Application Security Engineer

About This Role

Responsibilities

• AI Security Strategy: Define and implement security guardrails for Generative AI, LLMs, and Agentic frameworks, ensuring safe enterprise adoption.
• AI Risk Management: Conduct specialized threat modeling, red teaming, and risk assessments for AI/ML models (e.g., testing for prompt injection, model theft, and data poisoning).
• Security Consulting: Lead risk management activities, including application risk assessments, design reviews, and mitigation strategies for IT projects.
• Lifecycle Engagement: Engage throughout the SDLC to identify vulnerabilities, conduct code reviews/penetration testing, and enforce secure coding standards.
• Program Development: Evangelize AppSec and AI security best practices through developer education, training materials, and outreach.
• Tooling & Architecture: Design robust security architectures and integrate automated security testing (SAST/DAST/SCA) into CI/CD pipelines.
• Stakeholder Liaison: Partner with Technology, Trading, Legal, and Compliance to create policies and communicate technical risks to non-technical stakeholders.

Requirements

• Bachelor's degree or higher in Computer Science, Computer Engineering, IT Security or related field
• 5+ years' experience working as an Application Security Engineer, Software Engineer, or similar role
• Deep understanding of AI-specific risks (OWASP Top 10 for LLMs) and experience securing applications utilizing LLMs
• Experience working with AI models, Agentic frameworks and security risks associated with AI
• Experience in working with global teams, collaborating on code and presentations
• Demonstrated work experience in hybrid on-premise and Public Cloud environments (AWS/GCP/Azure)
• Strong understanding of security architectures, secure configuration principles/coding practices, cryptography fundamentals and encryption protocols
• Experience with common SCM & CI/CD technologies like GitHub, Jenkins, Artifactory, etc. and integrating Security Scanning and Vulnerability Management into the CI/CD Pipelines
• Familiarity with static and dynamic security analysis tools, and SCA/SBOM solutions
• Hands on experience with Secrets Management & Password Vault technologies such as Delinea Secret Server and/or Hashicorp Vault, etc.
• Strong experience in secure programming in languages such as Python, Java, C++, C#, or similar
• Familiarity with Infrastructure as Code tools (CloudFormation, Terraform, Ansible, etc.)
• Familiarity with web application security testing tools and methodologies
• Knowledge of various security frameworks and standards such as ISO 27001, NIST, OWASP, etc.
• Knowledge of Linux, OS internals and containers is a plus
• Certifications like CISSP, CISM, CompTIA Security+, or CEH are advantageous

About Millennium

Millennium Management is a global, diversified alternative investment firm founded in 1989, managing over $83.5 billion in assets. Headquartered in New York City, the firm operates in more than 140 locations worldwide and employs around 6,500 professionals across over 330 investment teams. The firm's mission is to deliver high-quality returns for investors through a combination of scale, specialization, and an entrepreneurial culture. Millennium utilizes an entrepreneurial investing model, empowering skilled professionals with the resources and technology needed to pursue a diverse range of investment strategies, including fundamental equity and equity arbitrage. With a focus on capital stability and a rigorous risk framework, Millennium aims to provide consistent long-term returns while actively managing a portfolio valued at approximately $207 billion.