(Cybersecurity) AI AppSec / AiSec Engineer

We are looking for an experienced AI Application Security Engineer to join a cybersecurity engineering team focused on improving secure software development practices and advancing AI security capabilities across large-scale engineering environments.

• Strong hands-on experience in Application Security / AppSec engineering
• Experience with secure code review and vulnerability analysis
• Good understanding of OWASP Top 10 and common web application vulnerabilities
• Familiarity with AI/ML security risks and OWASP LLM Top 10
• Experience conducting threat modelling sessions (e.g. STRIDE, PASTA)
• Hands-on experience securing CI/CD pipelines and integrating security tooling into development workflows
• Experience with security tools such as Checkmarx, SonarQube, Aqua, TruffleHog, Nessus, Tenable
• Good understanding of API security, OAuth 2.0, JWT, and REST architectures
• Proficiency in Python scripting and security automation
• Knowledge of security standards and frameworks such as NIST and ISO 27001
• Experience working in Agile and DevSecOps environments
• Strong communication and stakeholder management skills
• Ability to explain technical security concepts to both technical and non-technical audiences

Nice to have:

• Hands-on experience with AI/ML security assessments
• Knowledge of adversarial ML techniques
• Experience with Software Composition Analysis (SCA) tools
• Experience with penetration testing
• Cloud security experience (GCP and/or Azure)
• Security certifications such as CSSLP, CEH, or OSCP
• Experience working in regulated industries (e.g. financial services)

• Perform secure code reviews and provide actionable security recommendations to development teams
• Identify insecure coding patterns, deprecated technologies, and security gaps, while recommending modern secure alternatives
• Support secure-by-design and shift-left security practices across the software development lifecycle
• Conduct threat modelling sessions for applications and AI/ML systems
• Evaluate and test new security tools, concepts, and approaches through PoC/PoV initiatives
• Assess AI/ML and GenAI security risks, including prompt injection, model abuse, training data leakage, AI supply chain risks
• Review security configurations of AI platforms, tools, and integrations
• Assess the security impact and effectiveness of AI-assisted development tools (e.g. code generation solutions)
• Contribute to the development of reusable security standards, policies, and engineering guidance
• Produce technical documentation and security assessment reports
• Collaborate with engineering teams to improve security awareness and best practices
• Mentor team members and contribute to knowledge-sharing initiatives

Only candidates located in Poland are considered.