What are the responsibilities and job description for the Senior Application Security Engineer - DevSecOps & AI Security position at ChatGPT Jobs?
Job Description
Location: Atlanta, GA
Location: Atlanta, GA
- On-site, Remote (Hybrid: 4 days in office, 1 day remote)
- 10 years of experience
- Strong experience designing and implementing AppSec programs within DevSecOps, including integration of SAST, SCA, DAST, and related tooling into CI/CD pipelines
- Deep understanding of application security testing approaches (SAST, DAST, SCA) and how they complement each other
- Experience with application vulnerability management and metrics, including:
- Defining KPIs (e.g., MTTR, severity trends, SLA compliance)
- Delivering actionable dashboards and executive reporting
- Hands-on experience with enterprise AppSec platforms and ecosystems, including: GitHub Enterprise, ADO, Sonatype, Fortify, Snyk, Jfrog, etc.
- Experience evaluating and securing AI-enabled application components, including LLM integrations, agent-based workflows, and AI-driven APIs
- Proficiency in one or more coding languages, such as C#, Python, Java, or JavaScript
- Strong background in application and cloud security architecture, including APIs, microservices, and modern application patterns
- Experience ensuring secure development practices for AI-generated code, including integration with SAST, SCA, and CI/CD pipelines for automated scanning and policy enforcement
- Ability to perform detailed information security risk assessments and recommend mitigating controls
- Experience promoting security as a business enablement function with documentation, metrics, and strong verbal communication
- Experience embedding security controls into developer workflows, enabling "shift-left" security while maintaining delivery velocity
- Ability to translate technical findings into business risk, supporting prioritization, remediation strategies, and leadership reporting
- Working knowledge of industry frameworks and standards (e.g., OWASP Top 10, secure coding practices, NIST/ISO)
- At least 5 years in application security, DevSecOps, or related roles; relevant industry certifications (CISSP, CSSLP, CCSP, CISA, GIAC, OSCP, etc.) preferred
- Must pass Insider Threat Protection background checks