Skip to content
xAIxAIPalo Alto, CA

Application Security Engineer

Secures cloud-native applications through code reviews, threat modeling, CI/CD integration, and AI-specific security measures like OWASP LLM Top 10. Requires 3+ years in app sec, Python/Rust proficiency, and bachelor's degree.

200k – 340k/yr
On-site3+ YOESecurity Engineering

About the role

RESPONSIBILITIES

  • Conduct in-depth code reviews and static analysis to identify and mitigate security vulnerabilities in our applications
  • Design and implement secure coding guidelines and best practices for development teams
  • Collaborate closely with development teams to integrate security practices throughout the CI/CD pipeline
  • Perform threat modeling and risk assessments for applications, developing mitigation strategies for potential risks
  • Manage vulnerability tracking and remediation efforts, providing guidance to development teams
  • Support incident response activities related to application security
  • Stay current on emerging security threats and trends in cloud-native technologies and AI, continuously enhancing our security measures
  • Evaluate and secure software supply chains, including producing and maintaining Software Bills of Materials (SBOMs)
  • Address security concerns specific to AI and machine learning models, with a focus on the OWASP LLM Top 10

BASIC QUALIFICATIONS

  • Bachelor's degree in Computer Science, Cybersecurity, or a related field
  • 3-5 years of experience in application security, with a strong focus on code security practices
  • Deep understanding of secure coding practices, application security frameworks, and common vulnerabilities (e.g., OWASP Top 10)
  • Proficiency in Python or Rust programming languages and experience with secure coding practices in these languages
  • Experience securing CI/CD pipelines and implementing DevSecOps practices
  • Familiarity with software supply chain security and SBOM generation tools
  • Experience with security testing tools (e.g., Burp Suite, OWASP ZAP) and static/dynamic code analysis
  • Understanding of AI/ML security implications, particularly those outlined in the OWASP LLM Top 10
  • Excellent communication skills, able to explain complex security issues to both technical and non-technical audiences

PREFERRED SKILLS AND EXPERIENCE

  • Experience with cloud platforms (e.g., GCP, AWS, Azure) and their security features
  • Relevant security certifications (e.g., CSSLP, OSWE)
  • Background in data privacy and compliance regulations relevant to cloud-native applications and AI systems
  • Experience with GitOps and infrastructure-as-code security
  • Familiarity with federated learning and privacy-preserving machine learning techniques
  • Experience in building custom security tooling to enhance and automate security processes
  • Interest in leveraging AI to automate security tasks and improve efficiency
  • Contributions to open-source security projects or tools
  • Experience in securing AI/ML models and data pipelines

COMPENSATION AND BENEFITS

$200,000 - $340,000 USD

Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

Skills

PythonRustOwasp Top 10CI/CDDevSecOpsSbomBurp SuiteOwasp ZapGCPAWS
Nooks

Security Engineer

NooksSan Francisco, CA

Second Security Engineer at Nooks.ai, securing an AI-native sales platform and its AI agents. Own threat modeling, secure SDLC, cloud hardening, compliance (SOC 2), and novel AI security challenges (guardrails, prompt injection). Requires 4-5+ years in infosec with strong app/cloud security fundamentals; startup experience preferred.

200k – 315k/yr
Hybrid5+ YOESecurity Engineering
Decagon

Platform Engineer, Security

DecagonSan Francisco, CA

Lead application security strategy and implementation for Decagon's conversational AI platform. Partner with engineering teams to build security into AI-powered applications and establish testing programs.

200k – 330k/yr
On-site3+ YOESecurity Engineering
Writer

Security engineer, detection and response (US)

WriterSan Francisco, CA

Builds and implements detection systems and automated responses for AI-specific threats like prompt injection and model extraction on distributed GPU infrastructure. Leads incident response, proactive threat hunting, and cross-team security coordination with 3-5+ years in security operations.

200k – 240k/yr
Hybrid3+ YOESecurity Engineering
Notion

Software Engineer, Trust

NotionSan Francisco, CA +1

Builds authentication, security features, and AI-powered risk detection systems to ensure user trust and safety at scale. Requires 5-8 years experience in trust/safety/security with cross-functional collaboration.

200k – 280k/yr
Hybrid5+ YOESecurity Engineering
Thinking Machines Lab

Infrastructure Engineer, Security

Thinking Machines LabSan Francisco, CA

Owns and evolves security infrastructure across compute, storage, networking, and data platforms for foundation models. Architects secure patterns, manages identities/secrets, builds threat models, and automates security checks in Kubernetes/cloud environments. Requires strong systems programming and infra experience.

200k – 475k/yr
On-siteSecurity Engineering