{"version":"0.1","company":{"name":"YubHub","url":"https://yubhub.co","jobsUrl":"https://yubhub.co/jobs/skill/application-risk-assessments"},"x-facet":{"type":"skill","slug":"application-risk-assessments","display":"Application Risk Assessments","count":2},"x-feed-size-limit":100,"x-feed-sort":"enriched_at desc","x-feed-notice":"This feed contains at most 100 jobs (the most recently enriched). For the full corpus, use the paginated /stats/by-facet endpoint or /search.","x-generator":"yubhub-xml-generator","x-rights":"Free to redistribute with attribution: \"Data by YubHub (https://yubhub.co)\"","x-schema":"Each entry in `jobs` follows https://schema.org/JobPosting. YubHub-native raw fields carry `x-` prefix.","jobs":[{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_f77c41bb-0ad"},"title":"Application Security Engineer","description":"<p>We are seeking an experienced Application Security Engineer to join our team. As a subject matter expert, you will have direct experience in a wide range of security technologies, tools, and methodologies. The role is suited for an experienced Application Security engineer with proven understanding in enterprise security and AI security and will focus on building toolsets and processes to drive adoption of secure practices across the enterprise.</p>\n<p>The team fosters a collaborative environment and is building a best-in-class program to partner with the business to protect the Firm’s information and computer systems. Millennium is a complex and robust technical environment and securing the Firm from external and internal threats is a top priority.</p>\n<p><strong>Responsibilities</strong></p>\n<ul>\n<li>Define and implement security guardrails for Generative AI, LLMs, and Agentic frameworks, ensuring safe enterprise adoption.</li>\n<li>Conduct specialized threat modeling, red teaming, and risk assessments for AI/ML models (e.g., testing for prompt injection, model theft, and data poisoning).</li>\n<li>Lead risk management activities, including application risk assessments, design reviews, and mitigation strategies for IT projects.</li>\n<li>Engage throughout the SDLC to identify vulnerabilities, conduct code reviews/penetration testing, and enforce secure coding standards.</li>\n<li>Evangelize AppSec and AI security best practices through developer education, training materials, and outreach.</li>\n<li>Design robust security architectures and integrate automated security testing (SAST/DAST/SCA) into CI/CD pipelines.</li>\n<li>Partner with Technology, Trading, Legal, and Compliance to create policies and communicate technical risks to non-technical stakeholders.</li>\n</ul>\n<p><strong>Qualifications</strong></p>\n<ul>\n<li>Bachelor&#39;s degree or higher in Computer Science, Computer Engineering, IT Security or related field.</li>\n<li>5+ years’ experience working as an Application Security Engineer, Software Engineer, or similar role.</li>\n<li>Deep understanding of AI-specific risks (OWASP Top 10 for LLMs) and experience securing applications utilizing LLMs.</li>\n<li>Experience working with AI models, Agentic frameworks and security risks associated with AI.</li>\n<li>Experience in working with global teams, collaborating on code and presentations.</li>\n<li>Demonstrated work experience in hybrid on-premise and Public Cloud environments (AWS/GCP/Azure)</li>\n<li>Strong understanding of security architectures, secure configuration principles/coding practices, cryptography fundamentals and encryption protocols.</li>\n<li>Experience with common SCM &amp; CI/CD technologies like GitHub, Jenkins, Artifactory, etc. and integrating Security Scanning and Vulnerability Management into the CI/CD Pipelines</li>\n<li>Familiarity with static and dynamic security analysis tools, and SCA/SBOM solutions.</li>\n<li>Hands on experience with Secrets Management &amp; Password Vault technologies such as Delinea Secret Server and/or Hashicorp Vault, etc.</li>\n<li>Strong experience in secure programming in languages such as Python, Java, C++, C#, or similar.</li>\n<li>Familiarity with Infrastructure as Code tools (CloudFormation, Terraform, Ansible, etc.)</li>\n<li>Familiarity with web application security testing tools and methodologies.</li>\n<li>Knowledge of various security frameworks and standards such as ISO 27001, NIST, OWASP, etc.</li>\n<li>Knowledge of Linux, OS internals and containers is a plus.</li>\n<li>Certifications like CISSP, CISM, CompTIA Security+, or CEH are advantageous.</li>\n</ul>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_f77c41bb-0ad","directApply":true,"hiringOrganization":{"@type":"Organization","name":"IT Infrastructure","sameAs":"https://mlp.eightfold.ai","logo":"https://logos.yubhub.co/mlp.eightfold.ai.png"},"x-apply-url":"https://mlp.eightfold.ai/careers/job/755955629927","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["AI-specific risks","Generative AI","LLMs","Agentic frameworks","Security guardrails","Threat modeling","Red teaming","Risk assessments","Application risk assessments","Design reviews","Mitigation strategies","Secure coding standards","Automated security testing","CI/CD pipelines","Security architectures","Secure configuration principles","Cryptography fundamentals","Encryption protocols","SCM & CI/CD technologies","Security scanning","Vulnerability management","Static and dynamic security analysis tools","SCA/SBOM solutions","Secrets management","Password vault technologies","Secure programming","Infrastructure as Code tools","Web application security testing tools","Methodologies","Security frameworks","Standards","Linux","OS internals","Containers"],"x-skills-preferred":[],"datePosted":"2026-04-18T22:14:17.280Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Dublin, Ireland"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"AI-specific risks, Generative AI, LLMs, Agentic frameworks, Security guardrails, Threat modeling, Red teaming, Risk assessments, Application risk assessments, Design reviews, Mitigation strategies, Secure coding standards, Automated security testing, CI/CD pipelines, Security architectures, Secure configuration principles, Cryptography fundamentals, Encryption protocols, SCM & CI/CD technologies, Security scanning, Vulnerability management, Static and dynamic security analysis tools, SCA/SBOM solutions, Secrets management, Password vault technologies, Secure programming, Infrastructure as Code tools, Web application security testing tools, Methodologies, Security frameworks, Standards, Linux, OS internals, Containers"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_6a75ea8b-5b4"},"title":"Application Security Engineer","description":"<p>We are seeking an experienced Application Security Engineer to join our team. As a subject matter expert with direct experience in a wide range of security technologies, tools, and methodologies, you will play a key role in building toolsets and processes to drive adoption of secure practices across the enterprise.</p>\n<p>The successful candidate will have a proven understanding in enterprise security and AI security and will focus on defining and implementing security guardrails for Generative AI, LLMs, and Agentic frameworks, ensuring safe enterprise adoption.</p>\n<p>Key responsibilities include:</p>\n<ul>\n<li>Defining and implementing security guardrails for Generative AI, LLMs, and Agentic frameworks</li>\n<li>Conducting specialized threat modeling, red teaming, and risk assessments for AI/ML models</li>\n<li>Leading risk management activities, including application risk assessments, design reviews, and mitigation strategies for IT projects</li>\n<li>Engaging throughout the SDLC to identify vulnerabilities, conduct code reviews/penetration testing, and enforce secure coding standards</li>\n<li>Evangelizing AppSec and AI security best practices through developer education, training materials, and outreach</li>\n</ul>\n<p>Qualifications include:</p>\n<ul>\n<li>Bachelor&#39;s degree or higher in Computer Science, Computer Engineering, IT Security or related field</li>\n<li>5+ years&#39; experience working as an Application Security Engineer, Software Engineer, or similar role</li>\n<li>Deep understanding of AI-specific risks (OWASP Top 10 for LLMs) and experience securing applications utilizing LLMs</li>\n<li>Experience working with AI models, Agentic frameworks and security risks associated with AI</li>\n<li>Experience in working with global teams, collaborating on code and presentations</li>\n</ul>\n<p>Preferred qualifications include:</p>\n<ul>\n<li>Demonstrated work experience in hybrid on-premise and Public Cloud environments (AWS/GCP/Azure)</li>\n<li>Strong understanding of security architectures, secure configuration principles/coding practices, cryptography fundamentals and encryption protocols</li>\n<li>Experience with common SCM &amp; CI/CD technologies like GitHub, Jenkins, Artifactory, etc. and integrating Security Scanning and Vulnerability Management into the CI/CD Pipelines</li>\n<li>Familiarity with static and dynamic security analysis tools, and SCA/SBOM solutions</li>\n<li>Hands on experience with Secrets Management &amp; Password Vault technologies such as Delinea Secret Server and/or Hashicorp Vault, etc.</li>\n<li>Strong experience in secure programming in languages such as Python, Java, C++, C#, or similar</li>\n<li>Familiarity with Infrastructure as Code tools (CloudFormation, Terraform, Ansible, etc.)</li>\n<li>Familiarity with web application security testing tools and methodologies</li>\n<li>Knowledge of various security frameworks and standards such as ISO 27001, NIST, OWASP, etc.</li>\n<li>Knowledge of Linux, OS internals and containers is a plus</li>\n<li>Certifications like CISSP, CISM, CompTIA Security+, or CEH are advantageous</li>\n</ul>\n<p>We offer a competitive salary and benefits package, as well as opportunities for professional growth and development.</p>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_6a75ea8b-5b4","directApply":true,"hiringOrganization":{"@type":"Organization","name":"IT Infrastructure","sameAs":"https://mlp.eightfold.ai","logo":"https://logos.yubhub.co/mlp.eightfold.ai.png"},"x-apply-url":"https://mlp.eightfold.ai/careers/job/755955629908","x-work-arrangement":"onsite","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["AI-specific risks","Generative AI","LLMs","Agentic frameworks","Security guardrails","Threat modeling","Red teaming","Risk assessments","Application risk assessments","Design reviews","Mitigation strategies","Secure coding standards","Developer education","Training materials","Outreach","Common SCM & CI/CD technologies","GitHub","Jenkins","Artifactory","Security Scanning","Vulnerability Management","Static and dynamic security analysis tools","SCA/SBOM solutions","Secrets Management & Password Vault technologies","Delinea Secret Server","Hashicorp Vault","Secure programming","Python","Java","C++","C#","Infrastructure as Code tools","CloudFormation","Terraform","Ansible","Web application security testing tools","Methodologies","Security frameworks","Standards","ISO 27001","NIST","OWASP","Linux","OS internals","Containers"],"x-skills-preferred":[],"datePosted":"2026-04-18T22:14:06.620Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"London, United Kingdom"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"AI-specific risks, Generative AI, LLMs, Agentic frameworks, Security guardrails, Threat modeling, Red teaming, Risk assessments, Application risk assessments, Design reviews, Mitigation strategies, Secure coding standards, Developer education, Training materials, Outreach, Common SCM & CI/CD technologies, GitHub, Jenkins, Artifactory, Security Scanning, Vulnerability Management, Static and dynamic security analysis tools, SCA/SBOM solutions, Secrets Management & Password Vault technologies, Delinea Secret Server, Hashicorp Vault, Secure programming, Python, Java, C++, C#, Infrastructure as Code tools, CloudFormation, Terraform, Ansible, Web application security testing tools, Methodologies, Security frameworks, Standards, ISO 27001, NIST, OWASP, Linux, OS internals, Containers"}]}