[Remote] Application Security AI Engineer
Note: The job is a remote job and is open to candidates in USA. HonorVet Technologies is a veteran-owned IT staffing firm working with federal agencies, state governments, and Fortune 500 clients. They are seeking an experienced Application Security AI Engineer to secure enterprise applications and implement AI-powered security solutions to enhance vulnerability detection and remediation.
Responsibilities
- Perform application security triage across Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST) findings
- Validate and prioritize critical and high-risk vulnerabilities through exploitability analysis, false-positive verification, risk assessment, and remediation guidance
- Investigate and coordinate responses for critical security events, threat intelligence alerts, and emergency patching activities, ensuring timely mitigation and resolution
- Monitor newly disclosed vulnerabilities and emerging security threats, providing actionable recommendations to development and security teams
- Design, evaluate, and implement AI-assisted application security solutions that improve vulnerability detection, code analysis, remediation recommendations, and security workflow automation while maintaining appropriate human oversight
- Support the evaluation, testing, and secure adoption of AI-based security tools by conducting proof-of-concept assessments, validating security controls, reviewing data handling practices, and documenting governance requirements
- Enhance software supply chain security by securing open-source dependencies, managing Software Bill of Materials (SBOM), identifying malicious packages, evaluating dependency health, and enforcing security policies across development pipelines
- Improve the security of developer environments by assessing IDEs, plugins, extensions, package managers, code-assist tools, and CI/CD integrations for potential security risks and misconfigurations
- Develop automation using scripting, APIs, and security platform integrations to streamline application security operations and vulnerability management processes
- Collaborate closely with development, DevSecOps, and security teams to communicate security risks, recommend remediation strategies, and support secure software development practices
Skills
- Minimum 3+ years of experience with Code Scanning
- Minimum 3+ years of experience with Software Composition Analysis (Open Source Scanning)
- Minimum 3+ years of experience with Static (SAST) and Dynamic (DAST) Application Security Testing
- Strong experience triaging application security findings and managing high-severity vulnerabilities through remediation and closure
- Hands-on experience with scripting, automation, APIs, CI/CD pipelines, developer tools, or security platform integrations
- Practical experience working with AI-enabled security tools, large language models (LLMs), coding assistants, AI governance, model evaluation, or AI-assisted security workflows
- Solid understanding of software supply chain security, including open-source dependency management, SBOM, package security, and developer tooling protection
- Experience securing developer environments, including IDEs, plugins, package managers, CI/CD platforms, and code repositories
- Strong analytical, troubleshooting, and problem-solving skills
- Excellent communication skills with the ability to explain technical security findings and remediation recommendations to both technical and non-technical stakeholders
- Application Security
- Software Composition Analysis (SCA)
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Code Scanning
- Open Source Security
- Vulnerability Management
- Threat Intelligence
- Software Supply Chain Security
- Secure SDLC
- AI Security Tools
- Large Language Models (LLMs)
- APIs & Automation
- CI/CD Security
- Developer Tooling Security
- Scripting (Python, PowerShell, Bash, or similar)
- Experience implementing AI-powered security solutions or security automation
- Knowledge of secure software development lifecycle (SSDLC) practices
- Familiarity with cloud application security and DevSecOps methodologies
- Experience working with enterprise vulnerability management platforms and modern application security tools
Company Overview
Company H1B Sponsorship