Senior Staff Engineer (AI Developer - AppSec)

👋🏼We're Nagarro.

We are a Digital Product Engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at a scale — across all devices and digital mediums, and our people exist everywhere in the world (18500+ experts across 40 countries, to be exact). Our work culture is dynamic and non-hierarchical. We are looking for great new colleagues. That is where you come in!

Requirements

• Experience : 7.5+years
• Strong experience as an Application Security Engineer, Application Security Developer, or Software Engineer with strong Application Security specialization.
• Strong expertise in Application Security principles, secure SDLC, secure coding practices, vulnerability assessment, and secure code review methodologies.
• Deep knowledge of OWASP Top 10, CWE Top 25, common application vulnerabilities, and secure software development practices.
• Hands-on experience with Application Security toolchains including SAST, DAST, SCA, IAST, and secrets scanning solutions.
• Strong programming skills in Python with experience using AI/ML libraries such as Scikit-learn, PyTorch or TensorFlow, Pandas, and NumPy.
• Experience building AI-powered security automation using Large Language Models (LLMs), Azure OpenAI, OpenAI APIs, prompt engineering, and Retrieval-Augmented Generation (RAG) architectures.
• Experience developing intelligent code analysis, vulnerability detection, remediation recommendation, and AI-assisted security tooling.
• Hands-on experience integrating security tools into CI/CD platforms such as Jenkins, GitHub Actions, and Azure DevOps.
• Experience developing REST APIs and microservices using FastAPI or Flask.
• Good understanding of containerization technologies such as Docker and modern Git-based development workflows.
• Working knowledge of cloud platforms including Microsoft Azure, AWS, or Google Cloud Platform for deploying AI-powered security services.
• Strong understanding of vulnerability management, risk prioritization, remediation workflows, and security automation.
• Familiarity with software composition analysis, dependency management, API security testing, and secrets management.
• Experience with MLOps platforms such as Azure ML, MLflow, or equivalent model deployment and monitoring frameworks.
• Knowledge of LangChain, Semantic Kernel, AutoGen, or similar AI orchestration frameworks is an added advantage.
• Familiarity with OWASP SAMM, BSIMM, software security maturity frameworks, and secure application architecture is preferred.
• Experience with API security testing tools, Postman, REST-assured, or OWASP API Security Top 10 is desirable.
• Exposure to mobile application security testing for Android and iOS platforms is an advantage.
• Strong analytical, troubleshooting, and problem-solving skills with the ability to develop scalable AI-powered security solutions.
• Excellent communication and collaboration skills with experience working in Agile, DevSecOps, and cross-functional engineering teams.
• Bachelor's degree in Computer Science, Information Technology, Engineering, MCA, or a related discipline.
• Professional certifications such as CSSLP, CEH, GWEB, CompTIA Security+, Microsoft Azure AI Engineer Associate, or SC-100 are desirable.

Responsibilities

• Design, develop, and maintain AI-powered application security solutions that integrate seamlessly into the software development lifecycle (SDLC).
• Build intelligent SAST automation that contextualizes findings, reduces false positives, identifies root causes, and generates developer-friendly remediation guidance using Large Language Models (LLMs).
• Develop AI-powered secure code review assistants capable of identifying OWASP Top 10 and CWE Top 25 vulnerabilities during pull requests and code reviews.
• Design and implement machine learning models for Software Composition Analysis (SCA), detecting vulnerable dependencies, outdated libraries, malicious packages, and license compliance risks.
• Develop AI-driven DAST orchestration capabilities to automate attack surface discovery, payload generation, vulnerability prioritization, and security testing.
• Build Retrieval-Augmented Generation (RAG) pipelines leveraging internal security knowledge bases, OWASP standards, CVE/NVD repositories, and penetration testing playbooks to provide contextual security guidance.
• Develop agentic AI workflows that automate the complete vulnerability lifecycle, including detection, triage, deduplication, risk scoring, ticket creation, SLA tracking, and remediation validation.
• Design prompt engineering strategies and continuously optimize LLM models for secure code analysis, threat modeling, remediation guidance, vulnerability reasoning, and developer coaching.
• Integrate AI-powered application security capabilities into CI/CD pipelines using platforms such as Jenkins, GitHub Actions, and Azure DevOps to enforce security gates and real-time feedback.
• Develop developer-focused security tooling including IDE extensions, REST APIs, and microservices using FastAPI or Flask to deliver contextual security recommendations.
• Build aggregation platforms that consolidate findings from SAST, DAST, SCA, IAST, and secrets scanning tools into a unified application security risk dashboard.
• Develop intelligent secrets detection capabilities using pattern recognition and AI-based contextual analysis to identify exposed credentials, API keys, and sensitive configuration data.
• Write unit tests, integration tests, and participate in peer code reviews to ensure high-quality, secure, and maintainable code.
• Monitor AI model performance, track security detection metrics, implement drift detection, and maintain automated retraining processes using MLOps practices.
• Develop and maintain CI/CD pipelines for AI model deployment, versioning, monitoring, and production release using Azure ML, MLflow, or equivalent platforms.
• Prepare technical documentation including architecture designs, API specifications, integration guides, operational runbooks, and security documentation.
• Collaborate closely with application security engineers, developers, DevSecOps teams, cloud engineers, and penetration testers to continuously improve security automation and developer experience.

Bachelor’s or master’s degree in computer science, Information Technology, or a related field.