Senior Staff Engineer (AI Developer - AppSec)

About the role

**Company Description** **We're Nagarro.**

We are a Digital Product Engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at a scale — across all devices and digital mediums, and our people exist everywhere in the world (18500\+ experts across 40 countries, to be exact). Our work culture is dynamic and non\-hierarchical. We are looking for great new colleagues. That is where you come in!

**Job Description** **Requirements**

* Experience : 7\.5\+years * Strong experience as an Application Security Engineer, Application Security Developer, or Software Engineer with strong Application Security specialization. * Strong expertise in Application Security principles, secure SDLC, secure coding practices, vulnerability assessment, and secure code review methodologies. * Deep knowledge of OWASP Top 10, CWE Top 25, common application vulnerabilities, and secure software development practices. * Hands\-on experience with Application Security toolchains including SAST, DAST, SCA, IAST, and secrets scanning solutions. * Strong programming skills in Python with experience using AI/ML libraries such as Scikit\-learn, PyTorch or TensorFlow, Pandas, and NumPy. * Experience building AI\-powered security automation using Large Language Models (LLMs), Azure OpenAI, OpenAI APIs, prompt engineering, and Retrieval\-Augmented Generation (RAG) architectures. * Experience developing intelligent code analysis, vulnerability detection, remediation recommendation, and AI\-assisted security tooling. * Hands\-on experience integrating security tools into CI/CD platforms such as Jenkins, GitHub Actions, and Azure DevOps. * Experience developing REST APIs and microservices using FastAPI or Flask. * Good understanding of containerization technologies such as Docker and modern Git\-based development workflows. * Working knowledge of cloud platforms including Microsoft Azure, AWS, or Google Cloud Platform for deploying AI\-powered security services. * Strong understanding of vulnerability management, risk prioritization, remediation workflows, and security automation. * Familiarity with software composition analysis, dependency management, API security testing, and secrets management. * Experience with MLOps platforms such as Azure ML, MLflow, or equivalent model deployment and monitoring frameworks. * Knowledge of LangChain, Semantic Kernel, AutoGen, or similar AI orchestration frameworks is an added advantage. * Familiarity with OWASP SAMM, BSIMM, software security maturity frameworks, and secure application architecture is preferred. * Experience with API security testing tools, Postman, REST\-assured, or OWASP API Security Top 10 is desirable. * Exposure to mobile application security testing for Android and iOS platforms is an advantage. * Strong analytical, troubleshooting, and problem\-solving skills with the ability to develop scalable AI\-powered security solutions. * Excellent communication and collaboration skills with experience working in Agile, DevSecOps, and cross\-functional engineering teams. * Bachelor's degree in Computer Science, Information Technology, Engineering, MCA, or a related discipline. * Professional certifications such as CSSLP, CEH, GWEB, CompTIA Security\+, Microsoft Azure AI Engineer Associate, or SC\-100 are desirable.

**Responsibilities**

* Design, develop, and maintain AI\-powered application security solutions that integrate seamlessly into the software development lifecycle (SDLC). * Build intelligent SAST automation that contextualizes findings, reduces false positives, identifies root causes, and generates developer\-friendly remediation guidance using Large Language Models (LLMs). * Develop AI\-powered secure code review assistants capable of identifying OWASP Top 10 and CWE Top 25 vulnerabilities during pull requests and code reviews. * Design and implement machine learning models for Software Composition Analysis (SCA), detecting vulnerable dependencies, outdated libraries, malicious packages, and license compliance risks. * Develop AI\-driven DAST orchestration capabilities to automate attack surface discovery, payload generation, vulnerability prioritization, and security testing. * Build Retrieval\-Augmented Generation (RAG) pipelines leveraging internal security knowledge bases, OWASP standards, CVE/NVD repositories, and penetration testing playbooks to provide contextual security guidance. * Develop agentic AI workflows that automate the complete vulnerability lifecycle, including detection, triage, deduplication, risk scoring, ticket creation, SLA tracking, and remediation validation. * Design prompt engineering strategies and continuously optimize LLM models for secure code analysis, threat modeling, remediation guidance, vulnerability reasoning, and developer coaching. * Integrate AI\-powered application security capabilities into CI/CD pipelines using platforms such as Jenkins, GitHub Actions, and Azure DevOps to enforce security gates and real\-time feedback. * Develop developer\-focused security tooling including IDE extensions, REST APIs, and microservices using FastAPI or Flask to deliver contextual security recommendations. * Build aggregation platforms that consolidate findings from SAST, DAST, SCA, IAST, and secrets scanning tools into a unified application security risk dashboard. * Develop intelligent secrets detection capabilities using pattern recognition and AI\-based contextual analysis to identify exposed credentials, API keys, and sensitive configuration data. * Write unit tests, integration tests, and participate in peer code reviews to ensure high\-quality, secure, and maintainable code. * Monitor AI model performance, track security detection metrics, implement drift detection, and maintain automated retraining processes using MLOps practices. * Develop and maintain CI/CD pipelines for AI model deployment, versioning, monitoring, and production release using Azure ML, MLflow, or equivalent platforms. * Prepare technical documentation including architecture designs, API specifications, integration guides, operational runbooks, and security documentation. * Collaborate closely with application security engineers, developers, DevSecOps teams, cloud engineers, and penetration testers to continuously improve security automation and developer experience.

**Qualifications**

Bachelor’s or master’s degree in computer science, Information Technology, or a related field.