Application Security / DevSecOps Engineer
Job Description
About this role
AppSec is where engineering meets adversarial reality, and AI assistants regularly produce code that is functionally correct and security-broken at the same time. As an Application Security / DevSecOps Engineer for AI training, you will help AI generate code, threat models, and pipeline configurations that hold up to real attackers and real auditors.
Key Responsibilities
• Generate and evaluate instruction-response pairs covering OWASP Top 10, secure coding, and threat modeling.
• Review AI-generated code for SAST/DAST integration (Snyk, Semgrep, CodeQL, OWASP ZAP).
• Provide feedback on SBOMs, dependency scanning, and supply-chain security (SLSA, Sigstore).
• Validate AI handling of secrets management (Vault, AWS Secrets Manager, Doppler).
• Evaluate AI-generated CI/CD pipelines for security gates and signing.
• Identify subtle issues in input validation, deserialization, SSRF, and IDOR vulnerabilities.
Ideal Qualifications
• 5• years in application security, DevSecOps, or security engineering.
• Deep familiarity with OWASP Top 10 and modern web/API attack classes.
• Strong grasp of SAST, DAST, IAST, and software composition analysis tools.
• Experience designing secure CI/CD pipelines and supply-chain controls.
• Comfort with at least one offensive-security background (CTFs, bug bounty, internal red team).
• Familiarity with cloud-native security (CSPM, CWPP) and zero-trust patterns is a plus.
Project Timeline
• Start Date: Immediate
• Duration: Ongoing
• Commitment: Flexible, 10-25 hours/week
Contract & Payment Terms
• Independent contractor agreement
• Remote work — anywhere in eligible locations
• Weekly payment via Stripe or bank transfer
• Flexible hours
Teach AI to write code adversaries can't easily break — apply now!