Overview
Salary: $90-92 Hourly $92 / hourly as W2
Application Security Engineer, AI & Automation
Remote $92 / hourly as W2 About the Role About the Role Are you an Application Security engineer who loves to build and automate? Our established Financial client is looking for a Senior AppSec Engineer to help us redefine how we defend our software ecosystem. In this role, you won't just juggle SCA, SAST, and DAST alerts-you will engineer the AI-driven automation that triages them. You will sit at the intersection of traditional AppSec, Software Supply Chain Security, and Frontier AI, helping us evaluate, implement, and secure AI-assisted developer tooling. If you want to move past manual spreadsheet tracking and instead build cutting-edge, LLM-powered security workflows, we want to talk to you.
What You'll Do (Responsibilities)
- AI & Automation Engineering: Test, implement, and optimize application security tooling that leverages frontier LLMs for vulnerability identification, code reasoning, triage acceleration, and automated remediation.
- Modern Triage & Incident Response: Provide unified triage coverage across SCA, SAST, and DAST findings. Lead the rapid assessment and routing of threat intelligence escalations and critical patch events (PatchNow).
- Software Supply Chain Defense: Strengthen open-source dependency selection, package intake, and SBOM visibility. Build guardrails to detect malicious packages and enforce security policies across developer pipelines.
- Secure Developer Workflows: Assess and secure developer environments, including IDEs, plugins/extensions, package managers, and AI coding assistants against malicious code and unsafe configurations.
- AI Governance Support: Help execute technical proofs-of-value, data handling reviews, and model output evaluations required to safely onboard new AI capabilities across the enterprise.
What You Bring (Qualifications)
- Experience: 3+ years of hands-on experience in Application Security, with deep familiarity across the vulnerability lifecycle (SCA, SAST, DAST, and manual verification).
- Automation Mindset: Strong engineering fundamentals with scripting languages (e.g., Python, Go), APIs, CI/CD pipelines (e.g., GitHub Actions, GitLab CI), and developer tool integrations.
- AI Curiosity: Practical familiarity or hands-on experimentation with frontier models (LLMs), AI coding assistants (e.g., Copilot), prompt engineering, or AI orchestration frameworks.
- Supply Chain Knowledge: Experience securing software supply chains, package managers, and third-party dependencies against modern attack vectors.
- Communication: Ability to translate complex cryptographic or technical vulnerabilities into clear, actionable remediation guidance for software engineering teams.
Bonus Points For:
- Contributions to open-source security tools or AI/LLM security projects (e.g., OWASP Top 10 for LLMs).
- Experience building custom integrations or LLM agents to automate security analyst workflows.
|