Job Overview
Location
Remote - US
Job Type
Full-time
Category
Software Engineering
Date Posted
June 6, 2026
Full Job Description
đź“‹ Description
- • Perform application security assessments using SAST, DAST, and interactive testing tools across web, API, and microservices architectures
- • Identify, triage, and prioritize vulnerabilities in applications, with specific focus on AI/ML-enabled systems and their components
- • Assess security risks unique to AI/ML applications including model exposure, inference endpoint vulnerabilities, adversarial inputs, model abuse, and data poisoning
- • Secure AI APIs, plugins, and third-party integrations by implementing and tuning WAF, RASP, and API security controls
- • Integrate security testing into CI/CD pipelines to enable DevSecOps practices and reduce time-to-remediation
- • Conduct threat modeling and secure design reviews for applications and AI use cases to embed security early in the development lifecycle
- • Assess and harden identity and access management flows to enforce least privilege principles across application environments
- • Partner directly with engineering teams to remediate vulnerabilities and improve secure coding practices
- • Monitor and respond to application-layer security incidents, including participation in on-call rotations for after-hours and weekend support
- • Ensure runtime protection is maintained for AI and non-AI applications through continuous monitoring and incident response
- • Support secure deployment of AI features by validating security controls prior to production release
- • Contribute to reducing overall application vulnerability counts and accelerating remediation cycles through proactive security interventions
- • Promote improved developer security awareness and adoption of secure coding standards across engineering teams
- • Maintain compliance with OWASP Top 10 vulnerabilities and apply mitigation strategies across all application layers
- • Collaborate with cross-functional teams during incident response to resolve security events with minimal business impact
🎯 Requirements
- • 3–6+ years of experience in Application Security or Product Security
- • Hands-on experience with SAST, DAST, and IAST tools
- • Strong knowledge of OWASP Top 10 vulnerabilities
- • Experience securing APIs and microservices
- • Experience with modern authentication and authorization protocols (OAuth 2.0, OpenID Connect, SAML)
- • Familiarity with CI/CD pipelines
🏖️ Benefits
- • Opportunities to stretch and grow through on-the-job learning and professional development
- • Clarity and kindness in communication with open, honest, and supportive leadership
- • Support in good times and bad with consistent, thoughtful partnership
- • A community that cares, where individuals are respected and lifted up
Skills & Technologies
About Pure Group Holdings Inc.
Pure Group Holdings operates PURE Insurance, a policyholder-owned insurer for high-net-worth individuals and families in the United States. The company offers customizable coverage for homes, automobiles, jewelry, art, watercraft, and personal liability through the reciprocal risk retention group model. Founded in 2006 and headquartered in White Plains, New York, PURE emphasizes risk management, loss prevention, and member service. It underwrites policies via its subsidiaries PURE Risk Management and PURE Insurance Corporation, and it is owned by its members rather than outside shareholders, aligning incentives to reduce losses and deliver competitive pricing.
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
Similar Opportunities
ServiceTitan, Inc.
2 months ago
