AI AppSec / AiSec Engineer

At Mindbox we connect top IT talents with technology projects for leading enterprises across Europe. 

 

We are looking for an experienced AI AppSec / AI Security Engineer to join our Cybersecurity Technology & Engineering team. This role focuses on advancing application and AI security capabilities by embedding secure-by-design principles within software development lifecycles, as well as addressing emerging security challenges associated with AI-powered solutions and ML pipelines.

You will work closely with global engineering teams, influencing best practices and ensuring that security measures keep pace with the adoption of modern technologies, including large language models, generative AI, and AI-assisted development tools.

This is a strategic, technical hands-on role where you will review code, define security patterns, evaluate AI/ML risks, and help shape secure integration of AI into enterprise environments.

Sounds like your kind of challenge? 

What you’ll be doing

  • Perform secure code reviews, delivering actionable and developer-friendly feedback to global engineering teams.
  • Act as a security consultant: identify insecure coding patterns, deprecated protocols, and compliance gaps; define migration paths to modern secure alternatives.
  • Evaluate new security solutions through Proof of Concept (POC) and Proof of Value (POV) engagements, applying structured methodologies to validate effectiveness before adoption.
  • Apply scientific rigor in vulnerability analysis, using metrics and statistical modelling to assess and communicate security risks objectively.
  • Conduct comparative evaluations of large language models (LLMs) for security applications, including vulnerability detection, fix generation, and security automation.
  • Assess and secure AI/ML pipelines and generative AI integrations, mitigating risks such as prompt injection, data poisoning, and model abuse.
  • Define security configuration standards for AI tools and platforms, ensuring compliance with secure-by-default principles.
  • Review and evaluate AI-assisted development tooling (e.g., GitHub Copilot), measuring risks and testing detection accuracy.
  • Provide technical mentorship and contribute to knowledge sharing and security capability uplift across engineering teams.
  • Collaborate on developing reusable security patterns, policies, and guidance for embedding security in new product and service development.

Note: Detailed project information will be shared during the recruitment process. 

What you get in return

  • Flexible cooperation model – choose the form that suits you best
    (B2B, employment contract, etc.)
  • Hybrid work setup – 6 days per month from the office
  • Collaborative team culture – work alongside experienced professionals eager to share knowledge 
  • Continuous development – access to training platforms and growth opportunities 
  • Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more 
  • High quality equipment – laptop and essential software provided 

Who we’re looking for

  • Strong background in application security engineering, including secure code reviews and vulnerability analysis.
  • Expertise in OWASP Top 10, API security, OAuth2.0/JWT, and understanding of AI/ML-specific security risks (OWASP LLM Top 10).
  • Ability to conduct threat modelling sessions (e.g., STRIDE, PASTA) and articulate risk findings.
  • Hands-on experience securing CI/CD pipelines and integrating security tooling (e.g., Checkmarx, SonarQube, TruffleHog, Aqua, Tenable, Nessus).
  • Strong scripting skills in Python for automation and security tooling.
  • Familiarity with security frameworks and standards (NIST, ISO 27001) and applying them in regulated environments.
  • Analytical mindset with an ability to present evidence-based risk assessments to both technical and non-technical audiences.
  • Excellent communication and collaboration skills; ability to mentor and advise distributed engineering teams.
  • Experience working in an Agile environment with DevSecOps practices.

Nice to have:

  • Practical experience applying OWASP LLM Top 10 in real-world AI/ML assessments.
  • Understanding adversarial ML techniques (model evasion, data poisoning, inversion attacks).
  • Experience with Software Composition Analysis (SCA) and open-source vulnerability scanning.
  • Familiarity with penetration testing activities at application and API levels.
  • Certifications such as CSSLP, OSCP, CEH, or equivalent.
  • Hands-on experience with secure configurations on cloud platforms (GCP, Azure).
  • Prior exposure to regulated sectors such as financial services is an advantage.

Joining this project you’ll become part of Mindbox – a tech-driven company where consulting, engineering, and talent meet to build meaningful digital solutions. We’ll back you up every step of the way, accelerate your development, and ensure your skills make a difference. 

AI AppSec / AiSec Engineer

Kraków

B2B

1600 - 1800 PLN/MD net + VAT

Apply for position

I will handle your recruitment

Klaudia Józefowicz

SUPPORT & BENEFITS

Private healthcare

Fast access to doctors and medical tests. 

Mindbox fully covers the individual package. You can extend the coverage to your partner and family on preferential terms. A wide network of medical providers and clear rules for everyday use.

Multisport

Energy that pays off.

We cover 50% of the card cost. You get access to thousands of sports facilities across Poland, plus a convenient mobile app. Additional cards for family members are available.

Training & development

Practical support for your career growth.

We co‑fund courses, certifications and conferences under a clear Training Policy. You also get access to a library of recorded webinars and trainings – available whenever you need them.

Eyewear or contact lenses co‑funding

Clear vision means comfortable work.

Up to PLN 500 every two years, with an additional PLN 300 available in justified cases. Simple reimbursement, regardless of your form of cooperation.

Group life insurance

Real protection from day one.

Option I is fully funded by Mindbox, Option II is co‑funded. You can include your partner and adult children, with coverage that also applies to treatment and hospitalisation abroad.

Ongoing support from the Talent Network Development

You’re not on your own in a project.

Regular contact, quick response and a partnership‑based approach. You focus on your work — we help take care of the rest.

Regular integration meet‑ups

Relationships that work beyond the project.

Cyclical meet‑ups for contractors in major cities across Poland. A space to talk, exchange experience and stay in real contact with the Mindbox team.

Annual company‑wide integration

One event. The whole community.

A two‑day company gathering with accommodation, transport and a full activity programme. Time to connect teams from across Poland and build shared experiences.

New baby gift

Important moments matter to us.

When a child is born, we prepare a personalised gift. All it takes is a short message to the Talent Network Development team.

do you like
like our offer?

the recruitment process

We take care of every stage of process

Submit your CV

The supplier takes full responsibility for the applications, their performance and load, and monitors and fixes any problems and failures.

Contact with
a Recruiter

The supplier takes full responsibility for the applications, their performance and load, and monitors and fixes any problems and failures.

Sending your CV
to the client

The supplier takes full responsibility for the applications, their performance and load, and monitors and fixes any problems and failures.

Lorem ipsum

Lorem ipsum

Referral Program

Refer a friend & get up to 6,000 PLN

Do you know an IT specialist who could be a good fit for one of our projects? Share their contact details with us and we’ll take care of the rest.

You can receive up to 6,000 PLN for a successful referral.