AI AppSec Engineer Lead

"I can be myself at work."

You are more than a job title. We want you to feel comfortable doing great work and bringing your best, authentic self to everything you do. We value your talents, traditions, and uniqueness-and we're committed to fostering a strong sense of belonging in a respectful workplace.

We intentionally seek diverse perspectives, experiences, and backgrounds, investing in a culture designed to celebrate differences. We believe that belonging leads to better outcomes and a stronger community of associates united by our mission. At Capital, we live our core values every day: Integrity, Client Focus, Diverse Perspectives, Long-Term Thinking, and Community.

"I can influence my income."

You want to feel recognized at work. Your performance will be reviewed annually, and your compensation will be designed to motivate and reward the value that you provide. You'll receive a competitive salary, bonuses and benefits. Your company-funded retirement contribution will factor in salary and variable pay, including bonuses.

"I can lead a full life."

You bring unique goals and interests to your job and your life. Whether you're raising a family, you're passionate about where you volunteer, or you want to explore different career paths, we'll give you the resources that can set you up for success.

• Enjoy generous time-away and health benefits from day one, with the opportunity for flexible work options
• Receive 2-for-1 matching gifts for your charitable contributions and the opportunity to secure annual grants for the organizations you love
• Access on-demand professional development resources that allow you to hone existing skills and learn new ones

"I can succeed as a AI AppSec Engineer Lead at Capital Group"

As a LeadAIAppSecEngineer,you will work with application teams to ensure the security of custom andprocuredAI solutions.You willhelp enable Capital Group's AIstrategy bybuilding and/orprocuringsolutions toprotecta diverse set of enterprise AI platforms being built and deployed at Capital Group.You'llcollaborate with platformengineering, security engineering, and risk teams toensure their solutions support scalable, secureadoption of AI.

Additionally,you'llbe expected toprovidementoring,advising diverse teams across the organization, andpromotingAI Securityprinciples acrossCapital Group.

• Secure AI Development Lifecycle:You willprocureand/or build technical solutionstoembedautomatedsecuritychecks intothe AI SDLC and ML-Ops.
• AI Threat Modeling:You will threat model complex Agentic and AI systems and design security requirementscollaborativelywith developers,architectsand business stakeholders
• Code analysis:You will review code for security vulnerabilities in the context of AI-driven systems
• Contribute to Standards and Policies:You will providethought leadership forInformation Security policies and standards for AIin collaboration with technology risk
• AI/Agent SME:Youwill provideAI/Agent subject matterexpertisefor AI Incidentsand Security Reviews, and helpdevelop incident response playbooks for AI-related security incidents

"I am the person Capital Group is looking for."

• You have 8+years ofexperience in information security, application security,platform security, orpenetration testing,DevSecOps, networksecurityand other security disciplines.
• You have strong knowledge ofsecurity of safety risks of Large Language Models and AI Agents(OWASP for LLM Top 10, etcetera)
• You have 5+ Years ofexperienceautomating security checks, including SAST, SCA, and DAST, directly into CI/CD pipelines
• You have extensive experience with STRIDE/other threat modeling frameworks, agile workflows,

including Scrum and Kanban

• You areexperiencedin at least oneprogramming languages (Python, Java,.NET)
• You can effectively partner and collaborate with stakeholder teams.
• You have effective communication skills andthe abilityto outline security riskstoleadership.

Preferred Qualifications:

• Youhave knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers
• You are familiar withfunctionand purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (ExamplesLangChain,LlamaIndex, etc.)
• You are familiar withkey AI regulatory frameworks such asNIST AI RMF, MITRE ATLAS, GDPR, EU AI Act,etc
• You have Information Security certifications (CISSP, SANS GIAC, CISA, etc.)

"I can apply in less than 4 minutes."

You've reviewed this job posting and you're ready to start the candidate journey with us. Apply now to move to the next step in our recruiting process. If this role isn't what you're looking for, check out our other opportunities and join our talent community.

"I can learn more about Capital Group."

At Capital Group, the success of the people who invest with us depends on the people in whom we invest. That's why we offer a culture, compensation and opportunities that