Role Overview
We are seeking a Senior Application Security Engineer to help secure our software development lifecycle by leveraging traditional SAST/DAST tools and leveraging AI-enabled tools to identify and remediate code vulnerabilities. This role partners closely with development, DevOps, and security teams to drive secure coding practices and improve application risk posture at scale. Uses AI-driven tools to improve vulnerability detection accuracy, automate code review, and accelerate remediation across the software lifecycle.
Key Responsibilities
Embed application security into the SDLC, CI/CD pipelines, and developer workflows
Perform and oversee SAST, DAST, SCA, and API security testing
Leverage AI-based code scanning tools to enhance vulnerability detection, reduce false positives, and accelerate remediation
Partner with developers to remediate vulnerabilities and improve secure coding practices
Conduct threat modeling and security reviews for applications and APIs
Track and report security metrics (e.g., vulnerability trends, remediation timelines)
AI-Based Code Scanning & Intelligent Security Automation
Implement and manage AI-powered code scanning solutions to analyze source code, APIs, and dependencies for security vulnerabilities across the SDLC
Leverage AI/ML capabilities to identify complex vulnerability patterns, insecure coding practices, and hidden attack paths that traditional tools may miss
Use AI to reduce false positives, improve signal-to-noise ratio, and enable more efficient triage of security findings
Apply AI-assisted insights to perform root cause analysis and provide developers with actionable, context-aware remediation guidance
Integrate AI-enabled security scanning into CI/CD pipelines to provide real-time feedback during development and code commits
Evaluate and optimize AI models and rulesets to improve detection accuracy and alignment with enterprise risk priorities
Partner with engineering teams to embed AI-assisted code review and secure coding recommendations into developer workflows (e.g., pull requests, IDE plugins)
Monitor and measure the effectiveness of AI-based scanning through metrics such as detection rates, false positive reduction, and remediation speed
Stay current on emerging AI security tools, LLM-based code analysis, and automated remediation technologies, and drive adoption where they add value
Required Qualifications
7+ years of experience in application security, DevSecOps, or secure software engineering
Strong knowledge of OWASP Top 10 and secure coding practices
Experience with application security tools (e.g., SAST, DAST, SCA)
Experience integrating security into CI/CD pipelines
Knowledge of Ghazdo and GitHub Advance security
Proficiency in at least one programming language (e.g., Python, Java, JavaScript)
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
- Dice Id: cxbcsi
- Position Id: Job44693
- Posted 13 hours ago
Never miss an opportunity! Create an alert based on the job you applied for.
