CrawlJobs Logo
Notion Logo Notion · IT - Software Development

Application Security Engineer, AI Security

United States, San Francisco Employment contract 230000.00 - 280000.00 USD / Year · Job Posted June 07, 2026
Apply Position
Job Link Share

Job Description

Notion is looking for security engineers that have a passion for securing complex products. As an Application Security Engineer working on AI Security you will be a consultant, advocate and builder that is hyper focused on preventing and eliminating security risk for Notion’s AI products.

Job Responsibility

  • Help define the security models for Notion’s products as they ship, giving guidance to engineering and product teams to ensure new features meet strict enterprise security requirements
  • Perform hands on testing and develop automated red teaming for AI and agentic features, especially focused on AI specific risks like prompt injection
  • Make the secure path the easy path for product teams by providing design guidance and finding architectural solutions that eliminate classes of vulnerabilities
  • Provide developers guidance and education on security and privacy best practices that prevent the authoring of vulnerabilities
  • leverage skills, MCP enabled tools, and hooks to help prevent vulnerabilities for developers using agentic coding tools
  • Participate in and drive mitigation strategies during AppSec related incident responses

Requirements

  • Security Architecture expertise: You have at least 6+ years of experience working with product teams to design and/or build secure software
  • Thoughtful problem-solving
  • Impact-driven approach to technology
  • Pragmatic and business-oriented
  • Empathetic communication
  • Startup mentality
  • You don’t need to be an AI expert, but you’re curious and willing to adopt AI tools to work smarter and deliver better results

Nice to have

  • Experience building AI-enabled applications in production (LLMs and/or classical ML), including prompt + tool orchestration, retrieval, evaluation, and iteration based on real-world feedback
  • Published reports of vulnerabilities you have found or AppSec related blog posts, especially anything AI related
  • Participation in bug bounty programs or capture the flag exercises
  • Involvement in local or regional security user groups or conferences

What we offer

Highly competitive cash compensation, equity, and benefits

Notion - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Application Security Engineer, AI Security

8 matching positions

Application Security Engineer – AI & Cloud

This role is the first dedicated Application Security hire on a growing security...
Location
Location
United States , Minneapolis
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Application Security, Security Engineering, DevSecOps, or secure software development
  • Hands-on experience with SAST, DAST, secrets scanning, and dependency review in enterprise environments
  • Strong knowledge of API security — authentication, authorization, transport security, and data handling risks
  • Working knowledge of AWS security fundamentals — IAM, logging, encryption, networking, and secrets management
  • Experience securing or governing AI-assisted development tools such as Cursor, GitHub Copilot, or similar
  • AWS fundamentals including IAM, secrets management, logging, and networking
  • Experience embedding security controls into SDLC and CI/CD pipelines
  • Strong documentation skills — ability to produce defensible standards and audit-ready evidence for NIST and SOC 2
  • Excellent verbal and written communication skills
  • ability to work effectively with developers, architects, and business stakeholders
Job Responsibility
Job Responsibility
  • Own and operate the organization’s SAST and DAST programs end-to-end
  • Design, deploy, tune, and mature SAST and DAST tooling across development and release pipelines
  • Review application code, including AI-generated code, to identify vulnerabilities, insecure patterns, secrets exposure, and data handling risks
  • Partner directly with software developers to triage findings, prioritize remediation, and validate fixes
  • Act as a trusted AppSec partner to engineering, not a gatekeeper
  • Perform application and API security reviews across internally developed and SaaS-integrated systems
  • Evaluate authentication, authorization, transport security, rate limiting, session handling, logging, and data exposure risks
  • Assess externally exposed applications and APIs for secure design and release readiness
  • Support secure AWS application patterns including IAM, secrets management, logging, networking, and containerized workloads
  • Help centralize and improve secrets management using AWS Secrets Manager and enterprise tooling
What we offer
What we offer
  • medical, vision, dental, and life and disability insurance
  • eligibility to enroll in our company 401(k) plan
Read More
Arrow Right

Application & Ai Security Engineer

We are looking for an Application & AI Security Engineer to support secure softw...
Location
Location
United States , Plymouth
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated hands-on experience securing enterprise applications and platforms in active development environments
  • Strong practitioner-level background in application security, including vulnerability identification and risk reduction
  • Solid understanding of authentication, authorization, transport security, and data exposure risks across connected systems
  • Experience governing or securing AI coding assistants such as Cursor, GitHub Copilot, or comparable developer tools
  • Working knowledge of cloud and platform security fundamentals, including identity and access management, secrets management, logging, and networking
  • Ability to operate effectively in fast-paced environments with shifting priorities and ongoing change
Job Responsibility
Job Responsibility
  • Lead security reviews for enterprise applications and integrated platforms, identifying weaknesses related to authentication, authorization, data handling, and service communication
  • Establish guardrails for AI-assisted development tools such as GitHub Copilot, Cursor, and similar platforms to promote secure coding and responsible usage
  • Work directly with engineering and platform teams to embed application security practices into design, development, and deployment activities
  • Assess cloud and infrastructure configurations with attention to identity controls, secrets protection, logging, and network security fundamentals
  • Provide practical remediation guidance for vulnerabilities discovered in applications, APIs, and supporting environments
  • Support security improvements across ERP and business system integrations where secure data exchange and access control are critical
  • Drive adoption of security standards and influence teams through periods of rapid change and evolving technical priorities
What we offer
What we offer
  • medical, vision, dental, and life and disability insurance
  • 401(k) plan
  • free online training
Read More
Arrow Right

Senior Security Engineer - Application Security

This is an opportunity to join K's critical InfoSec team as a Senior Security En...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 185000.00 USD / Year
khealth.com Logo
K Health
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Information Security, Cloud Security, IT Security, and/or Application Security
  • Strong expertise in cloud technology (AWS, GCP, or Azure), modern programming languages, utilization of generative coding utilities, and the security implications of utilizing AI code development utilities
  • Demonstrated experience researching, establishing, and successfully rolling out enterprise-wide security policies and guidelines
  • Proven experience establishing a cutting-edge security posture, particularly within the regulated healthcare technology field
  • Excellent communication skills, capable of translating complex security risks into clear, actionable advice for technical and non-technical stakeholders
  • Expertise in compliance, security, and regulatory areas such as
  • HIPAA, PHI, AKS, SOC 2, ISO, GDPR, etc.
  • Flexibility in covering a rotation for critical on-call support responsibilities
Job Responsibility
Job Responsibility
  • Lead the development and implementation of robust application security protocols throughout the entire Software Development Lifecycle (SDLC)
  • Design, deploy, and continuously monitor cloud security architecture across our cloud environments, ensuring performance and resilience
  • Manage the security posture of K’s core IT infrastructure, internal networks, and perimeter defenses, mitigating threats before they impact operations
  • Ensure adherence to relevant healthcare regulatory and compliance requirements (e.g., HIPAA, GDPR, etc.) across all product lines and systems
  • Conduct proactive vulnerability assessments, penetration tests, and security reviews to identify and remediate potential weaknesses in our platforms
  • Collaborate with engineering teams to integrate security tools and practices into continuous integration/continuous deployment (CI/CD) pipelines
What we offer
What we offer
  • Hybrid work schedule with weekly lunches and stocked fridges
  • Monthly social committees for company events
  • 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days
  • Stock options for every full-time employee
  • Paid parental leave
  • 401k benefit
  • Commuter Benefits
  • Competitive health, dental, and vision insurance options
  • Fulltime
Read More
Arrow Right

Security Engineer, Application Security

Figure is an AI Robotics company developing a general purpose humanoid. Our huma...
Location
Location
United States , San Jose
Salary
Salary:
150000.00 - 350000.00 USD / Year
figure.ai Logo
Figure
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in several of the following application security domains: penetration testing, vulnerability research, security assessment, secure coding practices, security architecture & design, hardware security
  • Strong software engineering (not scripting or automation) skills in C/C++, Rust, Golang, Python or similar
  • Experience with securing embedded systems, including secure boot, secure identity, OTA, or others
  • Solid foundation in web security, mobile security, or cryptography
  • Ability to collaborate with internal and external stakeholders whilst prioritizing tasks and work independently under minimal supervision.
  • BS in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field
  • 3+ years of experience in the field of application security or related security role
  • Passion for learning and helping others
  • Excellent verbal and written communication skills, with high attention to detail
Job Responsibility
Job Responsibility
  • Conduct security assessments of applications, embedded systems, back-end services, and business integrations, as well as build tooling for a secure development lifecycle
  • Design technical solutions to mitigate security weaknesses on the robot and our service stack. Work with teams across the company to implement them.
  • Build frameworks and systems to prevent classes of vulnerabilities
  • Hunt for vulnerabilities and insecure coding patterns on our product stack (backend services and robot internal systems)
  • Be a champion for security and user privacy
  • Fulltime
Read More
Arrow Right
New

Senior Security Engineer - AI Products & Platforms

We are Citi's Application, Platform and Engineering team, a start-up with the ex...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bring your deep-dive application security engineering expertise from building production systems
  • Thrive in a results-driven environment, where flexibility fuels impact
  • Be a game-changer, ready to step beyond your designated role
  • Love the synergy of pair programming? So do we!
  • Seize the opportunity to secure AI applications at scale. Jump in!
  • A relentless passion to learn more about AI security, LLM attacks, and bringing your knowledge to shape Citi's secure AI future
  • Production system builder with security focus - proven track record of architecting and building secure, large-scale production applications and business-facing platforms from the ground up
  • Ethical hacking and penetration testing expertise - hands-on experience finding and exploiting vulnerabilities, conducting red team exercises, and thinking like an attacker to strengthen defenses
  • State-of-the-art security engineering with Go, Python, JavaScript - you build both security tools and secure production systems in fast-paced environments
  • HashiCorp Vault mastery - deep experience writing custom plugins, creating secrets engines, implementing dynamic credentials, and extending Vault functionality for enterprise-scale secrets management
Job Responsibility
Job Responsibility
  • Build secure AI products from 0-1 - Engineer production-grade, business-facing AI platforms with security built-in from day one
  • Ethical hacking and red team activities - Conduct penetration testing, vulnerability research, and attack simulation to make our products bulletproof
  • Design and build security tools and frameworks - Create automated security solutions that scale across fast-paced development cycles
  • Secure novel AI attack surfaces - Identify and mitigate LLM-specific vulnerabilities, prompt injection attacks, and AI model security risks through hands-on testing
  • Lead "shift left" security - Embed security practices throughout our rapid development lifecycle while maintaining velocity
  • Mentor security practices - Guide other engineers on secure coding, vulnerability remediation, and security-first thinking
What we offer
What we offer
  • 27 days annual leave (plus bank holidays)
  • A discretional annual performance related bonus
  • Private Medical Care & Life Insurance
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • hybrid working model (up to 2 days working at home per week)
  • business casual workplace
  • Fulltime
Read More
Arrow Right

Sr. DevSecOps & AI Security Engineer

As a SR. DevSecOps & AI Security Engineer, you will lead the design and follow t...
Location
Location
Greece , Athens
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in Cyber Security field (typically 3+ years) ideally with proven expertise in DevSecOps initiatives, securing CI/CD pipelines and secure coding within development teams
  • Hands-on experience in software engineering and/or cloud engineering environments, with strong understanding of modern application and cloud-native architectures
  • Strong understanding of Secure SDLC, DevSecOps practices, and application of security controls across both software and AI/ML pipelines
  • Strong stakeholder management, influencing, coaching, and collaboration skills
  • Master’s or Bachelor’s Degree in Computer Science, Information Systems, Cyber Security, Artificial Intelligence or other related field
Job Responsibility
Job Responsibility
  • Lead the integration of security practices into the DevOps lifecycle, enforcing secure-by-design principles and secure coding standards, including automation of controls across CI/CD pipelines
  • Design and implement comprehensive application and AI security programs, including secure code reviews, AI model risk assessments (e.g., model poisoning, prompt injection), and vulnerability management
  • Lead the secure architecture design and reviews for digital platforms and AI systems, ensuring alignment with cloud-native security principles, industry standards, and regulatory requirements
  • Lead and execute end-to-end security assessments across applications, cloud environments, and AI systems, delivering actionable risk insights and remediation strategies
  • Monitor emerging cyber and AI threats, and collaborate with engineering, cloud, and AI teams to embed security controls, provide guidance, and strengthen the organization’s overall security posture
What we offer
What we offer
  • Award-winning work environment -certified #1 Top Employer in Greece
  • Competitive pay, bonus & remuneration package
  • Private Health & Medical Insurance
  • Hybrid way of working: a blend of remote and office-based working, including the option to work from abroad
  • Unlimited access to learning resources and trainings
  • Vodafone Parental Leave: 16 weeks of fully paid parental leave to all employees regardless of gender, sexual orientation or length of service
  • Spirit of Vodafone Day: one day each quarter dedicated to your personal development
  • Extra days off: Vodafone Day, Family Day, Volunteering Day
  • Office amenities (subject to the office location): such as restaurant, beauty corner, gym and parking
  • Special employee offers and discounts
  • Fulltime
Read More
Arrow Right

Software Engineer, Security (AI Code)

We're looking for a Fullstack Engineer who lives and breathes AI code security. ...
Location
Location
Sweden , Stockholm
Salary
Salary:
Not provided
lovable.dev Logo
Lovable
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years of experience in code security, static analysis, or code scanning, ideally building or contributing to security-focused products (SAST, linters, vulnerability scanners, or similar - with AI or advanced machine learning techniques)
  • 5+ years of full-stack engineering experience shipping high-quality products
  • Proficiency in modern frontend (React/TypeScript) and backend (Golang, Rust) development
  • Solid understanding of systems design, performance tradeoffs, and scalable architecture
  • Strong product sense and ability to translate security findings into intuitive, actionable user experiences
  • Bonus: Master's or PhD in code analysis, static analysis, or a related field
  • Experience integrating AI/LLMs into security tooling
  • Familiarity with mobile app security scanning
Job Responsibility
Job Responsibility
  • Build out our code scanning engine: Design and implement static analysis and security scanning that surfaces findings in user-generated application code across web and mobile
  • Ship features end-to-end across frontend, backend, and infrastructure as part of a small, self-sufficient team (≤3 engineers)
  • Integrate AI/LLM capabilities into security workflows to detect, explain, and remediate vulnerabilities
  • Advocate for secure coding practices, conduct security-focused code reviews, and raise the bar across the engineering org
  • Influence our technical direction and product strategy with a security-first mindset
  • Help make Lovable the most secure AI product in the market
  • Fulltime
Read More
Arrow Right

Distinguished Engineer – AI Security

We're building a world of health around every individual — shaping a more connec...
Location
Location
United States , Scottsdale
Salary
Salary:
175100.00 - 334750.00 USD / Year
https://www.cvshealth.com/ Logo
CVS Health
Expiration Date
June 30, 2026
Flip Icon
Requirements
Requirements
  • 15+ years of AI experience, including significant depth in advanced technical or architectural roles
  • 5+ years of cybersecurity experience defining and integrating security standards and controls that aligned to established frameworks such as NIST CSF
  • Deep expertise in AI security concepts such as adversarial ML, secure model deployment, AI agent authorization, AI data loss protection, AI safety, and AI risk management
  • Strong background in Zero Trust architecture and hybrid infrastructure security
  • Demonstrated ability to lead and influence large-scale, cross-functional security initiatives
  • Hands-on experience building, deploying, and securing AI systems and platforms in enterprise environments
  • Practical experience applying AI security and risk management frameworks in real-world engineering contexts
  • AI Security Frameworks: MITRE ATLAS, NIST RMF, ISACA AI Audit Toolkit, and emerging ISO/IEC AI security standards
  • AI Technologies: Expert conceptual and hands-on implementation knowledge of core ML and generative AI technologies including transformer-based NLP, LLM-based generative AI and agentic AI
  • AI Risk Management & Model Security: Threat modeling, adversarial defenses, model lifecycle security, and vulnerability management
Job Responsibility
Job Responsibility
  • Define and help execute the enterprise AI security strategy, spanning secure model selection, development, and deployment criteria, adversarial threat mitigation, and alignment with emerging AI governance requirements
  • Design, build, and maintain reusable AI security frameworks, reference patterns, and technical standards for model integrity, secure data pipelines, and privacy-preserving machine learning
  • Perform hands-on security assessments of AI systems, identify risks, and provide mitigation guidance based on AI security posture management and detection findings
  • Drive innovation in AI security techniques, controls, and tooling through applied research and practical implementation
  • Apply and guide the application of AI security frameworks such as MITRE ATLAS, NIST RMF, and emerging ISO/IEC AI standards to secure the end-to-end AI lifecycle
  • Apply Zero Trust principles to hybrid and cloud infrastructure environments supporting AI workloads, including workload identity, segmentation, and continuous verification
  • Partner closely with Enterprise Architecture and Platform Engineering to integrate AI security controls into infrastructure design patterns and shared services
  • Guide and, where appropriate, directly implement security capabilities across on-premises and cloud platforms to ensure consistent protection for AI and traditional systems
  • Hands-on Engineering & Prototyping: Design and build proof-of-concept solutions, reference implementations, and reusable components to validate AI security and infrastructure security approaches
  • Framework and Pattern Development: Architect repeatable security patterns and guardrails that can be adopted by data science, engineering, and platform teams
What we offer
What we offer
  • Affordable medical plan options
  • 401(k) plan (including matching company contributions)
  • Employee stock purchase plan
  • No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching
  • Paid time off
  • Flexible work schedules
  • Family leave
  • Dependent care resources
  • Colleague assistance programs
  • Tuition assistance
  • Fulltime
Read More
Arrow Right