Setting Direction, Not Just Following It
Provide strategic and tactical technical guidance that shapes how we approach security across the organization — with real input into leadership decisions
Research emerging threats, new attack techniques, and novel mitigation approaches, then translate that research into actionable guidance before those threats hit our doorstep
Own escalations that require deep expertise — you’re the person the team calls when things get interesting
Secure SDLC & AppSec Program
Design and evolve our secure software development lifecycle — threat modeling, security design reviews, developer enablement, and the toolchain that ties it all together
Integrate modern security tooling (SAST, DAST, SCA, secrets detection) into CI/CD pipelines in ways engineers actually embrace rather than route around
Build and run security champions programs that make developers your allies, not your adversaries
Track what’s working with real metrics and communicate risk clearly to technical and non-technical audiences alike
AI / LLM Security
Lead security reviews and threat modeling for AI-powered features — LLMs, RAG pipelines, vector databases, agentic workflows, the works
Get hands-on with the OWASP, NIST, and the latest research on prompt injection, model supply chain risks, inference-based data leakage, and insecure tool use
Evaluate AI tools and APIs being introduced into the SDLC — not just for security risk, but for how they change the attack surface entirely
Define internal standards for building AI-integrated applications responsibly, so our teams can move fast without leaving the door wide open
Use AI-powered security tooling yourself — we expect you to be fluent in the tools reshaping how AppSec work gets done, not skeptical of them
Creative Problem Solving at Scale
Design innovative solutions that protect the confidentiality, integrity, and availability of our systems and data — efficiently, not bureaucratically
Stay curious about new technologies: evaluate them, understand the security implications, and give leadership the insight they need to make smart bets
Collaborate across engineering, GRC, legal, and privacy to ensure our controls hold up in a regulated environment (HIPAA, FedRAMP) without slowing everything to a crawl
At the Principal Level, additionally:
Shape multi-year technical strategy for the AppSec program and influence engineering organization-wide
Serve as a go-to authority on AI/LLM security for senior engineering and product leadership
Mentor the next generation of security engineers and raise the bar across the team
Must-Haves
7+ years in application security, security-focused software engineering, or a closely related discipline
Real experience with threat modeling (STRIDE, PASTA, or your preferred framework) applied to complex, distributed systems
Strong command of web application and API security vulnerabilities and how to actually fix them — not just how to find them
Hands-on experience embedding SAST, DAST, SCA, and secrets scanning into developer workflows
Enough coding ability (Python, Java, Go, TypeScript, etc.) to meaningfully review code for security issues and build lightweight automation
Experience working in or alongside a regulated industry with real compliance requirements
The ability to write a clear, compelling security finding — and explain it to a VP without losing them
Strong collaboration ethos. The security team is an enabler of the business, not a hindrance.
Strong Differentiators
Practical experience securing AI/ML systems or LLM-integrated applications — this is increasingly central to the role
Familiarity with agentic AI security risks: tool misuse, prompt injection chains, privilege escalation via agents
Experience building developer security education or security champions programs that actually stick
Cloud security depth (AWS, Azure, or GCP) — IAM, workload security, IaC hardening
Container and Kubernetes security experience
Great to Have
Offensive security background that informs how you think defensively
Relevant certifications: OSCP, CSSLP, GWEB, GPEN, cloud security specialty, or equivalent
Prior experience in legal research or AI workflow
We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1-855-833-5120.
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here.
Please read our Candidate Privacy Policy.
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers: