Senior Application Security Engineer

Computer Aid, Inc. -
India

Apply Now

Job details

Full-time
2 days ago

Qualifications

CI/CD
Azure
Node.js
Law
Kubernetes
Git
Information security
Master's degree
RBAC
Docker
NIST standards
Continuous integration
GitHub
APIs
AI

Full job description

Senior Application Security Engineer

Req number:

R7815

Employment type:

Full time

Worksite flexibility:

Remote

Who we are

CAI is a global services firm with over 9,000 associates worldwide and a yearly revenue of $1.3 billion+. We have over 40 years of excellence in uniting talent and technology to power the possible for our clients, colleagues, and communities. As a privately held company, we have the freedom and focus to do what is right—whatever it takes. Our tailor-made solutions create lasting results across the public and commercial sectors, and we are trailblazers in bringing neurodiversity to the enterprise.

Job Summary

We are looking for a motivated Senior Application Security Engineer ready to take us to the next level! If you have security architecture reviews, and code security assessments across microservices and cloud-native applications and are looking for your next career move, apply now.

Job Description

We are looking for a Senior Application Security Engineer to security architecture reviews, and code security assessments across microservices and cloud-native applications. This position will be full time and Remote/Hybrid(Bangalore)

What You’ll Do

Application Security Engineer with 5 to 8 years of experience.

Lead threat modeling, security architecture reviews, and code security assessments across microservices and cloud-native applications

Perform SAST, DAST, SCA, and manual penetration testing on applications

Identify, prioritize, and track remediation of vulnerabilities across the application portfolio

Define and enforce secure coding standards and security best practices

AI / LLM Security (AI Transformation Center Focus)

Threat model AI systems — identify and mitigate risks unique to LLM-powered applications: prompt injection, jailbreaking, model inversion, data poisoning, and training data leakage

Conduct adversarial testing (red-teaming) of LLM and generative AI applications before production release

Define and implement guardrails and content safety controls for LLM inputs/outputs (e.g., PII detection, toxicity filtering, output validation.

Evaluate and secure AI supply chain — third-party model APIs (OpenAI, Anthropic, Azure OpenAI), open-source model weights (Hugging Face), and fine-tuned models

Establish policies around RAG (Retrieval-Augmented Generation) security — securing vector databases, embedding pipelines, and document ingestion workflows

Implement controls against indirect prompt injection in agentic AI systems and multi-step LLM pipelines

Assess AI agent security — tool call authorization, agent sandboxing, privilege boundaries, and action scope controls

Ensure compliance with AI governance frameworks: ISO/IEC 42001, and internal AI usage policies

Collaborate with Data Science and ML Engineering teams to secure model training pipelines, dataset storage, and model registries

Drive AI incident response playbooks specific to model abuse, hallucination exploitation, and data exfiltration via LLM interfaces

What You'll Need

Required:

DevSecOps & CI/CD Security

Design and maintain DevSecOps pipelines integrating security gates into GitHub Actions workflows

Automate SAST, container scanning, secrets detection, SCA, and AI model scanning within CI/CD pipelines

Implement and manage Argo CD security policies, RBAC configurations, and deployment guardrails for GitOps workflows

Enforce branch protection, signed commits, and secrets management in GitHub

Integrate ML model integrity checks and artifact signing into AI deployment pipelines

Container & Orchestration Security

Harden Docker images — least-privilege, minimal base images, multi-stage builds, and image signing

Secure Kubernetes clusters: RBAC, Pod Security Admission, Network Policies, OPA/Gatekeeper, and runtime security

Isolate and sandbox AI inference workloads in Kubernetes — GPU node security, model server hardening (Triton, TorchServe, vLLM)

Integrate container vulnerability scanning (Trivy, Grype, Snyk) into pipelines

Security Operations & Governance

Define security benchmarks aligned to ISO42001, NIST, OWASP (including OWASP LLM Top 10), and internal standards

Collaborate with AI Engineering TEAM, Security and Risk Management Team, GRC Team, Infosec Team to shift security left

Physical Demands

Ability to safely and successfully perform the essential job functions

Sedentary work that involves sitting or remaining stationary most of the time with occasional need to move around the office to attend meetings, etc.

Ability to conduct repetitive tasks on a computer, utilizing a mouse, keyboard, and monitor

Reasonable accommodation statement

If you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employment selection process, please direct your inquiries to [email protected] or (888) 824 – 8111.

Apply Now

Who we are

Jobseeker tools

Employer Tools

Browse

Stay Connected