About this roleWRITER is seeking an

Application Security Engineer

with deep expertise in AppSec, DevSecOps automation, and red team operations to secure our AI and AGI applications.At WRITER, security is woven into the heart of our innovation. As we continue to push the boundaries of AI, we need a seasoned security engineer who can anticipate threats, integrate security into fast-moving development pipelines, and validate our defenses through hands-on testing.You’ll play a pivotal role in building security directly into our CI/CD workflows, uncovering and exploiting vulnerabilities before attackers can, and collaborating with cross-functional partners to safeguard our cutting-edge AI solutions. This is a highly technical, impact-driven role for someone who thrives at the intersection of security engineering, automation, and offensive testing.If you’re passionate about proactively securing complex applications—and can turn red team findings into real-world defenses—we want to hear from you.Role Boundaries and CollaborationWhat You Own (Responsible)Build pipeline security (pre-deployment phase)

Security gates and checks in CI/CD

Application penetration testing

Container scanning in build phase

Application-layer vulnerability discovery

What You Don''t Own (Others Lead)Deployment pipeline security (Cloud/Infrastructure owns)

Infrastructure-as-code security (Cloud/Infrastructure owns)

Production runtime security (Cloud/Infrastructure owns)

AI model security research (AI Security owns)

Key PartnershipsWith Cloud/Infrastructure : Clear handoff at build/deploy boundary. You secure the build; they secure the deploy

With AI Security : They provide threat models for AI-specific risks; you implement tests in CI/CD

With Detection and Response : You find vulnerabilities proactively; they detect attacks in production

?????

Your responsibilitiesEmbed security in the build pipeline

— Own pre-deployment application security, including automated vulnerability scanning, container scanning, and custom security gates in CI/CD.

Conduct advanced application penetration testing

— Perform comprehensive testing on AI applications, APIs, and model endpoints, simulating adversarial attacks to validate controls.

Automate security testing at scale

— Develop scripts, tools, and frameworks for continuous security assessment, including SAST, DAST, and SCA integration.

Lead application-layer red team exercises

— Plan and execute engagements that mimic sophisticated adversary techniques targeting AI systems.

Hunt and validate vulnerabilities

— Discover, reproduce, and chain vulnerabilities into realistic attack paths, providing actionable remediation guidance.

Advise on security architecture

— Review designs for weaknesses, create secure patterns, and identify systemic issues across applications.

Collaborate across boundaries

— Partner with Cloud/Infrastructure on deployment/runtime security, AI Security on threat modeling, and Detection and Response on defensive validation.

?

Is this you?Required Experience8+ years in application security, with a strong focus on hands-on testing.

5+ years conducting penetration tests and security assessments.

Proven record of finding and exploiting critical vulnerabilities.

Deep experience integrating security into DevOps workflows and CI/CD pipelines.

Strong programming skills for exploit development and security automation.

Expertise in web application and API security, including cloud-native architectures.

Technical ExpertiseProficient with penetration testing tools (e.g., Burp Suite, OWASP ZAP, custom scripts).

Skilled in SAST, DAST, and SCA tools.

Strong understanding of application-layer attack techniques and exploitation.

Experience with supply chain security and build pipeline hardening.

Execution and ImpactDemonstrated ability to identify vulnerabilities others miss.

Proven track record of automating security testing in fast-paced development cycles.

Ability to translate red team findings into concrete defensive measures.

History of effective collaboration with engineering teams.

Preferred QualificationsBackground in software development or DevOps.

Experience testing AI/ML applications.

Security certifications such as OSCP, OSWE, or GWAPT.

Published security research or CVEs.

Experience with purple team operations.

Benefits and perks (UK full-time employees):Generous PTO, plus company holidays

Comprehensive medical and dental insurance

Paid parental leave for all parents (12 weeks)

Fertility and family planning support

Early-detection cancer testing

through Galleri

Competitive pension scheme and company contribution

Annual work-life stipends for:Home office setup, cell phone, internet

Wellness stipend for gym, massage/chiropractor, personal training, etc.

Learning and development stipend

Company-wide off-sites and team off-sites

Competitive compensation and company stock options

#J-18808-Ljbffr