Senior Staff Engineer (AI Developer - AppSec)

Responsibilities

• Design, develop, and maintain AI-powered application security solutions that integrate seamlessly into the software development lifecycle (SDLC).
• Build intelligent SAST automation that contextualizes findings, reduces false positives, identifies root causes, and generates developer-friendly remediation guidance using Large Language Models (LLMs).
• Develop AI-powered secure code review assistants capable of identifying OWASP Top 10 and CWE Top 25 vulnerabilities during pull requests and code reviews.
• Design and implement machine learning models for Software Composition Analysis (SCA), detecting vulnerable dependencies, outdated libraries, malicious packages, and license compliance risks.
• Develop AI-driven DAST orchestration capabilities to automate attack surface discovery, payload generation, vulnerability prioritization, and security testing.
• Build Retrieval-Augmented Generation (RAG) pipelines leveraging internal security knowledge bases, OWASP standards, CVE/NVD repositories, and penetration testing playbooks to provide contextual security guidance.
• Develop agentic AI workflows that automate the complete vulnerability lifecycle, including detection, triage, deduplication, risk scoring, ticket creation, SLA tracking, and remediation validation.
• Design prompt engineering strategies and continuously optimize LLM models for secure code analysis, threat modeling, remediation guidance, vulnerability reasoning, and developer coaching.
• Integrate AI-powered application security capabilities into CI/CD pipelines using platforms such as Jenkins, GitHub Actions, and Azure DevOps to enforce security gates and real-time feedback.
• Develop developer-focused security tooling including IDE extensions, REST APIs, and microservices using FastAPI or Flask to deliver contextual security recommendations.
• Build aggregation platforms that consolidate findings from SAST, DAST, SCA, IAST, and secrets scanning tools into a unified application security risk dashboard.
• Develop intelligent secrets detection capabilities using pattern recognition and AI-based contextual analysis to identify exposed credentials, API keys, and sensitive configuration data.
• Write unit tests, i

Requirements

• Experience : 7.5+years
• Strong experience as an Application Security Engineer, Application Security Developer, or Software Engineer with strong Application Security specialization.
• Strong expertise in Application Security principles, secure SDLC, secure coding practices, vulnerability assessment, and secure code review methodologies.
• Deep knowledge of OWASP Top 10, CWE Top 25, common application vulnerabilities, and secure software development practices.
• Hands-on experience with Application Security toolchains including SAST, DAST, SCA, IAST, and secrets scanning solutions.
• Strong programming skills in Python with experience using AI/ML libraries such as Scikit-learn, PyTorch or TensorFlow, Pandas, and NumPy.
• Experience building AI-powered security automation using Large Language Models (LLMs), Azure OpenAI, OpenAI APIs, prompt engineering, and Retrieval-Augmented Generation (RAG) architectures.
• Experience developing intelligent code analysis, vulnerability detection, remediation recommendation, and AI-assisted security tooling.
• Hands-on experience integrating security tools into CI/CD platforms such as Jenkins, GitHub Actions, and Azure DevOps.
• Experience developing REST APIs and microservices using FastAPI or Flask.
• Good understanding of containerization technologies such as Docker and modern Git-based development workflows.
• Working knowledge of cloud platforms including Microsoft Azure, AWS, or Google Cloud Platform for deploying AI-powered security services.
• Strong understanding of vulnerability management, risk prioritization, remediation workflows, and security automation.
• Familiarity with software composition analysis, dependency management, API security testing, and secrets management.
• Experience with MLOps platforms such as Azure ML, MLflow, or equivalent model deployment and monitoring frameworks.
• Knowledge of LangChain, Semantic Kernel, AutoGen, or similar AI orchestration frameworks is an added advantage.
• Familiarity with OWASP SAMM, BSIMM, software security maturity frameworks, and secure application architecture is preferred.
• Experience with API security testing tools, Postman, REST-assured, or OWASP API Security Top 10 is desirable.
• Exposure to mobile application security testing for Android and iOS platforms is an advantage.
• Strong analytical, troubleshooting, and problem-solving skills with the ability to develop scalable AI-powered security solutions.
• Excellent communication and collaboration skills with experience working in Agile, DevSecOps, and cross-functional engineering teams.
• Bachelor's degree in Computer Science, Information Technology, Engineering, MCA, or a related discipline.
• Professional certifications such as CSSLP, CEH, GWEB, CompTIA Security+, Microsoft Azure AI Engineer Associate, or SC-100 are desirable.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Nagarro1? Share your experience