Senior Application Security Specialist

Role Overview

As an Application Security Specialist, you will play a critical role in ensuring that our software products (including web and mobile applications) are designed, built, and deployed with security as a core principle. You will bridge the gap between Security and Development, acting as a subject matter expert who empowers engineering teams to deliver high-quality, secure, and robust code.

In this role, you will specifically focus on the intersection of Application Security and Artificial Intelligence. Your mission is to integrate security into the entire Software Development Life Cycle (SDLC) while addressing the unique challenges of AI-driven applications. Additionally, you will be responsible for conducting and coordinating penetration testing activities and performing high-level monitoring of application resilience.

Key Responsibilities

• Secure SDLC & AI Integration: Design, implement, and maintain security gates within CI/CD pipelines. Explore and deploy AI-powered security tools to enhance vulnerability detection and automate triage.

• Penetration Testing & Assessments: Conduct regular internal penetration tests on web, mobile, and AI-based applications. Also, coordinate with external security firms for third-party audits and manage the end-to-end remediation process.

• Securing AI/ML Solutions: Conduct security reviews and threat modeling specifically for AI-driven features, addressing risks such as Prompt Injection, Training Data Poisoning, and Insecure Output Handling.

• Threat Modeling: Lead threat modeling sessions with architects and developers to identify potential attack vectors in traditional applications and LLM-based architectures.

• Vulnerability Management: Perform regular security assessments, triage findings from automated tools and pentests, and coordinate with engineering teams to prioritize remediation.

• AI Security Governance: Establish guidelines and best practices for the secure use of AI coding assistants and third-party AI APIs within the organization.

• Security Code Reviews: Conduct manual and automated deep-dive code reviews, ensuring that code (including AI-generated segments) meets our security standards.

• Consultancy & Training: Act as a security consultant for product teams, providing guidance on OWASP Top 10, OWASP Top 10 for LLM, and secure coding standards.

• Application Resilience Support: Periodically monitor high-level availability and performance dashboards to maintain oversight of system stability and support long-term capacity planning.