Location: Detroit, MI (3 days in office, 2 days remote; first 3 months are fully in office)
Note: This employer does not provide visa sponsorship. Applicants must be authorized to work in the United States now and in the future without sponsorship.
Overview
We are seeking a hands-on Application Security Engineer to help integrate security practices across modern development environments, cloud platforms, and emerging AI/ML systems. This role focuses on embedding security into engineering workflows, improving application resilience, and enabling teams to deliver secure solutions without slowing development.
You will work closely with development, infrastructure, and product teams to identify risks early, implement automated security controls, and support secure architecture across applications and data-driven systems.
Key Responsibilities
Secure Development & DevSecOps
- Integrate security best practices throughout the software development lifecycle, from design through production deployment
- Perform code reviews to identify vulnerabilities and promote secure coding standards
- Implement and manage application security tools such as SAST, DAST, SCA, and related technologies
- Embed automated security checks within CI/CD pipelines and DevSecOps workflows
Risk Assessment & Vulnerability Management
- Conduct threat modeling and security assessments for applications and system architectures
- Identify, prioritize, and track vulnerabilities, partnering with engineering teams on remediation efforts
- Monitor third-party libraries, APIs, and open-source components for security risks
Cloud, Container & Platform Security
- Support security efforts across cloud environments, including containerized and serverless applications
- Assist in securing Kubernetes-based workloads and distributed systems
- Contribute to infrastructure hardening and platform security improvements
AI/ML & Emerging Technology Security
- Evaluate risks associated with machine learning and generative AI systems across the full lifecycle
- Implement safeguards such as input validation, prompt protection, and data leakage prevention
- Support governance and security controls for AI-enabled applications
Incident Response & Compliance
- Investigate application-related security events and support incident response activities
- Track security metrics, risk posture, and remediation progress
- Assist with audit readiness and compliance initiatives
Collaboration & Enablement
- Partner with developers, architects, and product teams to promote secure design principles
- Provide guidance on secure coding practices aligned with industry frameworks (e.g., OWASP)
- Stay current on emerging threats, vulnerabilities, and attack techniques
Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a related field (or equivalent experience)
- 3+ years of experience in application security, cloud security, or DevSecOps environments
- Hands-on experience with security testing tools (SAST, DAST, SCA, etc.)
- Strong understanding of secure coding practices and modern application architectures
- Experience with cloud platforms and containerized environments (e.g., Kubernetes)
- Familiarity with CI/CD pipelines and automation tools
- Excellent communication skills with the ability to collaborate across technical and non-technical teams
- Strong organizational skills and ability to manage multiple priorities
Preferred Qualifications
- Experience with AI/ML security concepts or securing data-driven applications
- Relevant certifications such as DevSecOps, cloud security, or AI security credentials
- Background in highly regulated or security-sensitive environments
