Job Description

What You’ll Actually Be Doing

Setting Direction, Not Just Following It

• Provide strategic and tactical technical guidance that shapes how we approach security across the organization — with real input into leadership decisions

• Research emerging threats, new attack techniques, and novel mitigation approaches, then translate that research into actionable guidance before those threats hit our doorstep

• Own escalations that require deep expertise — you’re the person the team calls when things get interesting

Secure SDLC & AppSec Program

• Design and evolve our secure software development lifecycle — threat modeling, security design reviews, developer enablement, and the toolchain that ties it all together

• Integrate modern security tooling (SAST, DAST, SCA, secrets detection) into CI/CD pipelines in ways engineers actually embrace rather than route around

• Build and run security champions programs that make developers your allies, not your adversaries

• Track what’s working with real metrics and communicate risk clearly to technical and non-technical audiences alike

AI / LLM Security

• Lead security reviews and threat modeling for AI-powered features — LLMs, RAG pipelines, vector databases, agentic workflows, the works

• Get hands-on with the OWASP, NIST, and the latest research on prompt injection, model supply chain risks, inference-based data leakage, and insecure tool use

• Evaluate AI tools and APIs being introduced into the SDLC — not just for security risk, but for how they change the attack surface entirely

• Define internal standards for building AI-integrated applications responsibly, so our teams can move fast without leaving the door wide open

• Use AI-powered security tooling yourself — we expect you to be fluent in the tools reshaping how AppSec work gets done, not skeptical of them

Creative Problem Solving at Scale

• Design innovative solutions that protect the confidentiality, integrity, and availability of our systems and data — efficiently, not bureaucratically

• Stay curious about new technologies: evaluate them, understand the security implications, and give leadership the insight they need to make smart bets

• Collaborate across engineering, GRC, legal, and privacy to ensure our controls hold up in a regulated environment (HIPAA, FedRAMP) without slowing everything to a crawl

At the Principal Level, additionally:

• Shape multi-year technical strategy for the AppSec program and influence engineering organization-wide

• Serve as a go-to authority on AI/LLM security for senior engineering and product leadership

• Mentor the next generation of security engineers and raise the bar across the team

What We’re Looking For

Must-Haves

• 7+ years in application security, security-focused software engineering, or a closely related discipline

• Real experience with threat modeling (STRIDE, PASTA, or your preferred framework) applied to complex, distributed systems

• Strong command of web application and API security vulnerabilities and how to actually fix them — not just how to find them

• Hands-on experience embedding SAST, DAST, SCA, and secrets scanning into developer workflows

• Enough coding ability (Python, Java, Go, TypeScript, etc.) to meaningfully review code for security issues and build lightweight automation

• Experience working in or alongside a regulated industry with real compliance requirements

• The ability to write a clear, compelling security finding — and explain it to a VP without losing them

• Strong collaboration ethos. The security team is an enabler of the business, not a hindrance.

Strong Differentiators

• Practical experience securing AI/ML systems or LLM-integrated applications — this is increasingly central to the role

• Familiarity with agentic AI security risks: tool misuse, prompt injection chains, privilege escalation via agents

• Experience building developer security education or security champions programs that actually stick

• Cloud security depth (AWS, Azure, or GCP) — IAM, workload security, IaC hardening

• Container and Kubernetes security experience

Great to Have

• Offensive security background that informs how you think defensively

• Relevant certifications: OSCP, CSSLP, GWEB, GPEN, cloud security specialty, or equivalent

• Prior experience in legal research or AI workflow

U.S. National Base Pay Range: $104,900 - $174,700. Geographic differentials may apply in some locations to better reflect local market rates.
This job is eligible for an annual incentive bonus.

We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.

We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1-855-833-5120.

Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here

Please read our Candidate Privacy Policy

We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.

USA Job Seekers:

EEO Know Your Rights