N

Senior Staff Engineer (AI Developer - AppSec)

Nagarro ยท Mumbai, Maharashtra, India

10โ€“18 yrs experiencefull_timePosted 1mo ago
Apply now โ†’

Job description

**๐Ÿ‘‹๐ŸผWe're Nagarro.** We are a Digital Product Engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at a scale โ€” across all devices and digital mediums, and our people exist everywhere in the world (18500+ experts across 40 countries, to be exact). Our work culture is dynamic and non-hierarchical. We are looking for great new colleagues. That is where you come in! **Requirements** - Experience : 7.5+years - Strong experience as an Application Security Engineer, Application Security Developer, or Software Engineer with strong Application Security specialization. - Strong expertise in Application Security principles, secure SDLC, secure coding practices, vulnerability assessment, and secure code review methodologies. - Deep knowledge of OWASP Top 10, CWE Top 25, common application vulnerabilities, and secure software development practices. - Hands-on experience with Application Security toolchains including SAST, DAST, SCA, IAST, and secrets scanning solutions. - Strong programming skills in Python with experience using AI/ML libraries such as Scikit-learn, PyTorch or TensorFlow, Pandas, and NumPy. - Experience building AI-powered security automation using Large Language Models (LLMs), Azure OpenAI, OpenAI APIs, prompt engineering, and Retrieval-Augmented Generation (RAG) architectures. - Experience developing intelligent code analysis, vulnerability detection, remediation recommendation, and AI-assisted security tooling. - Hands-on experience integrating security tools into CI/CD platforms such as Jenkins, GitHub Actions, and Azure DevOps. - Experience developing REST APIs and microservices using FastAPI or Flask. - Good understanding of containerization technologies such as Docker and modern Git-based development workflows. - Working knowledge of cloud platforms including Microsoft Azure, AWS, or Google Cloud Platform for deploying AI-powered security services. - Strong understanding of vulnerability management, risk prioritization, remediation workflows, and security automation. - Familiarity with software composition analysis, dependency management, API security testing, and secrets management. - Experience with MLOps platforms such as Azure ML, MLflow, or equivalent model deployment and monitoring frameworks. - Knowledge of LangChain, Semantic Kernel, AutoGen, or similar AI orchestration frameworks is an added advantage. - Familiarity with OWASP SAMM, BSIMM, software security maturity frameworks, and secure application architecture is preferred. - Experience with API security testing tools, Postman, REST-assured, or OWASP API Security Top 10 is desirable. - Exposure to mobile application security testing for Android and iOS platforms is an advantage. - Strong analytical, troubleshooting, and problem-solving skills with the ability to develop scalable AI-powered security solutions. - Excellent communication and collaboration skills with experience working in Agile, DevSecOps, and cross-functional engineering teams. - Bachelor's degree in Computer Science, Information Technology, Engineering, MCA, or a related discipline. - Professional certifications such as CSSLP, CEH, GWEB, CompTIA Security+, Microsoft Azure AI Engineer Associate, or SC-100 are desirable. **Responsibilities** - Design, develop, and maintain AI-powered application security solutions that integrate seamlessly into the software development lifecycle (SDLC). - Build intelligent SAST automation that contextualizes findings, reduces false positives, identifies root causes, and generates developer-friendly remediation guidance using Large Language Models (LLMs). - Develop AI-powered secure code review assistants capable of identifying OWASP Top 10 and CWE Top 25 vulnerabilities during pull requests and code reviews. - Design and implement machine learning models for Software Composition Analysis (SCA), detecting vulnerable dependencies, outdated libraries, malicious packages, and license compliance risks. - Develop AI-driven DAST orchestration capabilities to automate attack surface discovery, payload generation, vulnerability prioritization, and security testing. - Build Retrieval-Augmented Generation (RAG) pipelines leveraging internal security knowledge bases, OWASP standards, CVE/NVD repositories, and penetration testing playbooks to provide contextual security guidance. - Develop agentic AI workflows that automate the complete vulnerability lifecycle, including detection, triage, deduplication, risk scoring, ticket creation, SLA tracking, and remediation validation. - Design prompt engineering strategies and continuously optimize LLM models for secure code analysis, threat modeling, remediation guidance, vulnerability reasoning, and developer coaching. - Integrate AI-powered application security capabilities into CI/CD pipelines using platforms such as Jenkins, GitHub Actions, and Azure DevOps to enforce security gates and real-time feedback. - Develop developer-focused security tooling including IDE extensions, REST APIs, and microservices using FastAPI or Flask to deliver contextual security recommendations. - Build aggregation platforms that consolidate findings from SAST, DAST, SCA, IAST, and secrets scanning tools into a unified application security risk dashboard. - Develop intelligent secrets detection capabilities using pattern recognition and AI-based contextual analysis to identify exposed credentials, API keys, and sensitive configuration data. - Write unit tests, integration tests, and participate in peer code reviews to ensure high-quality, secure, and maintainable code. - Monitor AI model performance, track security detection metrics, implement drift detection, and maintain automated retraining processes using MLOps practices. - Develop and maintain CI/CD pipelines for AI model deployment, versioning, monitoring, and production release using Azure ML, MLflow, or equivalent platforms. - Prepare technical documentatio