Senior Application Security Engineer

- Scale the Application Security Champions (ASC) Community of Practice (CoP) - Provide tools, standards, and enablement to integrate application security into decentralized teams - Align ASC initiatives with tiered control adoption and quarterly planning - Implement LLM adversarial testing and incorporate it into CI/CD as standard for AI-enabled applications - Define and maintain AI Golden Test Suites that AI applications must complete before deployment - Conduct advanced AI vulnerability validation and triage, differentiating true vulnerabilities from model limitations - Carry out manual adversarial testing when automated solutions are insufficient - Create AI Security playbooks and tiered training/certification to elevate ASCs from review findings to adversarial testing - Map AI security issues to industry frameworks (e.g., OWASP Top 10 for LLMs, MITRE ATLAS) ensuring tracking and remediation via existing workflows - Develop playbooks, training, and dedicated office hours for threat modeling and secure design practices - Roll out CI/CD integrated controls and workflows - Establish KPIs and dashboards for ASC progress and compliance - Manage migration planning with application owners, monitoring risks and dependencies - Facilitate escalations and coordinate with SMEs and governance for cross-functional alignment - Promote security culture and awareness by educating teams on secure coding practices and potential threats - Act as the primary connector between development teams and the security organization, ensuring clear communication - Lead security training initiatives, including workshops and hands-on exercises to enhance team capabilities - Support secure development by performing code reviews, participating in threat modeling, and aiding in the effective use of security testing tools