Application security Engineer

Bright Sol
Tysons, United States of America
yesterday

Role details

Contract type
Temporary contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Tysons, United States of America

Tech stack

API
Artificial Intelligence
Software System Penetration Testing
Cloud Computing
Information Leak Prevention
DevOps
Open Web Application Security
Systems Development Life Cycle
Secure Coding
Web Applications
Large Language Models
Software Security
Generative AI
Devsecops
Static Application Security Testing
Dynamic Application Security Testing

Job description

Design and implement application security controls across the SDLC. Perform security assessments for web, mobile, APIs, and AI/GenAI applications. Conduct penetration testing to identify and remediate application vulnerabilities. Perform secure code reviews and recommend remediation strategies. Utilize SAST and DAST tools to identify security flaws in applications. Evaluate AI/LLM applications for prompt injection, data leakage, insecure output handling, model abuse, and other AI-specific threats. Collaborate with development teams to integrate secure coding practices and DevSecOps principles. Conduct threat modeling and risk assessments for new applications and services. Validate vulnerability fixes through security testing and re-assessments. Develop and maintain application security standards, policies, and best practices. Work closely with development, infrastructure, cloud, and DevOps teams to improve the organization''s security posture. Support security incident investigations involving application vulnerabilities. Stay current with emerging cybersecurity threats, AI security trends, and industry best practices.

Requirements

5+ years of experience in Application Security (AppSec). Hands-on experience securing AI/Generative AI (GenAI) applications. Strong experience performing Penetration Testing of web applications, APIs, and cloud-hosted services. Deep understanding of OWASP Top 10, OWASP ASVS, and secure coding standards. Experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Experience performing threat modeling and secure design reviews.

Apply for this position