Senior Security Engineer to support DevSecOps team and drive the GenAI security strategy, enhan[...]

Our Public Sector client is seeking a Senior Security Engineer to support the DevSecOps team and drive the GenAI security strategy, enhance Cloud application security policies in Azure, and assist with maturing the security engineering program. - 0115969

12 months contract, 1 day/month to start; 3 days/week in Office as of November + as requested.

Must Have:

• 10+ years of experience with information security and secure application development
• A minimum of 1 year experience in securing GenAI solutions
• Demonstrated subject matter expertise in Application Security, API security, GenAI/LLM security
• In-depth experience with threat modeling, secure code reviews, and penetration testing
• Experience architecting and leading security for Cloud native applications in Azure, Azure DevOps
• Undergraduate degree in Computer Science or STEM (Science, Technology, Engineering or Math)

Nice to Have:

• Experience in performing penetration testing for GenAI models and related solutions
• Experience with the security of automation built around Gen AI inputs and outputs
• Knowledge of Azure cloud architecture, Azure Defender, and Azure Security Center policies
• Experience in defining and documenting security reference architectures and standards
• Experience with SAST/DAST/SCA tools like BurpSuite, Mend
• Knowledge of Secure SDLC frameworks such as NIST SSDF, OpenSAMM, BSIMM

Responsibilities:

• Partnering with architecture, application, security, and operational teams to identify security patterns, requirements, and drive security on AI and Cloud application projects.
• Research new security threats for GenAI systems and mechanisms for defending against such threats, to continuously improve our security guidance and solutions.
• Collaborate with cloud engineers and application developers to build automated tooling and solutions that support teams throughout their software development journey.
• Define security controls for the implementation of platforms using AI/ML, utilizing a combination of Cloud-native and On-Premises Security tools and applications.
• Conduct security reviews and provide recommendations for IaaS, PaaS, & SaaS Cloud environments, cloud applications, and AI solutions.
• Develop Cloud Security requirements and policies for IaaS, PaaS, and CaaS environments built using Terraform.
• Design and implement security controls and policies with Microsoft Defender suite, Microsoft Security Center, and equivalent security tools for Cloud applications.
• Document security guardrails for AI and cloud application security and build team knowledge of security engineering practices.