Consulting​/Principal Security Engineer

What You’ll Actually Be Doing

• Provide strategic and tactical technical guidance that shapes how we approach security across the organization — with real input into leadership decisions
• Research emerging threats, new attack techniques, and novel mitigation approaches, then translate that research into actionable guidance before those threats hit our doorstep
• Own escalations that require deep expertise — you’re the person the team calls when things get interesting

• Design and evolve our secure software development lifecycle — threat modeling, security design reviews, developer enablement, and the toolchain that ties it all together
• Integrate modern security tooling (SAST, DAST, SCA, secrets detection) into CI/CD pipelines in ways engineers actually embrace rather than route around
• Build and run security champions programs that make developers your allies, not your adversaries
• Track what’s working with real metrics and communicate risk clearly to technical and non-technical audiences alike

• Lead security reviews and threat modeling for AI-powered features — LLMs, RAG pipelines, vector databases, agentic workflows, the works
• Get hands‑on with the OWASP, NIST, and the latest research on prompt injection, model supply chain risks, inference-based data leakage, and insecure tool use
• Evaluate AI tools and APIs being introduced into the SDLC — not just for security risk, but for how they change the attack surface entirely
• Define internal standards for building AI‑integrated applications responsibly, so our teams can move fast without leaving the door wide open
• Use AI‑powered security tooling yourself — we expect you to be fluent in the tools reshaping how App Sec work gets done, not skeptical of them

• Design innovative solutions that protect the confidentiality, integrity, and availability of our systems and data — efficiently, not bureaucratically
• Stay curious about new technologies: evaluate them, understand the security implications, and give leadership the insight they need to make smart bets
• Collaborate across engineering, GRC, legal, and privacy to ensure our controls hold up in a regulated environment (HIPAA, FedRAMP) without slowing everything to a crawl

• Shape multi-year technical strategy for the App Sec program and influence engineering organization-wide
• Serve as a go‑to authority on AI/LLM security for senior engineering and product leadership
• Mentor the next generation of security engineers and raise the bar across the team

• 7+ years in application security, security-focused software engineering, or a closely related discipline
• Real experience with threat modeling (STRIDE, PASTA, or your preferred framework) applied to complex, distributed systems
• Strong command of web application and API security vulnerabilities and how to actually fix them — not just how to find them
• Hands‑on experience embedding SAST, DAST, SCA, and secrets scanning into developer workflows
• Enough coding ability (Python, Java, Go, Type Script, etc.) to meaningfully review code for security issues and build lightweight automation
• Experience working in or alongside a regulated industry with real compliance requirements
• The ability to write a clear, compelling security finding — and explain it to a VP without losing them
• Strong collaboration ethos. The security team is an enabler of the business, not a hindrance.

• Practical experience securing AI/ML systems or LLM-integrated applications — this is increasingly central to the role
• Familiarity with agentic AI security risks: tool misuse, prompt injection chains, privilege escalation via agents
• Experience building developer security education or security champions programs that actually stick
• Cloud security depth (AWS, Azure, or GCP) — IAM, workload security, IaC hardening
• Container and Kubernetes security experience

• Offensive security background that informs how you think defensively
• Relevant certifications: OSCP, CSSLP, GWEB, GPEN, cloud security specialty, or equivalent
• Prior experience in legal research or AI workflow

U.S.…