AI Application Security Engineer /Threat Modeling AI Security
Collabera
Chandler, United States of America
23 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
Intermediate Compensation
$ 198KJob location
Remote
Chandler, United States of America
Tech stack
Kubernetes Security
Java
JavaScript
.NET
Artificial Intelligence
Amazon Web Services (AWS)
Applications Architecture
Azure
Cloud Computing
Distributed Systems
Information Systems Security Architecture Professional
Python
Key Management
Node.js
Open Web Application Security
Zero Trust Network Access
Secure Coding
Session Management
Software Engineering
Data Streaming
TypeScript
Policy as Code
Cloud Platform System
Spring Cloud
Large Language Models
Software Security
GWAPT
Static Application Security Testing
Vulnerability Analysis
Go
Dynamic Application Security Testing
Job description
- We are seeking an experienced Application Security Engineer with strong expertise in Threat Modeling, Secure Architecture Reviews, and AI/LLM Security. This role will focus on conducting and automating application threat modeling processes, partnering with engineering teams to identify security risks early in the software development lifecycle, and implementing scalable security solutions for modern cloud-native and AI-enabled applications., * Conduct application threat modeling and architecture risk assessments.
- Analyze application designs, data flows, and trust boundaries to identify security risks.
- Develop and implement automated threat modeling capabilities and scalable security solutions.
- Partner with engineering teams to embed security throughout the software development lifecycle.
- Provide guidance on secure design, secure coding practices, and remediation strategies.
- Evaluate and secure AI/LLM-based applications and services.
- Support the implementation of application security controls across cloud-native environments.
- Collaborate with stakeholders to establish security standards, patterns, and reference architectures.
- Drive security improvements through automation, tooling, and developer enablement initiatives.
Requirements
- The ideal candidate will have a strong software engineering foundation, hands-on application security experience, and the ability to decompose complex application architectures to identify threats, security gaps, and remediation strategies., * 7+ years of Application Security Engineering experience.
- 2+ years of hands-on Threat Modeling experience.
- Experience conducting application architecture reviews and decomposing complex systems into components, trust boundaries, and data flows.
- Experience developing and implementing automated threat modeling solutions.
- Experience building and securing AI/LLM-based applications in enterprise production environments.
- Strong understanding of secure application design and architecture principles.
- Experience identifying and mitigating common application security vulnerabilities, including OWASP Top 10 risks.
- Experience working with cloud-native applications and distributed systems.
- Strong verbal and written communication skills with the ability to influence technical and non-technical stakeholders., * Expertise in secure coding practices and code-level vulnerability analysis.
- Experience with threat modeling methodologies such as STRIDE, PASTA, or attack trees.
- Strong understanding of authentication, authorization, session management, API security, and secrets management.
- Experience securing applications developed in Java, .NET, Python, JavaScript/TypeScript, Node.js, Go, or similar technologies.
- Experience integrating security controls into CI/CD pipelines and developer workflows.
- Hands-on experience with SAST, SCA, DAST, IaC scanning, container security, API security testing, software supply chain security, and runtime protection technologies.
- Experience securing AI-enabled applications and advising development teams on AI/LLM security best practices.
- Experience designing security controls for AWS, Azure or any Cloud environments.
- Knowledge of software supply chain security, SBOMs, dependency risk management, artifact integrity, and package governance.
- Familiarity with Zero Trust architectures, policy-as-code, and secure platform engineering practices.
- Previous experience serving as a Security Champion, Application Security Lead, or embedded security engineer within development teams.
- Relevant certifications such as CSSLP, CISSP, CCSP, GIAC GWEB, or GIAC GWAPT.
Benefits & conditions
The Company offers the following benefits for this position, subject to applicable eligibility requirements: medical insurance, dental insurance, vision insurance, 401(k) retirement plan, life insurance, long-term disability insurance, short-term disability insurance, paid parking/public transportation, paid time off, paid sick and safe time, hours of paid vacation time, weeks of paid parental leave, and paid holidays annually as applicable.