At a Glance
About This Role
Responsibilities
- AI Security Governance: Evaluate and establish guardrails for the secure use of AI coding assistants (e.g., Copilot, Cursor, Claude) within the engineering organization, including policy development around AI-generated code review, training data exposure risks, and prompt injection vulnerabilities in AI-integrated applications.
- Secure SDLC Integration: Work closely with development teams to integrate security into the SDLC, including threat modeling, secure code reviews, and security testing.
- Vulnerability Management: Identify, triage, and remediate security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA) tools.
- Security Assessments & Penetration Testing: Conduct manual and automated penetration testing of web, mobile, and cloud applications to detect security flaws.
- Secure Code Review: Analyze source code using both manual review and AI-assisted code analysis tools (e.g., GitHub Copilot Autofix, Semgrep, or similar) to surface vulnerabilities earlier in the development cycle and deliver actionable, in-context remediation guidance to developers.
- Threat Modeling & Risk Analysis: Perform threat modeling to anticipate potential attack vectors and improve security architecture.
- DevSecOps Enablement: Support and enhance DevSecOps initiatives by integrating AI-assisted security automation within CI/CD pipelines, including AI-powered SAST/DAST tools and LLM-based code scanning to accelerate vulnerability detection at the point of commit.
- Incident Response & Remediation: Assist in investigating security incidents related to applications and work with engineering teams to remediate threats.
- Security Awareness & Training: Educate and mentor developers on OWASP Top 10, SANS 25, and other security best practices
Requirements
- Bachelor's degree in Computer Science, Engineering, or related field
- Minimum 2 years of software development or software security experience in an agile environment
- Hands-on experience applying Generative AI and/or ML to security use cases—such as vulnerability triage, threat detection, or secure code review automation—and a strong drive to stay current as AI security tooling evolves.
- Hands-on experience with SAST, DAST, IAST, and SCA tools (e.g., Checkmarx, Fortify, Veracode, SonarQube, Burp Suite, ZAP)
- Fluent in one or more programming languages, such as Python, Java, JavaScript
- Strong knowledge of secure coding principles and application security frameworks
- Familiarity with security tools (e.g., static and dynamic analysis tools, vulnerability scanners)
- Understanding of security standards and regulations (e.g., OWASP, NIST)
- Experience with cloud security best practices in AWS, Azure, or GCP
- Familiarity with AI/LLM-specific security risks including prompt injection, model poisoning, insecure output handling, and the OWASP Top 10 for LLM Applications.
- Strong work ethic with a commitment to meeting business needs and effectively collaborating with global colleagues
- Effective interpersonal skills; ability to collaborate successfully with both technical and non-technical stakeholders
- Ability to articulate complex technical concepts with clarity, supported by effective written and verbal communication skills
About Strategy
Strategy Inc. is an American public company based in Tysons Corner, Virginia, founded in 1989. Formerly known as MicroStrategy, the company rebranded in February 2025. It specializes in cloud-native, AI-powered enterprise analytics software and business intelligence solutions, serving thousands of global customers. Strategy is recognized as the world's first and largest Bitcoin Treasury company, holding significant cryptocurrency assets. The company offers an AI+BI platform that provides governed insights and analytics at enterprise scale. Key features include the Universal Intelligence Layer, which optimizes data access and enhances AI readiness, and the AI-Powered Enterprise Analytics Platform, which integrates native AI for customized insights and dashboards. Strategy's tools are designed for various industries, including financial services, healthcare, and retail, focusing on data integration and AI-enhanced decision-making.
Security at Strategy
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Strategy's AppSec mission focuses on 'integrating security practices throughout the software development lifecycle.' Their philosophy emphasizes developer enablement by 'integrating security automation within CI/CD pipelines' and mentoring developers on the 'OWASP Top 10.' Their risk approach is proactive, utilizing 'threat modeling to anticipate potential attack vectors.'”
Security Team
The organizational structure and reporting lines for Strategy's AppSec team are not publicly available. No key public-facing leaders were identified in the research. As of, there are approximately 3 active job postings for 'Application Security Engineer' roles, indicating an expanding or established function. Common skill patterns required include hands-on experience with SAST, DAST, IAST, and SCA tools.
Key Initiatives
- Strategy practices 'Shift Left' by working 'closely with development teams to integrate security into the SDLC' and automating security within CI/CD pipelines.
- Their vulnerability management process involves identifying, triaging, and remediating vulnerabilities.
- Secure SDLC artifacts include 'threat modeling' and 'secure code reviews.' No evidence of a formal Security Champions program was found.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.
Interested in this role?
Apply on LinkedIn