Senior Staff Engineer (AI Developer - AppSec)

About Nagarro

We're a Digital Product Engineering company scaling at speed. We build products, services, and experiences that inspire, excite, and delight. We work at scale across all devices and digital mediums, with 18500+ experts across 40 countries. Our work culture is dynamic and non-hierarchical.

About the Role

Design, develop, and maintain AI-powered application security solutions that integrate seamlessly into the software development lifecycle (SDLC).

Responsibilities

• Build intelligent SAST automation that contextualizes findings, reduces false positives, identifies root causes, and generates developer-friendly remediation guidance using Large Language Models (LLMs).
• Develop AI-powered secure code review assistants capable of identifying OWASP Top 10 and CWE Top 25 vulnerabilities during pull requests and code reviews.
• Design and implement machine learning models for Software Composition Analysis (SCA), detecting vulnerable dependencies, outdated libraries, malicious packages, and license compliance risks.
• Develop AI-driven DAST orchestration capabilities to automate attack surface discovery, payload generation, vulnerability prioritization, and security testing.
• Build Retrieval-Augmented Generation (RAG) pipelines leveraging internal security knowledge bases, OWASP standards, CVE/NVD repositories, and penetration testing playbooks to provide contextual security guidance.
• Develop agentic AI workflows that automate the complete vulnerability lifecycle, including detection, triage, deduplication, risk scoring, ticket creation, SLA tracking, and remediation validation.
• Design prompt engineering strategies and continuously optimize LLM models for secure code analysis, threat modeling, remediation guidance, vulnerability reasoning, and developer coaching.
• Integrate AI-powered application security capabilities into CI/CD pipelines using platforms such as Jenkins, GitHub Actions, and Azure DevOps to enforce security gates and real-time feedback.
• Develop developer-focused security tooling including IDE extensions, REST APIs, and microservices using FastAPI or Flask to deliver contextual security recommendations.
• Build aggregation platforms that consolidate findings from SAST, DAST, SCA, IAST, and secrets scanning tools into a unified application security risk dashboard.
• Develop intelligent secrets detection capabilities using pattern recognition and AI-based contextual analysis to identify exposed credentials, API keys, and sensitive configuration data.
• Write unit tests, integration tests, and participate in peer code reviews to ensure high-quality, secure, and maintainable code.
• Monitor AI model performance, track security detection metrics, implement drift detection, and maintain automated retraining processes using MLOps practices.
• Develop and maintain CI/CD pipelines for AI model deployment, versioning, monitoring, and production release using Azure ML, MLflow, or equivalent platforms.
• Prepare technical documentation including architecture designs, API specifications, integration guides, operational runbooks, and security documentation.
• Collaborate closely with application security engineers, developers, DevSecOps teams, cloud engineers, and penetration testers to continuously improve security automation and developer experience.

Requirements

Experience: 7.5+ years

Core Application Security:

• Strong experience as an Application Security Engineer, Application Security Developer, or Software Engineer with strong Application Security specialization.
• Strong expertise in Application Security principles, secure SDLC, secure coding practices, vulnerability assessment, and secure code review methodologies.
• Deep knowledge of OWASP Top 10, CWE Top 25, common application vulnerabilities, and secure software development practices.
• Hands-on experience with Application Security toolchains including SAST, DAST, SCA, IAST, and secrets scanning solutions.
• Strong understanding of vulnerability management, risk prioritization, remediation workflows, and security automation.

Programming and AI/ML:

• Strong programming skills in Python with experience using AI/ML libraries such as Scikit-learn, PyTorch or TensorFlow, Pandas, and NumPy.
• Experience building AI-powered security automation using Large Language Models (LLMs), Azure OpenAI, OpenAI APIs, prompt engineering, and Retrieval-Augmented Generation (RAG) architectures.
• Experience developing intelligent code analysis, vulnerability detection, remediation recommendation, and AI-assisted security tooling.

DevOps and Cloud:

• Hands-on experience integrating security tools into CI/CD platforms such as Jenkins, GitHub Actions, and Azure DevOps.
• Experience developing REST APIs and microservices using FastAPI or Flask.
• Good understanding of containerization technologies such as Docker and modern Git-based development workflows.
• Working knowledge of cloud platforms including Microsoft Azure, AWS, or Google Cloud Platform for deploying AI-powered security services.
• Experience with MLOps platforms such as Azure ML, MLflow, or equivalent model deployment and monitoring frameworks.

Additional Technical Skills:

• Familiarity with software composition analysis, dependency management, API security testing, and secrets management.
• Knowledge of LangChain, Semantic Kernel, AutoGen, or similar AI orchestration frameworks is an added advantage.
• Familiarity with OWASP SAMM, BSIMM, software security maturity frameworks, and secure application architecture is preferred.
• Experience with API security testing tools, Postman, REST-assured, or OWASP API Security Top 10 is desirable.
• Exposure to mobile application security testing for Android and iOS platforms is an advantage.

Soft Skills:

• Strong analytical, troubleshooting, and problem-solving skills with the ability to develop scalable AI-powered security solutions.
• Excellent communication and collaboration skills with experience working in Agile, DevSecOps, and cross-functional engineering teams.

Education and Certifications:

• Bachelor's degree in Computer Science, Information Technology, Engineering, MCA, or a related discipline.
• Professional certifications such as CSSLP, CEH, GWEB, CompTIA Security+, Microsoft Azure AI Engineer Associate, or SC-100 are desirable.

Service Region

South Asia