TL;DR

Application Security Engineer (AI): Leading application security engineering efforts, designing scalable security architectures, and performing advanced risk assessments with an accent on integrating security across the SDLC and driving AI-related security controls. Focus on evaluating vendor solutions, scaling automation, and contributing to incident response and strategic security improvements.

Location: Arlington

Company

Bloomberg Industry Group is a leading source of legal, tax, regulatory, government, and business information for professionals.

What you will do

  • Design and implement security architectures and controls for large-scale, cloud-native applications.
  • Conduct in-depth risk assessments, including penetration testing and code reviews.
  • Collaborate with developers and DevOps teams to integrate security at all stages of the software development lifecycle (SDLC).
  • Drive security for AI-powered features by defining secure architectures, assessing AI/ML risks, and implementing advanced testing and controls for AI models, agents, and MCP servers.
  • Build, improve, and scale security automation, integrating tooling across CI/CD pipelines and cloud platforms.
  • Participate in incident response efforts and investigations into security incidents.

Requirements

  • Deep expertise in application security, secure software design, and risk management, including frameworks such as OWASP ASVS, OWASP Top 10, and NIST 800‑53.
  • Extensive experience conducting complex security assessments and building automated security controls for large engineering environments.
  • Proficiency in multiple programming languages (e.g., Python, Java, JavaScript) and hands-on experience with SAST, DAST, SCA, IaC, container, and cloud security tools.
  • Strong understanding of modern architectures (cloud-native, microservices, Kubernetes, containers, serverless) and DevSecOps processes.
  • Advanced understanding of AI/ML security, including model vulnerability analysis, AI threat modeling, secure LLM integration patterns, and familiarity with NIST AI RMF or OWASP Top 10 for LLMs.
  • 5-7 years of relevant experience in Application Security, AppSec engineering, Cloud Security, or Software Engineering.

Nice to have

  • Certifications such as AWS Certified Security – Specialty, CSSLP or CISSP, or Certified DevSecOps Expert (CDE) or equivalent.
  • A bachelor's degree in information security, Computer Science, or a related field, or equivalent experience.

Culture & Benefits

  • Bloomberg Industry Group maintains a continuing policy of non-discrimination in employment.
  • Committed to attracting, retaining, developing, and promoting the most qualified individuals.
  • Provides equal opportunity and access for all persons.