Senior Staff Engineer (AI Developer - AppSec)
On-site Ā· Mumbai, Maharashtra, India
Job Summary
Design, develop, and maintain AI-powered application security solutions that integrate into the SDLC; build intelligent SAST automation with LLMs to contextualize findings and guide remediation; develop AI-powered code review assistants to identify OWASP Top 10 and CWE vulnerabilities during PRs; create ML models for Software Composition Analysis, detect vulnerable dependencies, and manage license risks; orchestrate AI-driven DAST to automate attack surface discovery and testing; construct RAG pipelines using internal knowledge bases and standards to provide contextual guidance; develop agentic AI workflows covering the full vulnerability lifecycle from detection to remediation validation; craft prompt engineering strategies to optimize LLMs for secure code analysis and developer coaching; integrate AI security capabilities into CI/CD pipelines (Jenkins, GitHub Actions, Azure DevOps) with real-time feedback; build developer-focused security tooling (IDE extensions, REST APIs, microservices using FastAPI/Flask); aggregate findings from SAST/DAST/SCA/IAST/secrets tools into a unified risk dashboard; implement intelligent secrets detection for exposed credentials; write tests and participate in peer reviews to ensure secure, maintainable code; monitor AI model performance and maintain automated retraining using MLOps practices; manage CI/CD pipelines for AI model deployment and monitoring on platforms like Azure ML/MLflow; prepare architecture docs, API specs, and security runbooks; collaborate with E2E teams to improve security automation and developer experience.
Required Qualifications
- 7.5+ years of experience
- Experience as Application Security Engineer/Developer or Software Engineer with strong Application Security specialization
- Strong expertise in secure SDLC, secure coding practices, vulnerability assessment, and secure code review methodologies
- Deep knowledge of OWASP Top 10, CWE Top 25 and common vulnerabilities
- Hands-on experience with SAST, DAST, SCA, IAST, and secrets scanning
- Strong programming in Python with AI libraries such as Scikit-learn, PyTorch, TensorFlow, Pandas, NumPy
- Experience building AI-powered security automation using LLMs (Azure OpenAI, OpenAI APIs) and prompt engineering, RAG
- Experience with AI-driven security tooling including vulnerability detection, remediation guidance
- CI/CD integration with Jenkins, GitHub Actions, Azure DevOps
- Experience developing REST APIs and microservices using FastAPI or Flask
- Knowledge of Docker and modern Git-based workflows
- Experience with cloud platforms (Azure, AWS, GCP) for deploying AI-powered security services
- Understanding of vulnerability management, risk prioritization, remediation workflows, and security automation
- Familiarity with software composition analysis, dependency management, API security testing, and secrets management
- Experience with MLOps platforms (Azure ML, MLflow)
- Knowledge of LangChain, Semantic Kernel, AutoGen, or similar AI orchestration frameworks
- Familiarity with OWASP SAMM/BSIMM and secure architecture
- Experience with API security testing tools and Postman/REST-assured/OWASP API Security Top 10
- Exposure to mobile app security testing is a plus
- Strong analytical, troubleshooting, and problem-solving skills; ability to develop scalable AI-powered security solutions
- Excellent communication and collaboration; experience in Agile/DevSecOps environments
- Bachelorās or masterās degree in CS/IT/Engineering or related field
- Certifications such as CSSLP, CEH, GWEB, CompTIA Security+, Microsoft Azure AI Engineer Associate, or SC-100 desirable
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf ā no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.