Senior Security Engineer to support DevSecOps team and drive the GenAI security strategy, enhance Cloud application security policies in Azure, assist with

Our Public Sector client is seeking a Senior Security Engineer to support DevSecOps team and drive the GenAI security strategy, enhance Cloud application security policies in Azure, assist with maturing the security engineering program. - 0115969

12 months contract, 2 days/month in Office + as requested.

Must Have:

• 10+ years of experience with information security and secure application development
• A minimum of 1 year experience in securing GenAI solutions
• Demonstrated subject matter expertise in Application Security, API security, GenAI/LLM security
• In depth experience with threat modeling, secure code reviews, and penetration testing
• Experience architecting and leading security for Cloud native applications in Azure , Azure DevOps
• Demonstrated expertise in product/application security architecture, network security, application security, web services, Angular, JavaScript
• Undergraduate degree in Computer Science or STEM (Science, Technology, Engineering or Math)

Nice to Have:

• Experience in performing the penetration testing for GenAI models and related solutions
• Experience with the security of automation built around Gen AI inputs and outputs
• Knowledge with Azure cloud architecture, Azure defender, and Azure security center policies.
• Experience in defining and documenting security reference architectures and standards
• Experience with SAST/DAST/SCA tools like BurpSuite, Mend
• Knowledge of Secure SDLC frameworks such as NIST SSDF, OpenSAMM, BSIMM

Responsibilities:

• Partnering with architecture, application, security, and operational teams to identify security patterns, requirements and drive security on AI and Cloud application projects.
• Research new security threats for GenAI systems and mechanisms for defending against such threats, to continuously improve our security guidance and solutions.
• Collaborate with cloud engineers and application developers to build automated tooling and solutions that support teams throughout their software development journey.
• Defining security controls for implementation of platforms using AI/ML using a combination of Cloud-native and On-Premises Security tools and applications.
• Conducting security reviews and recommendations for IaaS, PaaS, & SaaS Cloud environments, cloud applications and AI solutions
• Developing Cloud Security requirements and policies for IaaS, PaaS, and CaaS environments built using Terraform
• Designing and implementing security controls and policies with Microsoft Defender suite, Microsoft security center, and equivalent security tools for Cloud applications.
• Document security guardrails for AI and cloud application security and build the knowledge within the team of security engineers.