Must haves: 3 plus years Code scanning experience, 3 plus years open source scanning, and 3 plus years dynamic and static scanning
The Application Security AI Engineer will augment the Application Security team by providing unified triage coverage across SCA/SAST/DAST findings, threat intelligence escalations, and PatchNow Critical events. In addition to triage and code scan vulnerability management, the engineer will provide hands-on engineering support to test, evaluate, and help implement AI-assisted security tooling (including frontier-model-based capabilities) and strengthen software supply chain security, including safeguarding developer IDEs, plugins/extensions, and developer workflows from malicious code and compromise.
Job Duties
• Provide unified application security triage coverage across SCA, SAST, and DAST findings, including validation of critical and high-risk vulnerabilities, false positive analysis, exploitability assessment, remediation guidance, and escalation support for findings that may impact production, internet-facing, or business-critical applications.
• Rapidly assess and coordinate responses for threat intelligence escalations and PatchNow Critical events, including scope analysis, owner routing, mitigation guidance, tracking, and closure verification.
• Monitor and analyze newly disclosed and novel vulnerabilities, including faster-moving disclosures influenced by frontier-model-enabled research, and produce actionable briefs that drive remediation plans.
• Engineer, test, and implement application security tooling that leverages frontier models or AI-enabled capabilities for vulnerability identification, code reasoning, triage acceleration, remediation recommendations, and analyst workflow automation while preserving human review, auditability, and secure use controls.
• Support company processes for evaluating and onboarding new AI capabilities, including technical proof-of-value execution, security testing, control validation, data handling review, model output evaluation, success metrics, and documentation needed for internal governance and approval pathways.
• Strengthen software supply chain security by helping secure open-source dependency selection, package intake, SBOM and component visibility, malicious package detection, dependency health assessment, and policy enforcement across developer, pipeline, and artifact management workflows.
• Assess and improve developer IDE security, plugins/extensions, and developer workflows, including package managers, code-assist tools, and CI integrations, against malicious code, compromised extensions, and unsafe configurations.
Qualifications
· Strong experience triaging SCA/SAST/DAST findings and managing high-severity escalations (threat intel and critical patch events) through remediation and closure.
· Engineering experience with scripting, automation, APIs, CI/CD workflows, developer tooling, or security platform integrations.
· Practical familiarity with AI-enabled security tools, frontier models, coding assistants, prompt and tool orchestration, model evaluation, or AI governance processes.
· Experience securing the software supply chain and developer tooling (IDEs, plugins/extensions, package managers, CI/CD integrations) against compromise and malicious code.
· Ability to translate technical vulnerability findings into clear remediation guidance, risk summaries, and prioritization recommendations for development and security stakeholders.