Application Security Engineer

About

Key Responsibilities

AI Security (LLM/GenAI) responsibilities may include:

• Operationalize LLM adversarial testing (e.g., garak-based testing) and integrate into CI/CD as a standard control for AI-enabled applications.
• Define and maintain AI "Golden Test Suites" that AI-enabled applications must pass prior to deployment.
• Perform advanced AI vulnerability validation and triage; distinguish true vulnerabilities from model limitations and false positives within application context.
• Conduct manual adversarial testing (multi-turn prompt injection, jailbreak attempts, indirect injection) when automated tooling is insufficient.
• Develop AI Security playbooks and tiered training/certification to mature ASCs from finding review to adversarial testing capability.
• Map AI security findings to industry frameworks (OWASP Top 10 for LLMs, MITRE ATLAS) and ensure tracking/remediation through existing Jira/AVR workflows.
• Develop ASC playbooks, training, and office hours for threat modeling and secure design.
• Roll out CI/CD-integrated controls and AVR workflows.
• Establish ASC KPIs and dashboards; report progress and compliance coverage.
• Coordinate migration planning with application owners; track risks and dependencies.
• Facilitate escalations and cross-functional alignment with SMEs and governance.
• Promote security awareness and culture by educating teams on secure coding practices, potential threats, and encouraging open dialogue around security.
• Act as the primary liaison between development teams and the security organization to ensure clear communication, timely resolution of security concerns, and alignment with security priorities.
• Lead security enablement activities, including training sessions, workshops, and hands on exercises to enhance team security skills.
• Support secure development practices by performing secure code reviews, participating in threat modeling sessions, and assisting teams with effective use of security testing tools and automated scans.
• Contribute to organizational security standards by providing practical feedback and helping refine procedures to ensure they remain effective and adoptable across teams.