AI AppSec / AiSec Engineer

(Cybersecurity) AI AppSec / AiSec EngineerAI Application Security Engineer Location & Work ModelHybrid work model - 6 days per month from the office in Kraków (preferred) or WarsawContrac t BenefitsPrivate medical care (LuxMed)MyBenefit cafeteria platformSupport from a dedicated Contractor Care speciali st About the RoleWe are looking for an experienced AI Application Security Engineer to join a cybersecurity engineering team focused on improving secure software development practices and advancing AI security capabilities across large-scale engineering environments.In this role, you will work closely with development teams to strengthen application security, support secure-by-design initiatives, and help shape security standards for AI-powered solutions and GenAI adoption. The position combines hands-on application security engineering with emerging AI/ML security practices.You will contribute to security assessments, secure code reviews, AI security evaluations, and the development of scalable security patterns, while collaborating with engineering teams in Agile and DevSecOps environmen ts. Key ResponsibilitiesPerform secure code reviews and provide actionable security recommendations to development teamsIdentify insecure coding patterns, deprecated technologies, and security gaps, while recommending modern secure alternativesSupport secure-by-design and shift-left security practices across the software development lifecycleConduct threat modelling sessions for applications and AI/ML systemsEvaluate and test new security tools, concepts, and approaches through PoC/PoV initiativesAssess AI/ML and GenAI security risks, including:prompt injectionmodel abusetraining data leakageAI supply chain risksReview security configurations of AI platforms, tools, and integrationsAssess the security impact and effectiveness of AI-assisted development tools (e.g. code generation solutions)Contribute to the development of reusable security standards, policies, and engineering guidanceProduce technical documentation and security assessment reportsCollaborate with engineering teams to improve security awareness and best practicesMentor team members and contribute to knowledge-sharing initiat ives Required Skills & ExperienceStrong hands-on experience in Application Security / AppSec engineeringExperience with secure code review and vulnerability analysisGood understanding of OWASP Top 10 and common web application vulnerabilitiesFamiliarity with AI/ML security risks and OWASP LLM Top 10Experience conducting threat modelling sessions (e.g. STRIDE, PASTA)Hands-on experience securing CI/CD pipelines and integrating security tooling into development workflowsExperience with security tools such as:CheckmarxSonarQubeAquaTruffleHogNessusTenableGood understanding of API security, OAuth 2.0, JWT, and REST architecturesProficiency in Python scripting and security automationKnowledge of security standards and frameworks such as NIST and ISO 27001Experience working in Agile and DevSecOps environmentsStrong communication and stakeholder management skillsAbility to explain technical security concepts to both technical and non-technical audi ences Nice to HaveHands-on experience with AI/ML security assessmentsKnowledge of adversarial ML techniquesExperience with Software Composition Analysis (SCA) toolsExperience with penetration testingCloud security experience (GCP and/or Azure)Security certifications such as CSSLP, CEH, or OSCPExperience working in regulated industries (e.g. financial ser vices)