Back to search
Lab49 Linkedin · Posted 5d ago

Principal Engineer, Security Engineering

New York, United States

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Location: NYC / LA Hybrid


The Principal Engineer, Application Security is a senior-level role responsible for shaping, engineering, and operationalizing application security and secure SDLC capabilities, with an emphasis on threat modeling AI systems, securing AI-enabled development, and establishing scalable secure development patterns. This role partners closely with the Senior Manager of Application Security, as well as engineering, architecture, product, risk, and governance teams, to translate software and AI risk expectations into practical engineering standards, reusable controls, and developer-ready implementation patterns. The ideal candidate brings deep application security expertise, strong engineering judgment, hands-on builder credibility, experience influencing senior stakeholders, and the ability to improve security review throughput, reduce developer friction, and accelerate delivery while keeping risk within appetite.


Responsibilities:


  • Partner with the Senior Manager of Application Security to lead application security strategy and execution across enterprise software portfolios, with a focus on secure SDLC adoption, developer enablement, improved security review throughput, reduced delivery friction, and measurable risk reduction.
  • Partner with application engineering, architecture, product, and risk leaders to embed security requirements into software design, development workflows, CI/CD pipelines, release processes, and production readiness expectations.
  • Own secure development patterns as a scalable engineering capability, including standards, threat modeling practices, reference architectures, reusable control libraries, paved-road guidance, and developer-ready examples for applications, APIs, AI-enabled products, and developer tooling.
  • Lead threat modeling for AI systems and AI-enabled development workflows, including risks related to data exposure, prompt and tool-use abuse, insecure automation, model interaction patterns, code generation, and software supply chain impacts.
  • Define secure adoption guardrails for AI coding assistants, agentic development tools, automation platforms, and software engineering accelerators, including approved use cases, prohibited patterns, review requirements, data handling expectations, and controls for generated code.
  • Translate governance, audit, risk, and AI oversight expectations into implementable engineering controls, executive-ready recommendations, decision points, and measurable remediation plans for strategic technology initiatives.
  • Establish secure-by-design engineering practices across the SDLC, including secure coding patterns, dependency governance, CI/CD controls, secrets management, identity and access controls, API security, and release readiness expectations.
  • Define and track success measures for secure SDLC adoption, including secure pattern usage, threat model completion for high-risk applications, reduction in repeat findings, remediation cycle time, control coverage in pipelines, and developer enablement outcomes.
  • Serve as a senior application security advisor and matrixed leader for high-risk initiatives, driving alignment across product, engineering, architecture, security, risk, and governance teams without relying solely on direct reporting authority.


Qualifications:


  • 10+ years of experience in application security, security engineering, software engineering, secure SDLC, product security, cloud security, or related technology roles.
  • Deep understanding of secure software development, application architecture, threat modeling, vulnerability management, API security, identity and access management, secrets management, security control design, and production release practices.
  • Experience securing application development workflows, CI/CD pipelines, developer tooling, APIs, data flows, dependency management processes, and production readiness expectations.
  • Strong familiarity with AI security, AI threat modeling, AI-enabled developer tools, secure use of code generation, agentic development workflows, and emerging technology risk management.
  • Strong development and full-stack engineering background, with credibility as a hands-on builder who can prototype secure patterns, validate controls, and engage deeply with engineering teams.
  • Strong engineering judgment and ability to balance application security outcomes with delivery speed, developer experience, operational resiliency, and enterprise risk appetite.
  • Excellent analytical, communication, stakeholder management, and influencing skills, including experience leading cross-functional initiatives and explaining complex software and AI risks to executive, risk, audit, and engineering audiences.


Preferred Qualifications:


  • Experience in financial services, highly regulated environments, or organizations with mature technology risk, audit, and governance expectations.
  • Experience with AI governance, AI risk oversight, AI application threat modeling, secure AI SDLC, prompt and tool-use risk, AI coding assistants, or enterprise adoption of AI-enabled development capabilities.
  • Experience with security frameworks and guidance such as NIST, OWASP ASVS, OWASP Top 10, OWASP SAMM, OWASP API Security Top 10, MITRE ATT&CK, MITRE ATLAS, CIS, or secure software development frameworks.
  • Experience with DevSecOps tooling and practices, including SAST, DAST, SCA, secrets scanning, IaC scanning, container scanning, CI/CD policy enforcement, artifact integrity, and software supply chain security.
  • Experience defining secure development patterns, reference architectures, reusable control mappings, risk tiering models, governance-to-engineering workflows, and paved-road guidance for authentication, authorization, API design, data protection, secrets handling, dependency management, and AI-assisted coding workflows.
  • Experience defining operating models, adoption metrics, feedback loops, and stakeholder alignment mechanisms that improve AppSec coverage, accelerate secure delivery, and make security requirements easier for development teams to consume.


Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent