Senior Lead Application Security Engineer

Responsibilities

• Embed application security into the Cloud Platform and across all CI/CD pipelines, making secure-by-default the path of least resistance for every R&D team.
• Design, build, and operate AI-driven security agents that proactively scan, triage, and remediate vulnerabilities across source code, dependencies, containers, and infrastructure-as-code, turning point-in-time reviews into continuous, autonomous coverage.
• Establish secure software development lifecycle (SSDLC) practices, threat modeling, and secure-coding standards, and integrate automated enforcement (SAST, SCA, DAST, secrets scanning, IaC scanning) as native pipeline gates rather than bolt-on checks.
• Lead the security of our own agentic systems: defend against prompt injection, tool/MCP abuse, data exfiltration, excessive agency, and supply-chain risk in line with frameworks such as the OWASP Top 10 for LLM Applications and MITRE ATLAS.
• Drive proactive vulnerability management: remediate HIGH and CRITICAL CVEs across platform infrastructure and container images in line with contractual and compliance commitments, and automate the toil out of it.
• Partner with engineering teams to harden Azure Kubernetes Service (AKS) workloads, identity and access (Keycloak, Azure AD, Managed Identities, workload identity), network segmentation, and secrets management.
• Contribute security evidence and controls to compliance programs (SOC 2, ISO 27001, Cyber Insurance), and automate evidence collection and continuous control monitoring with agentic tooling.
• Define and maintain security runbooks, detection logic, and incident response procedures, and build the agents that execute and accelerate them.
• Act as the security skill set within the platform team raising the bar through code review, pairing, and sharing pragmatic, developer-friendly guidance.
• Contribute to improving the Agentic Operating Model through development of security-focused agent skills, prompts, and tooling that other teams can reuse.
• Technical Focus Areas
• Application security fundamentals: secure SDLC, threat modeling, OWASP Top 10, secure code review, and remediation across multiple languages and stacks.
• Agentic and AI security: securing LLM- and agent-based systems (prompt injection, tool/MCP security, sandboxing, guardrails), plus building autonomous agents that perform security work. OWASP Top 10 for LLMs and MITRE ATLAS a strong asset.
• DevSecOps and pipeline security with Azure DevOps: SAST, SCA, DAST, secrets and IaC scanning, SBOM generation, container signing and attestation, and pipeline access controls.
• Security scanning and tooling: Mend (SCA/SAST), Azure Defender for Cloud, and MDR/SOC platforms.
• Cloud-native security on Azure Kubernetes Service (AKS): RBAC, network policies, admission controllers (e.g. Kyverno), workload identity, and cluster hardening.
• Identity and access management: Keycloak, Azure Active Directory, Managed Identities, and secrets management (e.g. CSI secrets driver, Key Vault).
• Infrastructure-as-code: Bicep or Terraform for security configuration, policy-as-code, and drift management.
• Compliance frameworks and automated evidence collection: SOC 2, ISO 27001, and Cyber Insurance requirements.
• Scripting and automation (e.g. Python, PowerShell, or C#) to build security tooling and orchestrate agents.
• Area of specialization: Application Security & DevSecOps - Agentic Defense
• About you
• You think proactively: you anticipate how systems will be attacked and build defenses ahead of the threat, rather than wa

Additional Information

We are looking for an Application Security Engineer to join the Agentic Platform pillar, working within the Cloud Platform team. This team owns the secure, governed foundation that enables all of Copperleaf's R&D teams to build and ship faster. In this role you will embed security directly into the platform and across every CI/CD pipeline, shifting our posture from reactive to proactive. You will bring traditional application security depth into our DevSecOps culture and, critically, use AI agents to continuously and autonomously improve our security posture. Our operating premise is simple: agentic attacks require agentic defense. You will build the agents, skills, and guardrails that detect, triage, and remediate security risk at machine speed, staying ahead of threats rather than responding to them after the fact. This is a hands-on, implementation-first role: you will personally build, ship, and operate the security changes you design, working directly in the code and the pipelines rather than advising from the sidelines.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Ifs1? Share your experience