Lead AppSec Engineer

Virtualitics is the category leader in AI-native readiness applications for defense, government, and critical infrastructure. Founded on a decade of Caltech research in partnership with NASA/JPL, we are led by scientists, strategists, and servicemembers united by a single mission: to solve the world’s most complex, mission-critical challenges with AI. 

Our Readiness AI solutions deliver operational certainty — giving leaders and operators a clear picture of what’s ready, what’s at risk, and what to do next. By identifying risks early, diagnosing root causes, and recommending prioritized actions with transparent, explainable AI, we help organizations move from data complexity to decision advantage. 

Behind that impact is relentless innovation. Inventors at heart, we hold 15+ U.S. patents and are leading the shift toward agent-driven readiness. But what truly sets us apart is our culture — relentless about results, grounded in transparency, and driven by compassion for the mission and the people it serves.

If you’re motivated by impact, inspired by technical depth, and ready to build AI that performs where it matters most — you’ll find your mission here.

Our team is excited to find our next Lead Application Security Engineer to join the company. 

• →

  Serve as the subject matter expert to establish secure design patterns for AI systems, defining strict boundaries for agent autonomy, tool invocation, and prompt management while conducting threat modeling for model misuse.

• →

  Fulfill CMMC and IL5/IL6 compliance mandates by deploying a hybrid security architecture that pairs required deterministic validation tools (SAST, DAST, container scanning) with advanced AI reasoning engines.

• →

  Transition from manual SLA tracking to overseeing autonomous workflows, utilizing tools like Claude Code to instantly diagnose, verify, and fix vulnerabilities locally before they reach human review or CI/CD pipelines.

• →

  Leverage your deep understanding of Virtualitics’s software supply chain and delivery mechanisms to build clear review frameworks and mentor development teams on secure coding within AI-supported environments.

• Demonstrated track record of technical leadership in Application Security or Security Engineering, prioritizing continuous learning, and recent hands-on execution with AI/ML technologies

• Deep understanding of application architecture and threat modeling, paired with the ability to evaluate code for complex business logic flaws, prompt injection, model inversion, and data leakage.

• Proficiency in AI-native development and agentic coding tools (e.g., Claude Code, Cursor), with the ability to design secure automated workflows, manage complex context configurations

• Strong knowledge of cloud platforms (AWS, GCP, Azure) and containerization technologies (Docker, Kubernetes), including the specific architectural patterns required for deploying AI securely in highly regulated cloud environments.

• Demonstrated ability to act as a trusted advisor to product managers and engineers, driving "secure-by-design" practices through technical credibility and hands-on workflow integration rather than rigid policy enforcement.

• Experience advancing beyond manual ticketing by integrating deterministic security platforms (e.g., Wiz, Snyk, GitHub Advanced Security) with AI models to improve vulnerability management.

• Experience implementing security for regulated environments adhering to CMMC, FedRAMP, or IL5/IL6 requirements. 

• Experience scaling Series C / Series D startups

• High-agency

• AI fluent

• Diplomatic