Senior Application Security Engineer, AI

Ready to be a Titan? At ServiceTitan, we are transforming product security into a core part of how engineering delivers software. We are looking for an AI-Focused Senior Application Security Engineer to help define and deliver a secure paved road, creating automated, developer friendly security patterns that enable our 80 plus R&D teams to build securely by default without slowing down innovation. In this role, you will partner closely with engineering to embed practical guardrails, manage emerging risks like non-human identities and data exposure, and enable teams to move quickly without compromising trust. This is an opportunity to shape the future of application security in an AI first environment, turning security into a core enabler of innovation rather than a constraint. What you’ll do: 1. Secure-by-Design Engineering Pipeline Automation: Embed security directly into the development pipeline through intelligent prompting and AI driven agents. Secure-by-Default Code: Collaborate with Engineering to develop and maintain secure microservice templates and libraries that have security controls built in from the start. Supply Chain Protections: Implement controls to secure dependencies, build artifacts, and third party integrations. Partner with engineering to enforce integrity, provenance, and policy checks within build and release workflows. 2. AI-Driven Security Testing & Validation Automated Scanning: Evaluate, configure, and implement AI agentic tooling to autonomously test our web applications for vulnerabilities. Simulation & Validation: Use agentic tooling to run proactive simulations based on emerging threats to validate our defenses in real time. Outcome Accountability: Drive adherence to vulnerability remediation SLAs by partnering with engineering teams to track, prioritize, and resolve security issues. Ensure clear ownership, measurable progress, and consistent follow through to reduce risk and maintain accountability. 3. AI & Identity Security AI Guardrails: Design and implement technical guardrails for AI Coding Agents and Model Context Protocols (MCP) to ensure safe adoption of AI in the development lifecycle. AI-Driven Tooling: Help operationalize AI based tooling to act as a GPS for developers, tuning the system to provide accurate, on demand threat modeling, design, and development advice. Non-Human Identity Management: Partner with engineering to define and implement strategies for managing machine identities across AI systems, including service accounts, API keys, and agent authentication. Enforce least privilege access, credential lifecycle management, and integration with secrets management and CI CD pipelines to reduce risk and prevent misuse. 4. Developer Enablement & Security Operations Technical Pit Crew: Act as the AppSec technical expert for the Security Champions Program. While leadership manages the program logistics, you will be the expert answering complex coding questions and guiding Champions on how to fix vulnerabilities. Contextual Training: Assist in setting up Just in Time training campaigns that trigger micro-trainings when engineers introduce vulnerabilities, allowing them to fix their own code. Triage to Automate: Own the initial triage of incoming vulnerability tickets (SAST/SCA). You will use this hands on work to identify the noise and pattern match recurring issues, directly informing which guardrails you build next. What you’ll bring: Experience: 5 years of experience in Product/Application Security, with a strong background in software engineering. Demonstrated AI Expertise: Proven experience at the intersection of AI and security, including securing AI workloads and leveraging AI agents to enhance defensive capabilities. Modern AppSec: Experience implementing tools and driving for secure outcomes throughout the Secure Software Development Lifecycle including Threat Modeling, Code Scanning, and Penetration testing. Automation Mindset: Proven ability to pro ... (truncated, view full listing at source)