Application Security Engineer - Secure the Future of AI
At WRITER, we're not just building AI; we're building the future. As we push the boundaries of what's possible, security is paramount. We're seeking a passionate and experienced Application Security Engineer to join our team and help us secure our cutting-edge AI and AGI applications.
In this role, you'll be a key player in embedding security directly into our CI/CD workflows, proactively identifying and exploiting vulnerabilities, and collaborating with cross-functional teams to protect our innovative AI solutions. If you're a security engineer who thrives at the intersection of automation, offensive testing, and real-world impact, this is your opportunity to make a difference.
Your Mission:
Build Pipeline Security: Secure the pre-deployment phase with robust security gates and checks integrated into our CI/CD pipelines.
Red Team Operations: Lead application-layer red team exercises, simulating sophisticated adversary techniques targeting AI systems.
Application Penetration Testing: Perform comprehensive penetration testing on AI applications, APIs, and model endpoints.
Vulnerability Hunting: Discover, reproduce, and chain vulnerabilities into realistic attack paths, providing actionable remediation guidance.
Security Architecture: Advise on security architecture, review designs for weaknesses, and create secure patterns.
Automation at Scale: Develop scripts, tools, and frameworks for continuous security assessment (SAST, DAST, SCA).
Collaboration is Key: Partner with Cloud/Infrastructure, AI Security, and Detection & Response teams to create a cohesive security posture.
What You'll Own:
Pipeline security (pre-deployment phase)
Security gates and checks in CI/CD
Application penetration testing
Container scanning in the build phase
Application-layer vulnerability discovery
What You Won't Own (Others Lead):
Deployment pipeline security (Cloud/Infrastructure owns)
Infrastructure-as-code security (Cloud/Infrastructure owns)
Production runtime security (Cloud/Infrastructure owns)
AI model security research (AI Security owns)
Key Partnerships:
Cloud/Infrastructure: Secure handoff at the build/deploy boundary. You secure the build; they secure the deploy.
AI Security: They provide threat models for AI-specific risks; you implement tests in CI/CD.
Detection & Response: You find vulnerabilities proactively; they detect attacks in production.
Do You Have What It Takes?
8+ years of experience in application security, with a strong focus on hands-on testing.
5+ years of experience conducting penetration tests and security assessments.
A proven record of finding and exploiting critical vulnerabilities.
Deep experience integrating security into DevOps workflows and CI/CD pipelines.
Strong programming skills for exploit development and security automation.
Expertise in web application and API security, including cloud-native architectures.
Technical Prowess:
Proficient with penetration testing tools (e.g., Burp Suite, OWASP ZAP, custom scripts).
Skilled in SAST, DAST, and SCA tools.
Strong understanding of application-layer attack techniques and exploitation.
Experience with supply chain security and build pipeline hardening.
Impact & Execution:
Demonstrated ability to identify vulnerabilities others miss.
Proven track record of automating security testing in fast-paced development cycles.
Ability to translate red team findings into concrete defensive measures.
History of effective collaboration with engineering teams.
Bonus Points:
Background in software development or DevOps.
Experience testing AI/ML applications.
Security certifications such as OSCP, OSWE, or GWAPT.
Published security research or CVEs.
Experience with purple team operations.
Perks & Benefits (US Full-time Employees):
Generous PTO, plus company holidays
Medical, dental, and vision coverage for you and your family
Paid parental leave for all parents (12 weeks)
Fertility and family planning support
Early-detection cancer testing through Galleri
Flexible spending account and dependent FSA options
Health savings account for eligible plans with company contribution
Annual work-life stipends for:
Home office setup, cell phone, internet
Wellness stipend for gym, massage/chiropractor, personal training, etc.
Learning and development stipend
Company-wide off-sites and team off-sites
Competitive compensation, company stock options, and 401k
WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
By submitting your application, you acknowledge and agree to WRITER's Global Candidate Privacy Notice.