Application Security Engineer at SpaceXAI

On-site - Palo Alto, CA, USA

Apply
More jobs at SpaceXAI

SpaceXAI’s mission is to create AI systems that can accurately understand the universe and aid humanity in its pursuit of knowledge. Our team is small, highly motivated, and focused on engineering excellence. This organization is for individuals who appreciate challenging themselves and thrive on curiosity. We operate with a flat organizational structure. All employees are expected to be hands-on and to contribute directly to the company’s mission. Leadership is given to those who show initiative and consistently deliver excellence. Work ethic and strong prioritization skills are important. All employees are expected to have strong communication skills. They should be able to concisely and accurately share knowledge with their teammates.

Salary

USD 100,000 - 258,000

Requirements

Skills

  • Bachelor's degree in Computer Science, Cybersecurity, or a related field
  • 3-5 years of experience in application security, with a strong focus on code security practices
  • Deep understanding of secure coding practices, application security frameworks, and common vulnerabilities (e.g., OWASP Top 10)
  • Proficiency in Python or Rust programming languages and experience with secure coding practices in these languages
  • Experience securing CI/CD pipelines and implementing DevSecOps practices
  • Familiarity with software supply chain security and SBOM generation tools
  • Experience with security testing tools (e.g., Burp Suite, OWASP ZAP) and static/dynamic code analysis
  • Understanding of AI/ML security implications, particularly those outlined in the OWASP LLM Top 10
  • Excellent communication skills, able to explain complex security issues to both technical and non-technical audiences

Responsibilities

  • Conduct in-depth code reviews and static analysis to identify and mitigate security vulnerabilities in our applications
  • Design and implement secure coding guidelines and best practices for development teams
  • Collaborate closely with development teams to integrate security practices throughout the CI/CD pipeline
  • Perform threat modeling and risk assessments for applications, developing mitigation strategies for potential risks
  • Manage vulnerability tracking and remediation efforts, providing guidance to development teams
  • Support incident response activities related to application security
  • Stay current on emerging security threats and trends in cloud-native technologies and AI, continuously enhancing our security measures
  • Evaluate and secure software supply chains, including producing and maintaining Software Bills of Materials (SBOMs)
  • Address security concerns specific to AI and machine learning models, with a focus on the OWASP LLM Top 10

Technologies

PythonRustCI/CD pipelinesDevSecOps practicesBurp SuiteOWASP ZAPStatic code analysisDynamic code analysisSoftware Bills of Materials (SBOM)GCPAWSAzureGitOpsInfrastructure-as-codeFederated learningPrivacy-preserving machine learning

See if your resume is ready for this job

See how our AI can optimize your resume and improve your chances for this role.