About the RoleWe are seeking a skilled and innovative Application Security Engineer to join our technology-driven company. In this role, you will be responsible for ensuring the security and integrity of our cloud-native applications and systems throughout the software development lifecycle, with a particular focus on code security, CI/CD pipelines, and emerging AI technologies.FocusConduct in-depth code reviews and static analysis to identify and mitigate security vulnerabilities in our applicationsDesign and implement secure coding guidelines and best practices for development teamsCollaborate closely with development teams to integrate security practices throughout the CI/CD pipelinePerform threat modeling and risk assessments for applications, developing mitigation strategies for potential risksManage vulnerability tracking and remediation efforts, providing guidance to development teamsSupport incident response activities related to application securityStay current on emerging security threats and trends in cloud-native technologies and AI, continuously enhancing our security measuresEvaluate and secure software supply chains, including producing and maintaining Software Bills of Materials (SBOMs)Address security concerns specific to AI and machine learning models, with a focus on the OWASP LLM Top 10Ideal ExperienceBachelor's degree in Computer Science, Cybersecurity, or a related field3-5 years of experience in application security, with a strong focus on code security practicesDeep understanding of secure coding practices, application security frameworks, and common vulnerabilities (e.g., OWASP Top 10)Proficiency in Python or Rust programming languages and experience with secure coding practices in these languagesExperience securing CI/CD pipelines and implementing DevSecOps practicesFamiliarity with software supply chain security and SBOM generation toolsExperience with security testing tools (e.g., Burp Suite, OWASP ZAP) and static/dynamic code analysisUnderstanding of AI/ML security implications, particularly those outlined in the OWASP LLM Top 10Excellent communication skills, able to explain complex security issues to both technical and non-technical audiencesPreferred QualificationsExperience with cloud platforms (e.g., GCP, AWS, Azure) and their security featuresRelevant security certifications (e.g., CSSLP, OSWE)Background in data privacy and compliance regulations relevant to cloud-native applications and AI systemsExperience with GitOps and infrastructure-as-code securityFamiliarity with federated learning and privacy-preserving machine learning techniquesBonus SkillsExperience in building custom security tooling to enhance and automate security processesInterest in leveraging AI to automate security tasks and improve efficiencyContributions to open-source security projects or toolsExperience in securing AI/ML models and data pipelinesAnnual Salary Range$180,000 - $440,000 USDCalifornia Consumer Privacy Act (CCPA) Notice #J-18808-Ljbffr