Application Security Engineer

Responsibilities

• Establish AI security governance and guardrails for the use of AI coding assistants.
• Integrate security practices throughout the SDLC, including threat modeling and secure code reviews.
• Manage vulnerabilities by identifying, triaging, and remediating issues using SAST, DAST, and SCA tools.
• Conduct manual and automated penetration testing of web, mobile, and cloud applications.
• Support DevSecOps initiatives by integrating AI-assisted security automation within CI/CD pipelines.
• Assist in investigating security incidents and working with engineering teams on remediation.
• Educate and mentor developers on OWASP Top 10, SANS 25, and other security best practices.

Requirements

• Bachelor's degree in Computer Science, Engineering, or a related field.
• Minimum 2 years of software development or software security experience in an agile environment.
• Hands-on experience applying Generative AI or ML to security use cases like vulnerability triage or threat detection.
• Proficiency with SAST, DAST, IAST, and SCA tools (e.g., Checkmarx, Fortify, Veracode, or Burp Suite).
• Fluency in at least one programming language such as Python, Java, or JavaScript.
• Strong understanding of security standards including OWASP and NIST.
• Knowledge of cloud security best practices in AWS, Azure, or GCP.
• Familiarity with AI/LLM-specific security risks such as prompt injection and model poisoning.

About the Company

Strategy (Nasdaq: MSTR) is a market leader in enterprise analytics and AI software, transforming organizations into intelligent enterprises through data-driven innovation. We are also at the forefront of digital asset innovation, having adopted bitcoin as our primary treasury reserve asset. We thrive on curiosity and a relentless pursuit of excellence, fostering a culture that is bold, agile, and impactful.