance teams to embed security into the software development lifecycle while maintaining delivery velocity.


What You Will Do

Application & Code Security Governance

  • Own and enforce secure development standards for all internally built applications platforms automation and tooling.
  • Perform and oversee manual and automated code reviews (static dynamic dependency and supplychain analysis).
  • Establish clear release gates requiring security approval before software or AI systems are delivered to customers or promoted internally.
  • Define remediation standards and risk acceptance criteria for security findings.
  • Conduct secure design reviews and application threat modeling during early development phases to identify and mitigate risk before implementation.

AI & Emerging Technology Security

  • Review internally developed AI models agents prompts integrations and data pipelines for security privacy and misuse risk.
  • Ensure AI systems comply with internal governance customer contractual obligations and emerging regulatory expectations.
  • Partner with engineering and data teams to implement secure AI development patterns including data protection access controls and auditability.

DevSecOps Enablement

  • Integrate security tooling into CI/CD pipelines (e.g. SAST DAST dependency scanning container scanning secrets detection).
  • Promote shiftleft security practices and reduce latestage security blockers through developer enablement.
  • Collaborate with DevOps and Platform teams on secure delivery pipelines and runtime controls.

Risk Compliance & IP Protection

  • Protect XTIUMs intellectual property by ensuring secure design code custody and controlled access to source repositories.
  • Support compliance efforts across frameworks such as SOC 2 ISO 27001 and customerspecific security requirements.
  • Produce auditready artifacts including risk assessments code review records and security signoffs.

Leadership & Collaboration

  • Act as the primary application security escalation point for engineering and leadership.
  • Mentor developers and engineers on secure coding practices and threat modeling.
  • Provide executivelevel reporting on application and AI security posture trends and risk exposure.

What Qualifies You

Required Qualifications:

  • 8 years of experience in application security DevSecOps or secure software development.
  • Strong handson experience reviewing code in one or more modern languages (e.g. Python JavaScript/TypeScript C# Java Go).
  • Proven experience securing APIs web applications microservices and cloudnative platforms.
  • Experience integrating security controls into CI/CD pipelines and modern DevOps workflows.
  • Deep understanding of common vulnerabilities and attack patterns (OWASP Top 10 API security risks supply chain threats).
  • Ability to balance security rigor with delivery velocity in a customerfacing MSP environment.

Preferred Qualifications:

  • Experience securing AI/ML systems automation platforms or datadriven applications.
  • Familiarity with cloud platforms (Azure AWS) and containerized environments.
  • Experience in a Managed Services Provider (MSP) or SaaS organization with external customer delivery obligations.
  • Knowledge of regulatory and compliance frameworks impacting software and data security.

Key Competencies

  • Secure Software Architecture
  • Application & API Security
  • AI Security & Governance
  • DevSecOps Tooling & Automation
About the Role The Security Engineer Secure Development is responsible for establishing leading and enforcing security standards for all internally developed software automation and AIenabled solutions prior to customer delivery or internal production use. This role serves ...