Apply on Employer Site

Capital Group · 17 hours ago

Lead AI AppSec Engineer

Irvine, CA

Full-time

Onsite

Lead/Staff

$227K/yr - $363K/yr

8+ years exp

Capital Group is committed to fostering a strong sense of belonging in a respectful workplace. As a Lead AI AppSec Engineer, you will work with application teams to ensure the security of AI solutions, collaborate with various teams to support the secure adoption of AI, and provide mentoring across the organization.

Financial Services

Comp. & Benefits

Responsibilities

Secure AI Development Lifecycle: You will procure and/or build technical solutions to embed automated security checks into the AI SDLC and ML-Ops

AI Threat Modeling: You will threat model complex Agentic and AI systems and design security requirements collaboratively with developers, architects and business stakeholders

Code analysis: You will review code for security vulnerabilities in the context of AI-driven systems

Contribute to Standards and Policies: You will provide thought leadership for Information Security policies and standards for AI in collaboration with technology risk

AI/Agent SME: You will provide AI/Agent subject matter expertise for AI Incidents and Security Reviews, and help develop incident response playbooks for AI-related security incidents

Qualification

Information SecurityApplication SecurityAI Security PrinciplesThreat ModelingAutomating Security ChecksPythonJava.NETKubernetesCI/CDCloud Service ProvidersCISSPSANS GIACCISAEffective CommunicationCollaboration

Required

8+ years of experience in information security, application security, platform security, or penetration testing, DevSecOps, network security and other security disciplines

Strong knowledge of security of safety risks of Large Language Models and AI Agents (OWASP for LLM Top 10, etcetera)

5+ Years of experience automating security checks, including SAST, SCA, and DAST, directly into CI/CD pipelines

Extensive experience with STRIDE/other threat modeling frameworks, agile workflows, including Scrum and Kanban

Experienced in at least one programming languages (Python, Java, .NET)

Effectively partner and collaborate with stakeholder teams

Effective communication skills and the ability to outline security risks to leadership

Preferred

Knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers

Familiar with function and purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (Examples LangChain, LlamaIndex, etc.)

Familiar with key AI regulatory frameworks such as NIST AI RMF, MITRE ATLAS, GDPR, EU AI Act, etc

Information Security certifications (CISSP, SANS GIAC, CISA, etc.)

Benefits

Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options

Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love

Access on-demand professional development resources that allow you to hone existing skills and learn new ones

Individual annual performance bonus, plus Capital’s annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings