AI AppSec / AiSec Engineer
⚲ Kraków
32 000–36 000 zł netto (+ VAT) / mies.
Wymagania
- Checkmarx
- SonarQube
- TruffleHog
- Aqua
- Tenable
- Nessus
- Python
- Microsoft Azure
- Google Cloud Platform
Opis stanowiska
Nasze wymagania:
Strong background in application security engineering, including secure code reviews and vulnerability analysis.
Expertise in OWASP Top 10, API security, OAuth2.0/JWT, and understanding of AI/ML-specific security risks (OWASP LLM Top 10).
Ability to conduct threat modelling sessions (e.g., STRIDE, PASTA) and articulate risk findings.
Hands-on experience securing CI/CD pipelines and integrating security tooling (e.g., Checkmarx, SonarQube, TruffleHog, Aqua, Tenable, Nessus).
Strong scripting skills in Python for automation and security tooling.
Familiarity with security frameworks and standards (NIST, ISO 27001) and applying them in regulated environments.
Analytical mindset with an ability to present evidence-based risk assessments to both technical and non-technical audiences.
Excellent communication and collaboration skills; ability to mentor and advise distributed engineering teams.
Experience working in an Agile environment with DevSecOps practices.
Mile widziane:
Practical experience applying OWASP LLM Top 10 in real-world AI/ML assessments.
Understanding adversarial ML techniques (model evasion, data poisoning, inversion attacks).
Experience with Software Composition Analysis (SCA) and open-source vulnerability scanning.
Familiarity with penetration testing activities at application and API levels.
Certifications such as CSSLP, OSCP, CEH, or equivalent.
Hands-on experience with secure configurations on cloud platforms (GCP, Azure).
Prior exposure to regulated sectors such as financial services is an advantage.
O projekcie:
We are looking for an experienced AI AppSec / AI Security Engineer to join our Cybersecurity Technology & Engineering team. This role focuses on advancing application and AI security capabilities by embedding secure-by-design principles within software development lifecycles, as well as addressing emerging security challenges associated with AI-powered solutions and ML pipelines.
You will work closely with global engineering teams, influencing best practices and ensuring that security measures keep pace with the adoption of modern technologies, including large language models, generative AI, and AI-assisted development tools.
This is a strategic, technical hands-on role where you will review code, define security patterns, evaluate AI/ML risks, and help shape secure integration of AI into enterprise environments.
Sounds like your kind of challenge?
Zakres obowiązków:
Perform secure code reviews, delivering actionable and developer-friendly feedback to global engineering teams.
Act as a security consultant: identify insecure coding patterns, deprecated protocols, and compliance gaps; define migration paths to modern secure alternatives.
Evaluate new security solutions through Proof of Concept (POC) and Proof of Value (POV) engagements, applying structured methodologies to validate effectiveness before adoption.
Apply scientific rigor in vulnerability analysis, using metrics and statistical modelling to assess and communicate security risks objectively.
Conduct comparative evaluations of large language models (LLMs) for security applications, including vulnerability detection, fix generation, and security automation.
Assess and secure AI/ML pipelines and generative AI integrations, mitigating risks such as prompt injection, data poisoning, and model abuse.
Define security configuration standards for AI tools and platforms, ensuring compliance with secure-by-default principles.
Review and evaluate AI-assisted development tooling (e.g., GitHub Copilot), measuring risks and testing detection accuracy.
Provide technical mentorship and contribute to knowledge sharing and security capability uplift across engineering teams.
Collaborate on developing reusable security patterns, policies, and guidance for embedding security in new product and service development.
Note: Detailed project information will be shared during the recruitment process.
Oferujemy:
Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.)
Hybrid work setup – 6 days per month from the office
Collaborative team culture – work alongside experienced professionals eager to share knowledge
Continuous development – access to training platforms and growth opportunities
Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more
High quality equipment – laptop and essential software provided
Strong background in application security engineering, including secure code reviews and vulnerability analysis.
Expertise in OWASP Top 10, API security, OAuth2.0/JWT, and understanding of AI/ML-specific security risks (OWASP LLM Top 10).
Ability to conduct threat modelling sessions (e.g., STRIDE, PASTA) and articulate risk findings.
Hands-on experience securing CI/CD pipelines and integrating security tooling (e.g., Checkmarx, SonarQube, TruffleHog, Aqua, Tenable, Nessus).
Strong scripting skills in Python for automation and security tooling.
Familiarity with security frameworks and standards (NIST, ISO 27001) and applying them in regulated environments.
Analytical mindset with an ability to present evidence-based risk assessments to both technical and non-technical audiences.
Excellent communication and collaboration skills; ability to mentor and advise distributed engineering teams.
Experience working in an Agile environment with DevSecOps practices.
Mile widziane:
Practical experience applying OWASP LLM Top 10 in real-world AI/ML assessments.
Understanding adversarial ML techniques (model evasion, data poisoning, inversion attacks).
Experience with Software Composition Analysis (SCA) and open-source vulnerability scanning.
Familiarity with penetration testing activities at application and API levels.
Certifications such as CSSLP, OSCP, CEH, or equivalent.
Hands-on experience with secure configurations on cloud platforms (GCP, Azure).
Prior exposure to regulated sectors such as financial services is an advantage.
O projekcie:
We are looking for an experienced AI AppSec / AI Security Engineer to join our Cybersecurity Technology & Engineering team. This role focuses on advancing application and AI security capabilities by embedding secure-by-design principles within software development lifecycles, as well as addressing emerging security challenges associated with AI-powered solutions and ML pipelines.
You will work closely with global engineering teams, influencing best practices and ensuring that security measures keep pace with the adoption of modern technologies, including large language models, generative AI, and AI-assisted development tools.
This is a strategic, technical hands-on role where you will review code, define security patterns, evaluate AI/ML risks, and help shape secure integration of AI into enterprise environments.
Sounds like your kind of challenge?
Zakres obowiązków:
Perform secure code reviews, delivering actionable and developer-friendly feedback to global engineering teams.
Act as a security consultant: identify insecure coding patterns, deprecated protocols, and compliance gaps; define migration paths to modern secure alternatives.
Evaluate new security solutions through Proof of Concept (POC) and Proof of Value (POV) engagements, applying structured methodologies to validate effectiveness before adoption.
Apply scientific rigor in vulnerability analysis, using metrics and statistical modelling to assess and communicate security risks objectively.
Conduct comparative evaluations of large language models (LLMs) for security applications, including vulnerability detection, fix generation, and security automation.
Assess and secure AI/ML pipelines and generative AI integrations, mitigating risks such as prompt injection, data poisoning, and model abuse.
Define security configuration standards for AI tools and platforms, ensuring compliance with secure-by-default principles.
Review and evaluate AI-assisted development tooling (e.g., GitHub Copilot), measuring risks and testing detection accuracy.
Provide technical mentorship and contribute to knowledge sharing and security capability uplift across engineering teams.
Collaborate on developing reusable security patterns, policies, and guidance for embedding security in new product and service development.
Note: Detailed project information will be shared during the recruitment process.
Oferujemy:
Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.)
Hybrid work setup – 6 days per month from the office
Collaborative team culture – work alongside experienced professionals eager to share knowledge
Continuous development – access to training platforms and growth opportunities
Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more
High quality equipment – laptop and essential software provided
🔍 Dekoder Ogłoszenia
🔴
Understanding of AI/ML-specific security risks (OWASP LLM Top 10)
Oczekuje się podstawowej wiedzy o zagrożeniach związanych z AI/ML, ale niekoniecznie głębokiego, praktycznego doświadczenia w ich analizie.
🟡
Ability to conduct threat modelling sessions (e.g., STRIDE, PASTA) and articulate risk findings.
Może oznaczać zarówno prowadzenie sesji, jak i bierny udział w nich oraz prezentowanie wyników.
🔴
Hands-on experience securing CI/CD pipelines and integrating security tooling (e.g., Checkmarx, SonarQube, TruffleHog, Aqua, Tenable, Nessus).
Wymagane jest praktyczne doświadczenie z wymienionymi narzędziami, a nie tylko ogólna znajomość ich istnienia.
🔴
Excellent communication and collaboration skills; ability to mentor and advise distributed engineering teams.
Może oznaczać, że będziesz odpowiedzialny za szkolenie mniej doświadczonych członków zespołu, nawet jeśli nie jest to główny cel stanowiska.
🔴
Practical experience applying OWASP LLM Top 10 in real-world AI/ML assessments.
To jest kluczowe wymaganie, które może być trudne do spełnienia, jeśli firma dopiero zaczyna pracę z AI/ML security.