Negotiable
Undetermined
Remote
Remote
Summary: The Application Security AI Engineer role is a 12-month remote contract focused on enhancing application security through AI-enabled tools and methodologies. The position involves triaging security findings, performing vulnerability assessments, and providing remediation guidance. The engineer will also strengthen software supply chain security and improve developer IDE security. Candidates should have extensive experience in application security and familiarity with AI-assisted security tooling.
Key Responsibilities:
- Provide unified application security triage coverage across SCA, SAST, and DAST findings, including validation of critical and high-risk vulnerabilities
- Perform false positive analysis and exploitability assessment to prioritize remediation efforts
- Provide remediation guidance, escalation support, and handle Patch Now Critical events
- Assess and coordinate responses for threat intelligence escalations and monitor newly disclosed vulnerabilities
- Engineer, test, and implement AI-enabled security tooling, including support for evaluation of new AI capabilities and technical proof-of-value execution
- Strengthen software supply chain security through secure open-source dependency selection, SBOM and component visibility support, and detection of malicious packages
- Assess and improve developer IDE security, including securing plugins/extensions and developer workflows
Key Skills:
- 8-10 years of experience in application security
- Expertise in code scanning methodologies including static scanning (SAST), dynamic scanning (DAST), and open source scanning (SCA)
- Strong background in SCA/SAST/DAST triage, vulnerability management, and threat intelligence
- Hands-on experience with AI-assisted security tooling and AI-enabled security tools, including frontier models and coding assistants
- Working knowledge of prompt and tool orchestration, model evaluation, and AI governance
- Proficiency with scripting and automation, APIs, and CI/CD workflows
- Experience with developer tooling, security platform integrations, IDE security, and package managers
- Capability to detect and assess malicious code in open-source dependencies
- Understanding of software supply chain security best practices
Salary (Rate): £80,000 yearly
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Application Security AI Engineer
100% REMOTE
12 MONTHS CONTRACT
Responsibilities & Qualifications
•Provide unified application security triage coverage across SCA, SAST, and DAST findings, including validation of critical and high-risk vulnerabilities
•Perform false positive analysis and exploitability assessment to prioritize remediation efforts
•Provide remediation guidance, escalation support, and handle Patch Now Critical events
•Assess and coordinate responses for threat intelligence escalations and monitor newly disclosed vulnerabilities
•Engineer, test, and implement AI-enabled security tooling, including support for evaluation of new AI capabilities and technical proof-of-value execution
•Strengthen software supply chain security through secure open-source dependency selection, SBOM and component visibility support, and detection of malicious packages
•Assess and improve developer IDE security, including securing plugins/extensions and developer workflows
Requirements
•8-10 years of experience in application security
•Expertise in code scanning methodologies including static scanning (SAST), dynamic scanning (DAST), and open source scanning (SCA)
•Strong background in SCA/SAST/DAST triage, vulnerability management, and threat intelligence
•Hands-on experience with AI-assisted security tooling and AI-enabled security tools, including frontier models and coding assistants
•Working knowledge of prompt and tool orchestration, model evaluation, and AI governance
•Proficiency with scripting and automation, APIs, and CI/CD workflows
•Experience with developer tooling, security platform integrations, IDE security, and package managers
•Capability to detect and assess malicious code in open-source dependencies
•Understanding of software supply chain security best practices