Application Security Engineer

<div class="content-intro"><h3><strong><span style="font-family: arial, helvetica, sans-serif;">About xAI</span></strong></h3> <p><span style="font-family: arial, helvetica, sans-serif;">xAI’s mission is to create AI systems that can accurately understand the universe and aid humanity in its pursuit of knowledge. </span><span style="font-family: arial, helvetica, sans-serif;">Our team is small, highly motivated, and focused on engineering excellence. This organization is for individuals who appreciate challenging themselves and thrive on curiosity. </span><span style="font-family: arial, helvetica, sans-serif;">We operate with a flat organizational structure. All employees are expected to be hands-on and to contribute directly to the company’s mission. Leadership is given to those who show initiative and consistently deliver excellence. Work ethic and strong prioritization skills are important. </span><span style="font-family: arial, helvetica, sans-serif;">All employees are expected to have strong communication skills. They should be able to concisely and accurately share knowledge with their teammates.</span></p></div><h3><strong>ABOUT THE ROLE:</strong></h3> <p>We are seeking a skilled and innovative Application Security Engineer to join our technology-driven company. In this role, you will be responsible for ensuring the security and integrity of our cloud-native applications and systems throughout the software development lifecycle, with a particular focus on code security, CI/CD pipelines, and emerging AI technologies.</p> <h3><strong>RESPONSIBILITIES:</strong></h3> <ul> <li>Conduct in-depth code reviews and static analysis to identify and mitigate security vulnerabilities in our applications</li> <li>Design and implement secure coding guidelines and best practices for development teams</li> <li>Collaborate closely with development teams to integrate security practices throughout the CI/CD pipeline</li> <li>Perform threat modeling and risk assessments for applications, developing mitigation strategies for potential risks</li> <li>Manage vulnerability tracking and remediation efforts, providing guidance to development teams</li> <li>Support incident response activities related to application security</li> <li>Stay current on emerging security threats and trends in cloud-native technologies and AI, continuously enhancing our security measures</li> <li>Evaluate and secure software supply chains, including producing and maintaining Software Bills of Materials (SBOMs)</li> <li>Address security concerns specific to AI and machine learning models, with a focus on the OWASP LLM Top 10</li> </ul> <h3><strong>BASIC QUALIFICATIONS:</strong></h3> <ul> <li>Bachelor's degree in Computer Science, Cybersecurity, or a related field</li> <li>3-5 years of experience in application security, with a strong focus on code security practices</li> <li>Deep understanding of secure coding practices, application security frameworks, and common vulnerabilities (e.g., OWASP Top 10)</li> <li>Proficiency in Python or Rust programming languages and experience with secure coding practices in these languages</li> <li>Experience securing CI/CD pipelines and implementing DevSecOps practices</li> <li>Familiarity with software supply chain security and SBOM generation tools</li> <li>Experience with security testing tools (e.g., Burp Suite, OWASP ZAP) and static/dynamic code analysis</li> <li>Understanding of AI/ML security implications, particularly those outlined in the OWASP LLM Top 10</li> <li>Excellent communication skills, able to explain complex security issues to both technical and non-technical audiences</li> </ul> <h3><strong>PREFERRED SKILLS AND EXPERIENCE:</strong></h3> <ul> <li>Experience with cloud platforms (e.g., GCP, AWS, Azure) and their security features</li> <li>Relevant security certifications (e.g., CSSLP, OSWE)</li> <li>Background in data privacy and compliance regulations relevant to cloud-native applications and AI systems</li> <li>Experience with GitOps and infrastructure-as-code security</li> <li>Familiarity with federated learning and privacy-preserving machine learning techniques</li> <li>Experience in building custom security tooling to enhance and automate security processes</li> <li>Interest in leveraging AI to automate security tasks and improve efficiency</li> <li>Contributions to open-source security projects or tools</li> <li>Experience in securing AI/ML models and data pipelines</li> </ul> <h3>COMPENSATION AND BENEFITS:</h3> <p><span style="font-weight: 400;">$200,000 - $340,000 USD</span></p> <p>Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short &amp; long-term disability insurance, life insurance, and various other discounts and perks.</p><div class="content-conclusion"><p><em>xAI is an equal opportunity employer. For details on data processing, view our&nbsp;</em><em><a href="https://x.ai/legal/recruitment-privacy-notice" target="_blank">Recruitment Privacy Notice</a>.</em></p></div>