×
Register Here to Apply for Jobs or Post Jobs. X

Consulting​/Principal Security Engineer

Job in Raleigh, Wake County, North Carolina, 27601, USA
Listing for: LexisNexis
Full Time position
Listed on 2026-07-13
Job specializations:
  • IT/Tech
    Cybersecurity, AI Engineer (Applied/Software)
Job Description & How to Apply Below

Job Title

What You'll Actually Be Doing

Setting Direction, Not Just Following It

Provide strategic and tactical technical guidance that shapes how we approach security across the organization — with real input into leadership decisions

Research emerging threats, new attack techniques, and novel mitigation approaches, then translate that research into actionable guidance before those threats hit our doorstep

Own escalations that require deep expertise — you're the person the team calls when things get interesting

Secure SDLC & App Sec Program

Design and evolve our secure software development lifecycle — threat modeling, security design reviews, developer enablement, and the toolchain that ties it all together

Integrate modern security tooling (SAST, DAST, SCA, secrets detection) into CI/CD pipelines in ways engineers actually embrace rather than route around

Build and run security champions programs that make developers your allies, not your adversaries

Track what's working with real metrics and communicate risk clearly to technical and non-technical audiences alike

AI / LLM Security

Lead security reviews and threat modeling for AI-powered features — LLMs, RAG pipelines, vector databases, agentic workflows, the works

Get hands-on with the OWASP, NIST, and the latest research on prompt injection, model supply chain risks, inference-based data leakage, and insecure tool use

Evaluate AI tools and APIs being introduced into the SDLC — not just for security risk, but for how they change the attack surface entirely

Define internal standards for building AI-integrated applications responsibly, so our teams can move fast without leaving the door wide open

Use AI-powered security tooling yourself — we expect you to be fluent in the tools reshaping how App Sec work gets done, not skeptical of them

Creative Problem Solving at Scale

Design innovative solutions that protect the confidentiality, integrity, and availability of our systems and data — efficiently, not bureaucratically

Stay curious about new technologies: evaluate them, understand the security implications, and give leadership the insight they need to make smart bets

Collaborate across engineering, GRC, legal, and privacy to ensure our controls hold up in a regulated environment (HIPAA, FedRAMP) without slowing everything to a crawl

At the Principal Level, additionally:

Shape multi-year technical strategy for the App Sec program and influence engineering organization-wide

Serve as a go-to authority on AI/LLM security for senior engineering and product leadership

Mentor the next generation of security engineers and raise the bar across the team

What We're Looking For

Must-Haves

7+ years in application security, security-focused software engineering, or a closely related discipline

Real experience with threat modeling (STRIDE, PASTA, or your preferred framework) applied to complex, distributed systems

Strong command of web application and API security vulnerabilities and how to actually fix them — not just how to find them

Hands-on experience embedding SAST, DAST, SCA, and secrets scanning into developer workflows

Enough coding ability (Python, Java, Go, Type Script, etc.) to meaningfully review code for security issues and build lightweight automation

Experience working in or alongside a regulated industry with real compliance requirements

The ability to write a clear, compelling security finding — and explain it to a VP without losing them

Strong collaboration ethos. The security team is an enabler of the business, not a hindrance.

Strong Differentiators

Practical experience securing AI/ML systems or LLM-integrated applications — this is increasingly central to the role

Familiarity with agentic AI security risks: tool misuse, prompt injection chains, privilege escalation via agents

Experience building developer security education or security champions programs that actually stick

Cloud security depth (AWS, Azure, or GCP) — IAM, workload security, IaC hardening

Container and Kubernetes security experience

Great to Have

Offensive security background that informs how you think defensively

Relevant certifications: OSCP, CSSLP, GWEB, GPEN, cloud security specialty, or equivalent

Prior…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary