Job Overview
This role involves designing, implementing, and operating application security controls integrated into CI/CD pipelines to ensure secure software delivery by default.
Responsibilities
- Embed automated AppSec checks across code, dependencies, builds, and deployment workflows aligned with shift‑left principles.
- Define and maintain secure CI/CD reference architectures and patterns for enterprise cloud‑native applications.
- Partner with engineering teams to integrate security seamlessly into developer workflows, minimizing friction and manual intervention.
- Develop reusable pipeline templates, policy controls, and automation to scale AppSec and DevSecOps practices across teams.
- Secure pipeline infrastructure and credentials, protecting against build manipulation, secret leakage, and provenance risks.
- Integrate CI/CD security findings with broader application and cloud security monitoring workflows.
- Investigate and respond to application and pipeline‑related security findings, partnering with Security Operations as required.
- Contribute to cloud security posture by aligning pipeline and application controls with cloud security best practices.
- Embed security controls for AI/ML and GenAI workloads within CI/CD pipelines and developer workflows.
- Define and enforce secure usage patterns for LLMs and AI services, including prompt handling, data protection, and model access controls.
- Implement safeguards against AI‑specific threats, including prompt injection, model poisoning, data leakage, and insecure model outputs.
- Integrate AI security scanning and validation into build pipelines, ensuring safe model usage and dependency integrity.
- Collaborate with engineering teams to establish secure‑by‑design AI application architectures.
- Ensure compliance with enterprise Responsible AI policies (data privacy, bias management, model governance).
- Secure AI‑related secrets, tokens, and API access used in pipelines and applications.
- Monitor and respond to security risks introduced by AI/ML components, including third‑party models and APIs.
- Contribute to AI risk governance, auditability, and traceability across the SDLC.
- Stay current on emerging AI security threats, vulnerabilities, and regulatory expectations.
- Author documentation, standards, and training to drive developer adoption of secure CI/CD and AppSec practices.
- Continuously evaluate emerging application security and software supply chain threats and improve controls accordingly.
Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent experience.
- 3–6 years of experience in DevSecOps, Application Security, or Platform Security roles.
- Strong hands‑on experience securing CI/CD pipelines using GitHub, Jenkins, and Azure DevOps.
- Solid understanding of application security concepts (secure coding, dependency risk, pipeline hardening, secrets management).
- Foundational understanding of AI/ML and Generative AI concepts, including LLMs and model lifecycle.
- Knowledge of AI/ML security risks such as prompt injection, data poisoning, model evasion, and data leakage.
- Experience integrating AI or ML components into applications or pipelines (preferred hands‑on exposure).
- Familiarity with Responsible AI principles and AI governance frameworks.
- Experience implementing shift‑left AppSec controls in modern SDLCs.
- Experience working in cloud environments (Azure, AWS, or GCP).
- Proficiency with scripting or programming languages (Python, Go, Java, etc.).
- Familiarity with containerized build and deployment models.
- Strong understanding of software supply chain security risks.
- Experience with policy‑as‑code and automated security governance.
- Knowledge of Kubernetes, container security, and cloud‑native application architectures.
- Experience integrating AppSec signals into enterprise security platforms.
Salary and Benefits
Base salary range: $125,000 to $165,000 (final base salary based on geographic location, experience, skill set, training, licenses, and certifications).
- Health & Wellness: Health‑care coverage designed for the mind and body.
- Flexible Downtime: Generous time off to keep you energized.
- Continuous Learning: Access a wealth of resources to grow your career and learn new skills.
- Invest in Your Future: Competitive pay, retirement planning, a continuing education program with a company‑matched student‑loan contribution, and financial wellness programs.
- Family Friendly Perks: Benefits for partners and children, including best‑in‑class family benefits.
- Beyond the Basics: Retail discounts and referral incentive awards.
#J-18808-Ljbffr…
