← BACK_TO_JOBS

Principal / Staff Application Security Engineer

Aidashinc · Bengaluru, Karnataka, India · posted 1 day ago
FULL_TIME Software / IT
StaffAWSKubernetes

About AiDASH
AiDASH is leading the PreventionFirst™movement for electric utilities and transforming grid resilience through its pioneering platform that unifies vegetation, asset, storm, and wildfire intelligence. Powered by SatelliteFirst™ Inspection & Monitoring, AiDASH delivers comprehensive visibility across the entire grid at the right frequency and budget, using the right data modality. More than 200 customers trust AiDASH to keep the lights on, spend where it counts, and defend every decision, Securing Tomorrow across every mile of the grid. Learn more at www.aidash.com.

The PreventionFirst movement is growing, and so is the recognition behind it. In 2026, Forbes named AiDASH one of America's Best Startup Employers for the 4th consecutive year, and TIME included AiDASH among America's Top GreenTech Companies for the 3rd year in a row. Deloitte Technology Fast 500™ ranked AiDASH No. 12 in the San Francisco Bay Area, and No. 59 overall in their selection of the top 500 for 2024.

Join us in Securing Tomorrow Together!

The Role

AiDASH protects the critical infrastructure that delivers power to tens of millions of people. As we embed GenAI more deeply into our SaaS products (RAG pipelines, agentic / MCP services) and roll out AI-assisted development internally, the threat landscape is shifting fast. Autonomous adversaries, prompt injection, model exfiltration, and vibe-coded internal apps spun up by non-engineers are now part of the daily attack surface.

We're hiring a Principal or Staff Application Security Engineer to be our deepest technical voice on security. In the role, you'll own our AppSec program and lead AI/LLM security hardening across the platform. You'll embed security into every layer of the SDLC (from PR to production), and be the person who figures out what "secure agentic AI" actually looks like in a product that ships to critical infrastructure operators. You will report to senior leadership and work closely with Platform, ML, and DevOps across our US and India teams.

How you'll make an impact:

AppSec & DevSecOps

  • Own and mature the AppSec toolchain across CI/CD — SAST, DAST, SCA, secrets scanning, and IaC policy-as-code
  • Champion shift-left security: threat modeling and secure-design reviews embedded in PRs and sprint planning, not bolted on at release
  • Run SBOM/AIBOM tooling; enforce risk-tiered dependency controls; extend SLSA practices to model artifacts
  • Write and enforce IaC policy-as-code (OPA/Rego, Checkov, Kyverno, or equivalent) in live pipelines

AI & LLM Security

  • Harden production GenAI deployments on AWS (managed model APIs, agentic/MCP services) — IAM, VPC routing, prompt-layer guardrails, output filtering, rate and cost controls
  • Codify OWASP LLM Top 10 and MITRE ATLAS controls into the SDLC; introduce LLM eval-as-gate in CI
  • Govern internal AI-assisted developer tooling — DLP for what egresses to external model providers, sensitive-data discovery in prompts, acceptable-use telemetry
  • Stand up controls for shadow AI and vibe-coded apps: discover, classify, gate with sane defaults, and bring under the SDLC

Cloud Security (AWS)

  • Harden AWS posture across accounts — Organizations, SCPs, Control Tower — and mature Kubernetes security (admission controllers, runtime visibility)
  • Operate CSPM/CNAPP tooling; own vulnerability management across containers and IaC
  • Support zero-trust privileged access for production infra, databases, and Kubernetes (in partnership with DevOps)

Compliance Support

  • Support the company’s path to ISO 27001 and ISO 42001 certifications in 2027 — gap assessments, control sets, evidence pipeline
  • Maintain SOC 2 Type II posture in partnership with the compliance team
  • Translate emerging AI regulation (EU AI Act, NIST AI RMF, utility-sector mandates) into concrete engineering requirements

What we're looking for:

Minimum Qualifications

  • 8+ years in security engineering with meaningful AppSec depth — you have shipped and operated SAST/DAST/SCA (Semgrep, CodeQL, Snyk, Veracode, or equivalent) at production scale
  • Hands-on experience securing production LLM or agentic AI deployments — IAM, guardrails, prompt injection controls, eval gating. RAG-demo experience alone does not meet the bar
  • Cloud-native security experience in AWS — comfortable with Organizations/SCPs, Kubernetes security, container hardening, and CSPM tooling
  • IaC policy-as-code in a live pipeline (OPA/Rego, Checkov, Kyverno, tfsec, or equivalent)
  • SBOM/AIBOM tooling at production scale (Interlynk, Anchore, Dependency-Track, or equivalent)
  • Compliance fluency: has personally contributed to a SOC 2 Type II or ISO 27001 audit — can read a control map without flinching
  • SF Bay Area based; able to work hybrid (2 days/week in Palo Alto)

Preferred Qualifications