AI AppSec / AiSec Engineer

At Mindbox we connect top IT talents with technology projects for leading enterprises across Europe.

We are looking for an experienced AI AppSec / AI Security Engineer to join our Cybersecurity Technology & Engineering team. This role focuses on advancing application and AI security capabilities by embedding secure-by-design principles within software development lifecycles, as well as addressing emerging security challenges associated with AI-powered solutions and ML pipelines.

You will work closely with global engineering teams, influencing best practices and ensuring that security measures keep pace with the adoption of modern technologies, including large language models, generative AI, and AI-assisted development tools.

This is a strategic, technical hands-on role where you will review code, define security patterns, evaluate AI/ML risks, and help shape secure integration of AI into enterprise environments.

Sounds like your kind of challenge?

What you'll be doing

Perform secure code reviews, delivering actionable and developer-friendly feedback to global engineering teams.
Act as a security consultant: identify insecure coding patterns, deprecated protocols, and compliance gaps; define migration paths to modern secure alternatives.
Evaluate new security solutions through Proof of Concept (POC) and Proof of Value (POV) engagements, applying structured methodologies to validate effectiveness before adoption.
Apply scientific rigor in vulnerability analysis, using metrics and statistical modelling to assess and communicate security risks objectively.
Conduct comparative evaluations of large language models (LLMs) for security applications, including vulnerability detection, fix generation, and security automation.
Assess and secure AI/ML pipelines and generative AI integrations, mitigating risks such as prompt injection, data poisoning, and model abuse.
Define security configuration standards for AI tools and platforms, ensuring compliance with secure-by-default principles.
Review and evaluate AI-assisted development tooling (e.g., GitHub Copilot), measuring risks and testing detection accuracy.
Provide technical mentorship and contribute to knowledge sharing and security capability uplift across engineering teams.
Collaborate on developing reusable security patterns, policies, and guidance for embedding security in new product and service development.

Note: Detailed project information will be shared during the recruitment process.

What you get in return

Flexible cooperation model – choose the form that suits you best
(B2B, employment contract, etc.)
Hybrid work setup – 6 days per month from the office
Collaborative team culture – work alongside experienced professionals eager to share knowledge
Continuous development – access to training platforms and growth opportunities
Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more
High quality equipment – laptop and essential software provided

Who we're looking for

Strong background in application security engineering, including secure code reviews and vulnerability analysis.
Expertise in OWASP Top 10, API security, OAuth2.0/JWT, and understanding of AI/ML-specific security risks (OWASP LLM Top 10).
Ability to conduct threat modelling sessions (e.g., STRIDE, PASTA) and articulate risk findings.
Hands-on experience securing CI/CD pipelines and integrating security tooling (e.g., Checkmarx, SonarQube, TruffleHog, Aqua, Tenable, Nessus).
Strong scripting skills in Python for automation and security tooling.
Familiarity with security frameworks and standards (NIST, ISO 27001) and applying them in regulated environments.
Analytical mindset with an ability to present evidence-based risk assessments to both technical and non-technical audiences.
Excellent communication and collaboration skills; ability to mentor and advise distributed engineering teams.
Experience working in an Agile environment with DevSecOps practices.

Nice to have:

Practical experience applying OWASP LLM Top 10 in real-world AI/ML assessments.
Understanding adversarial ML techniques (model evasion, data poisoning, inversion attacks).
Experience with Software Composition Analysis (SCA) and open-source vulnerability scanning.
Familiarity with penetration testing activities at application and API levels.
Certifications such as CSSLP, OSCP, CEH, or equivalent.
Hands-on experience with secure configurations on cloud platforms (GCP, Azure).
Prior exposure to regulated sectors such as financial services is an advantage.

Joining this project you’ll become part of Mindbox – a tech-driven company where consulting, engineering, and talent meet to build meaningful digital solutions. We’ll back you up every step of the way, accelerate your development, and ensure your skills make a difference.

Ready to take the next step?

Submit your application! We look forward to reviewing your profile 😊

Know someone who might be a great fit?
Feel free to share this opportunity using the referral link: Mindbox Referrals System