AppSec Jobs
← Back to all jobs

Stifel Financial Corp.

AI-Application Security Engineer

Onsite
St Louis, MOPosted 1 week agoWebsite
Apply on LinkedIn →

At a Glance

AWSPythonThreat ModelingSASTDASTSCA

About This Role

The AI-Application Security Engineer is responsible for implementing and scaling technical security controls and security processes across internally developed applications and AI-enabled systems. This role partners directly with engineering teams to embed security into the software development and AI lifecycles, and, in partnership with the AI-Application Security Architect, contributes to detailed technical design and operationalizes security architecture, standards, and secure-by-design practices. This engineer operates with moderate autonomy, leads security initiatives end-to-end, and contributes to the evolution of application and AI security capabilities. The role requires strong hands-on technical depth in secure software development, application security testing, vulnerability management, and emerging AI security risks, including prompt injection, model abuse, insecure integrations, and data leakage.

Responsibilities

  • In partnership with the AI-Application Security Architect, contribute to detailed technical design and operationalize security architecture, standards, and approved security patterns across application and AI-enabled systems.
  • Partner directly with engineering teams to embed security controls and secure-by-design practices into the software development lifecycle and AI lifecycle.
  • Evaluate, test, and perform technical validation of AI and application security tools, including AI red teaming, AI and MCP gateways, DAST, SAST, SCA, API security, and mobile application security capabilities.
  • Implement, integrate, tune, and scale security tooling across application and AI environments, including runtime monitoring, governance controls, testing platforms, and posture management capabilities, with a focus on coverage, signal quality, and operational effectiveness.
  • Leverage AI and automation to scale security operations, vulnerability management, and developer enablement through technologies such as Python, AWS services, and CI/CD pipelines.
  • Triage, validate, and prioritize vulnerabilities identified through application and AI security tools, assess risk in business and technical context, and partner with engineering teams to drive timely remediation.
  • Provide hands-on guidance to developers, including low-code and no-code users, on secure development practices, platform-specific risks, secure integration patterns, and remediation approaches.
  • Support the security review and risk assessment of AI platforms, models, agents, skills, MCPs, and third-party integrations by applying defined controls, documenting risk decisions, and helping establish scalable onboarding and governance practices.
  • Develop, maintain, and improve secure coding standards, implementation guidance, guardrails, and technical documentation for both application and AI use cases.
  • Stay current on emerging cybersecurity threats, particularly in AI security, and incorporate relevant mitigations into security tooling, engineering practices, and control design.
  • Contribute to a strong security engineering culture by mentoring junior engineers, sharing technical knowledge, and helping mature application and AI security practices across the organization.

Requirements

CISSPPythonAWSSASTDASTSCA
  • Understanding of application and AI security principles, methods, and technologies, including AI-specific risks such as prompt injection, model abuse, insecure agentic integrations, and data leakage.
  • Strong analytical and problem-solving skills with the ability to identify and mitigate security risks across both traditional application and AI-enabled systems.
  • Strong verbal and written communication and collaborative skills.
  • Ability to effectively communicate technical topics to technical and non-technical audiences.
  • Ability to prioritize workload and consistently meet deadlines.
  • Security architecture, threat modeling, secure design.
  • Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Computer Engineering, Software Engineering, or a related combination of education and experience.
  • Minimum 2+ years of information security or software development experience.
  • Preferred: CISSP, CSSLP, GIAC or similar certifications.
  • Preferred: C#, Angular, Python programming experience.
  • Preferred: Experience in cloud platforms, AWS, Github.
  • Experience with application security tooling; SAST, DAST, SCA, API, Mobile, Red Team.
  • Experience with AI tools (AI Coding assistants, Skills, MCPs, Agents).

Benefits & Perks

Comprehensive benefits package including health, dental and vision care
401k
Wellness initiatives
Life insurance
Paid time off

About Stifel Financial Corp.

Stifel Financial Corp. is a leading independent investment bank and financial services company based in St. Louis, Missouri. Founded in 1890, it has grown into a full-service firm, ranking as the 7th largest in the U.S. by the number of advisors. Stifel went public in 1983 and is listed on the New York Stock Exchange under the ticker symbol "SF." The company offers a variety of services, including wealth management, investment banking, equity research, and sales and trading. Stifel provides personalized investment advisory and financial planning through a large network of financial advisors. Its investment banking division specializes in debt and equity offerings, private placements, and strategic advisory services. Stifel also operates one of the largest equity research platforms in the U.S., covering over 1,100 companies, and engages in market making for more than 3,000 domestic equities. The firm serves a diverse clientele, including individual investors, institutional clients, businesses, and municipalities, providing tailored financial solutions to meet their needs.

Industry

financial services

Employees

8,900

245 engineers

Revenue

$5.9B

Website

Visit →

Security at Stifel Financial Corp.

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Stifel's AppSec philosophy centers on safeguarding clients' financial data and assets as a top priority in system architecture and operations.
  • The firm frames security as a risk-mitigation and active-defense effort built on industry standards (NIST Cybersecurity Framework and CIS Critical Security Controls), integrates security priorities into corporate strategy, and emphasizes secure development practices and firm-wide training and governance.

Security Team

  • AppSec-related teams and governance described in public materials: a robust data security team plus dedicated cloud enablement and cloud security teams.
  • Board of Directors receives quarterly briefings on information security posture (including application security).
  • Operational AppSec role example: IT Application Security Analyst II (tracks vulnerabilities, performs risk-based prioritization, coordinates remediation, produces remediation reports and trend analysis, documents risk acceptance, and communicates with stakeholders).

Key Initiatives

  • Documented and stated initiatives: careful and deliberate cloud migration supported by cloud enablement/security teams.
  • Infrastructure modernization and extension of SAFe to security initiatives (2023).
  • Continuous enhancement of Cybersecurity and Resiliency listed as a 2024 priority.
  • Integration of security into Agile/SAFe development processes.
  • Risk-based vulnerability management and remediation coordination.
  • Firm-wide training covering cybersecurity, information security, data privacy, ethics, and compliance.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn