REQUIRED EXPERIENCE

• 8+ years in application security, with a strong focus on hands-on testing.
• 5+ years conducting penetration tests and security assessments.
• Proven record of finding and exploiting critical vulnerabilities.
• Deep experience integrating security into DevOps workflows and CI/CD pipelines.
• Strong programming skills for exploit development and security automation.
• Expertise in web application and API security, including cloud-native architectures.

PREFERRED QUALIFICATIONS

• Background in software development or DevOps.
• Experience testing AI/ML applications.
• Security certifications such as OSCP, OSWE, or GWAPT.
• Published security research or CVEs.
• Experience with purple team operations.

ABOUT THIS ROLE

WRITER is seeking an Application Security Engineer with deep expertise in AppSec, DevSecOps automation, and red team operations to secure our AI and AGI applications.
At WRITER, security is woven into the heart of our innovation. As we continue to push the boundaries of AI, we need a seasoned security engineer who can anticipate threats, integrate security into fast-moving development pipelines, and validate our defenses through hands-on testing.
You’ll play a pivotal role in building security directly into our CI/CD workflows, uncovering and exploiting vulnerabilities before attackers can, and collaborating with cross-functional partners to safeguard our cutting-edge AI solutions. This is a highly technical, impact-driven role for someone who thrives at the intersection of security engineering, automation, and offensive testing.
If you’re passionate about proactively securing complex applications—and can turn red team findings into real-world defenses—we want to hear from you.

WHAT YOU DON’T OWN (OTHERS LEAD)

• Deployment pipeline security (Cloud/Infrastructure owns)
• Infrastructure-as-code security (Cloud/Infrastructure owns)
• Production runtime security (Cloud/Infrastructure owns)
• AI model security research (AI Security owns)