(Cybersecurity) AI AppSec / AiSec Engineer

We are looking for an experienced AI Application Security Engineer to join a cybersecurity engineering team focused on improving secure software development practices and advancing AI security capabilities across large-scale engineering environments. In this role, you will work closely with development teams to strengthen application security, support secure-by-design initiatives, and help shape security standards for AI-powered solutions and GenAI adoption. The position combines hands-on application security engineering with emerging AI/ML security practices. You will contribute to security assessments, secure code reviews, AI security evaluations, and the development of scalable security patterns, while collaborating with engineering teams in Agile and DevSecOps environments.

• Strong hands-on experience in Application Security / AppSec engineering
• Experience with secure code review and vulnerability analysis
• Good understanding of OWASP Top 10 and common web application vulnerabilities
• Familiarity with AI/ML security risks and OWASP LLM Top 10
• Experience conducting threat modelling sessions (e.g. STRIDE, PASTA)
• Hands-on experience securing CI/CD pipelines and integrating security tooling into development workflows
• Experience with security tools such as Checkmarx, SonarQube, Aqua, TruffleHog, Nessus, Tenable
• Good understanding of API security, OAuth 2.0, JWT, and REST architectures
• Proficiency in Python scripting and security automation
• Knowledge of security standards and frameworks such as NIST and ISO 27001
• Experience working in Agile and DevSecOps environments
• Strong communication and stakeholder management skills
• Ability to explain technical security concepts to both technical and non-technical audiences

Nice to have:

• Hands-on experience with AI/ML security assessments
• Knowledge of adversarial ML techniques
• Experience with Software Composition Analysis (SCA) tools
• Experience with penetration testing
• Cloud security experience (GCP and/or Azure)
• Security certifications such as CSSLP, CEH, or OSCP
• Experience working in regulated industries (e.g. financial services)

• Perform secure code reviews and provide actionable security recommendations to development teams
• Identify insecure coding patterns, deprecated technologies, and security gaps, while recommending modern secure alternatives
• Support secure-by-design and shift-left security practices across the software development lifecycle
• Conduct threat modelling sessions for applications and AI/ML systems
• Evaluate and test new security tools, concepts, and approaches through PoC/PoV initiatives
• Assess AI/ML and GenAI security risks, including prompt injection, model abuse, training data leakage, AI supply chain risks
• Review security configurations of AI platforms, tools, and integrations
• Assess the security impact and effectiveness of AI-assisted development tools (e.g. code generation solutions)
• Contribute to the development of reusable security standards, policies, and engineering guidance
• Produce technical documentation and security assessment reports
• Collaborate with engineering teams to improve security awareness and best practices
• Mentor team members and contribute to knowledge-sharing initiatives

Hybrid work model - 6 days per month from the office in Kraków (preferred) or Warsaw