Analysis Skills, Application Programming Interface (API), Applications Security, Artificial Intelligence (AI), Automation, Computer Security, Continuous Deployment/Delivery, Continuous Integration, Documentation, Establish Priorities, IDE (Integrated Development Environment), Intel Product Family, Machine Tool, Malware, Metrics, Model Review, Onboarding, Open Source, Programming Tools, Risk, Sales Pipeline, Scripting (Scripting Languages), Security Infrastructure, Software Engineering, Software Patches, Supply Chain, Testing, Validation Testing, Web Client Plug-ins, Workflow Analysis
AI-Driven Application Security Triage Engineer
Location: Remote
Hours: 8-hour workday with flexible start times
Pay Rate: $90/hr on W2
Type of Hire: 1-year contract to start; potential extension based on performance
What a Day Looks Like
You start your morning scanning the latest SCA, SAST, and DAST findings. Critical and high-risk items are quickly validated, false positives are filtered out, and you document clear remediation guidance. When a PatchNow Critical event lands, you lead the scope analysis, route owners, and drive mitigation steps through to verified closure. If a threat intelligence escalation appears, you coordinate a fast, structured response.
By midday, you’re drafting concise briefs on newly disclosed and frontier-model-influenced vulnerabilities, translating technical details into action plans for development teams. In the afternoon, you’re hands-on with AI-enabled security tooling—testing frontier-model capabilities for code reasoning, triage acceleration, and remediation recommendations while ensuring auditability, secure use controls, and human-in-the-loop review.
Before you wrap, you reinforce our software supply chain security—from dependency hygiene (SBOM visibility, malicious package detection, policy enforcement) to safeguarding developer IDEs, plugins/extensions, code-assist tools, package managers, and CI integrations against compromised components and unsafe configurations.
Core Responsibilities
- Deliver unified triage across SCA/SAST/DAST findings: validate severity, assess exploitability, analyze false positives, and provide actionable fixes and escalations for production and business-critical apps.
- Coordinate responses to threat intelligence escalations and PatchNow Critical events, including scoping, owner routing, mitigation guidance, tracking, and closure verification.
- Monitor and analyze newly disclosed and novel vulnerabilities—especially those accelerated by frontier-model research—and produce actionable remediation briefs.
- Engineer, test, and implement AI-assisted security tooling leveraging frontier models for vulnerability identification, code reasoning, triage acceleration, and analyst workflow automation with appropriate guardrails.
- Support evaluation and onboarding of new AI capabilities: proof-of-value execution, security testing, control validation, data handling review, model output evaluation, success metrics, and governance documentation.
- Strengthen software supply chain security: secure open-source dependency intake, SBOM and component visibility, malicious package detection, dependency health assessment, and policy enforcement across dev, pipeline, and artifact workflows.
- Improve developer environment security: harden IDEs, plugins/extensions, package managers, code-assist tools, and CI integrations against malicious code and compromised components.
Must-Have Experience
- 3+ years of code scanning
- 3+ years of open-source scanning
- 3+ years of dynamic and static scanning
Qualifications
- Proven track record triaging SCA/SAST/DAST findings and driving high-severity escalations (threat intel and critical patch events) to remediation and closure.
- Engineering background in scripting, automation, APIs, CI/CD workflows, developer tooling, or security platform integrations.
- Hands-on familiarity with AI-enabled security tools, frontier models, coding assistants, prompt/tool orchestration, model evaluation, or AI governance.
- Experience securing the software supply chain and developer tooling (IDEs, plugins/extensions, package managers, CI/CD integrations) from compromise and malicious code.
- Ability to convert technical vulnerabilities into clear remediation steps, risk summaries, and prioritized recommendations for dev and security stakeholders.
Proficiencies
- Code Scanning
- DAST
- Open-source scanning
- SAST
- SCA
- Dynamic and static scanning
Tools & Technologies
- CI/CD
- Artificial Intelligence