Provide unified application security triage coverage across SCA, SAST, and DAST findings, including validation of critical and high-risk vulnerabilities
Perform false positive analysis and exploitability assessment to prioritize remediation efforts
Provide remediation guidance, escalation support, and handle PatchNow Critical events
Assess and coordinate responses for threat intelligence escalations and monitor newly disclosed vulnerabilities
Engineer, test, and implement AI-enabled security tooling, including support for evaluation of new AI capabilities and technical proof-of-value execution
Strengthen software supply chain security through secure open-source dependency selection, SBOM and component visibility support, and detection of malicious packages
Assess and improve developer IDE security, including securing plugins/extensions and developer workflows
Requirements
8-10 years of experience in application security
Expertise in code scanning methodologies including static scanning (SAST), dynamic scanning (DAST), and open source scanning (SCA)
Strong background in SCA/SAST/DAST triage, vulnerability management, and threat intelligence
Hands-on experience with AI-assisted security tooling and AI-enabled security tools, including frontier models and coding assistants
Working knowledge of prompt and tool orchestration, model evaluation, and AI governance
Proficiency with scripting and automation, APIs, and CI/CD workflows
Experience with developer tooling, security platform integrations, IDE security, and package managers
Capability to detect and assess malicious code in open-source dependencies
Understanding of software supply chain security best practices