AI AppSec / AiSec Engineer

Our requirements

• Strong background in application security engineering, including secure code reviews and vulnerability analysis.
• Expertise in OWASP Top 10, API security, OAuth2.0/JWT, and understanding of AI/ML-specific security risks (OWASP LLM Top 10).
• Ability to conduct threat modelling sessions (e.g., STRIDE, PASTA) and articulate risk findings.
• Hands-on experience securing CI/CD pipelines and integrating security tooling (e.g., Checkmarx, SonarQube, TruffleHog, Aqua, Tenable, Nessus).
• Strong scripting skills in Python for automation and security tooling.
• Familiarity with security frameworks and standards (NIST, ISO 27001) and applying them in regulated environments.
• Analytical mindset with an ability to present evidence-based risk assessments to both technical and non-technical audiences.
• Excellent communication and collaboration skills; ability to mentor and advise distributed engineering teams.
• Experience working in an Agile environment with DevSecOps practices.

Optional

• Practical experience applying OWASP LLM Top 10 in real-world AI/ML assessments.
• Understanding adversarial ML techniques (model evasion, data poisoning, inversion attacks).
• Experience with Software Composition Analysis (SCA) and open-source vulnerability scanning.
• Familiarity with penetration testing activities at application and API levels.
• Certifications such as CSSLP, OSCP, CEH, or equivalent.
• Hands-on experience with secure configurations on cloud platforms (GCP, Azure).
• Prior exposure to regulated sectors such as financial services is an advantage.

Your responsibilities

• Perform secure code reviews, delivering actionable and developer-friendly feedback to global engineering teams.
• Act as a security consultant: identify insecure coding patterns, deprecated protocols, and compliance gaps; define migration paths to modern secure alternatives.
• Evaluate new security solutions through Proof of Concept (POC) and Proof of Value (POV) engagements, applying structured methodologies to validate effectiveness before adoption.
• Apply scientific rigor in vulnerability analysis, using metrics and statistical modelling to assess and communicate security risks objectively.
• Conduct comparative evaluations of large language models (LLMs) for security applications, including vulnerability detection, fix generation, and security automation.
• Assess and secure AI/ML pipelines and generative AI integrations, mitigating risks such as prompt injection, data poisoning, and model abuse.
• Define security configuration standards for AI tools and platforms, ensuring compliance with secure-by-default principles.
• Review and evaluate AI-assisted development tooling (e.g., GitHub Copilot), measuring risks and testing detection accuracy.
• Provide technical mentorship and contribute to knowledge sharing and security capability uplift across engineering teams.
• Collaborate on developing reusable security patterns, policies, and guidance for embedding security in new product and service development.
• Note: Detailed project information will be shared during the recruitment process.

About the project

This is how we organize our work

This is how we work on a project

• Continuous Deployment
• Continuous Integration

What we offer

• Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.)
• Hybrid work setup – 6 days per month from the office
• Collaborative team culture – work alongside experienced professionals eager to share knowledge
• Continuous development – access to training platforms and growth opportunities
• Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more
• High quality equipment – laptop and essential software provided

Benefits

• sharing the costs of sports activities
• private medical care
• sharing the costs of professional training & courses
• life insurance

Mindbox Sp. z o.o.