At a Glance
- Tasks: Design and implement application security controls in CI/CD pipelines for secure software delivery.
- Company: Join a forward-thinking tech company focused on innovative security solutions.
- Benefits: Competitive salary, health coverage, flexible time off, and continuous learning opportunities.
- Other info: Dynamic work environment with excellent career growth and family-friendly perks.
- Why this job: Make a real impact by securing cutting-edge applications and AI technologies.
- Qualifications: Experience in DevSecOps and strong understanding of application security concepts required.
The predicted salary is between 60000 - 80000 £ per year.
Job Overview
This role involves designing, implementing, and operating application security controls integrated into CI/CD pipelines to ensure secure software delivery by default.
Responsibilities
- Embed automated App Sec checks across code, dependencies, builds, and deployment workflows aligned with shift‑left principles.
- Define and maintain secure CI/CD reference architectures and patterns for enterprise cloud‑native applications.
- Partner with engineering teams to integrate security seamlessly into developer workflows, minimizing friction and manual intervention.
- Develop reusable pipeline templates, policy controls, and automation to scale App Sec and Dev Sec Ops practices across teams.
- Secure pipeline infrastructure and credentials, protecting against build manipulation, secret leakage, and provenance risks.
- Integrate CI/CD security findings with broader application and cloud security monitoring workflows.
- Investigate and respond to application and pipeline‑related security findings, partnering with Security Operations as required.
- Contribute to cloud security posture by aligning pipeline and application controls with cloud security best practices.
- Embed security controls for AI/ML and Gen AI workloads within CI/CD pipelines and developer workflows.
- Define and enforce secure usage patterns for LLMs and AI services, including prompt handling, data protection, and model access controls.
- Implement safeguards against AI‑specific threats, including prompt injection, model poisoning, data leakage, and insecure model outputs.
- Integrate AI security scanning and validation into build pipelines, ensuring safe model usage and dependency integrity.
- Collaborate with engineering teams to establish secure‑by‑design AI application architectures.
- Ensure compliance with enterprise Responsible AI policies (data privacy, bias management, model governance).
- Secure AI‑related secrets, tokens, and API access used in pipelines and applications.
- Monitor and respond to security risks introduced by AI/ML components, including third‑party models and APIs.
- Contribute to AI risk governance, auditability, and traceability across the SDLC.
- Stay current on emerging AI security threats, vulnerabilities, and regulatory expectations.
- Author documentation, standards, and training to drive developer adoption of secure CI/CD and App Sec practices.
- Continuously evaluate emerging application security and software supply chain threats and improve controls accordingly.
Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent experience.
- 3–6 years of experience in Dev Sec Ops, Application Security, or Platform Security roles.
- Strong hands‑on experience securing CI/CD pipelines using Git Hub, Jenkins, and Azure Dev Ops.
- Solid understanding of application security concepts (secure coding, dependency risk, pipeline hardening, secrets management).
- Foundational understanding of AI/ML and Generative AI concepts, including LLMs and model lifecycle.
- Knowledge of AI/ML security risks such as prompt injection, data poisoning, model evasion, and data leakage.
- Experience integrating AI or ML components into applications or pipelines (preferred hands‑on exposure).
- Familiarity with Responsible AI principles and AI governance frameworks.
- Experience implementing shift‑left App Sec controls in modern SDLCs.
- Experience working in cloud environments (Azure, AWS, or GCP).
- Proficiency with scripting or programming languages (Python, Go, Java, etc.).
- Familiarity with containerized build and deployment models.
- Strong understanding of software supply chain security risks.
- Experience with policy‑as‑code and automated security governance.
- Knowledge of Kubernetes, container security, and cloud‑native application architectures.
- Experience integrating App Sec signals into enterprise security platforms.
Salary and Benefits
Base salary range: $125,000 to $165,000 (final base salary based on geographic location, experience, skill set, training, licenses, and certifications).
- Health & Wellness: Health‑care coverage designed for the mind and body.
- Flexible Downtime: Generous time off to keep you energized.
- Continuous Learning: Access a wealth of resources to grow your career and learn new skills.
- Invest in Your Future: Competitive pay, retirement planning, a continuing education program with a company‑matched student‑loan contribution, and financial wellness programs.
- Family Friendly Perks: Benefits for partners and children, including best‑in‑class family benefits.
- Beyond the Basics: Retail discounts and referral incentive awards.
- #J-18808-Ljbffr
We think you need these skills to ace Associate Director - Application Security in City of Westminster
Application Security
CI/CD Pipeline Security
DevSecOps Practices
Secure Coding
Secrets Management
AI/ML Security Risks
Shift-Left AppSec Controls