Senior Application Security Engineer

Backbase has ushered in a new era of digital banking with the global launch of its AI-powered Banking Platform, recently lighting up Times Square. This milestone marks a bold step in reshaping the digital banking landscape—empowering banks to move beyond generative AI experiments and into full-scale execution. By automating critical operations and amplifying productivity across both front and back offices, Backbase is focused on transforming the promise of AI into measurable business impact.

To drive this vision forward, the Ecosystems department in Backbase is building the Banking Grade Agentic AI Platform—a next-generation platform that leverages advanced agent-based architectures to automate and optimize complex banking workflows. We operate with a bold startup mindset prioritizing speed, autonomy, and breakthrough innovation.

We are looking for a skilled and curious AI Application Security Engineer to help safeguard the next generation of intelligent systems. In this role, you’ll take ownership of securing AI applications end-to-end — from system design and data pipelines to deployment and continuous monitoring. You’ll conduct security risk assessments, lead security architecture reviews, and perform threat modeling to identify risks in AI-driven platforms.

Guide developers in building and deploying secure agentic applications.

Embed application security requirements into the software development lifecycle, ensuring both classic AppSec and AI/LLM-specific controls are covered.

Establish standards and processes to run evaluations for agentic apps and red teaming automated using CI tooling.

Conduct architecture risk analysis, threat modeling, and code reviews across microservices, APIs, and AI pipelines.

Identify and triage vulnerabilities in web, mobile, and AI applications (including LLM and generative AI systems).

Support the rollout and integration of SAST, SCA, IAST, RASP, and AI-specific security tooling.

Partner with DevOps/ML Ops to ensure secure CI/CD pipelines, container security, and runtime protections.

Research evolving security threats — from OWASP Top 10 to AI-specific adversarial attacks — and drive proactive improvements.

Strong understanding of application security vulnerabilities and the secure SDLC.

Identify gaps in current processes and ability to think forward to fill those gaps with automation and standardization of processes.

Hands-on background in software development (Python preferred).

Experience securing cloud-native (Azure background is an added advantage ) environments (Kubernetes, containers, microservices, APIs).

Familiarity with LLM/AI system vulnerabilities (e.g., prompt injection, data poisoning, adversarial attacks).

Proven ability to identify, triage, and resolve security issues across both traditional and AI-based systems.

Experience implementing OWASP ASVS / M-ASVS and OWASP AI Exchange standards.

Penetration testing experience (web, mobile, API, AI systems).

Practical exposure to adversarial ML security and privacy-preserving techniques (e.g., differential privacy, PII masking).

Familiarity with compliance frameworks such as GDPR, PCI-DSS, and AI-related regulations.