Security Engineer - Secure Development

The XTIUM global team is made up of a group of diverse and talented professionals who are all driven by the same goal: excellence and continuous improvement. We are all about embracing challenges, keeping the lines of communication open and working together. We take ownership of our work, focus on learning and growing and hold ourselves accountable to our colleagues and customers. Together, we strive to push boundaries, make an impact and inspire each other to reach our full potential.  

Job Description:

About the Role

The Security Engineer, Secure Development is responsible for establishing, leading, and enforcing security standards for all internally developed software, automation, and AI‑enabled solutions prior to customer delivery or internal production use. This role serves as the primary technical lead and designated expert to ensure that applications, APIs, infrastructure‑as‑code, and AI models meet security, privacy, and compliance requirements before release. This is an individual contributor role within the security organization, focused on hands‑on execution, technical depth, and influence through standards, tooling, and partnership with development teams.

As a Managed Services Provider with proprietary platforms and customer‑facing systems, XTIUM requires strong governance over secure development practices. This role works closely with engineering, platform, infrastructure, and compliance teams to embed security into the software development lifecycle while maintaining delivery velocity.

What You Will Do

Application & Code Security Governance

• Own and enforce secure development standards for all internally built applications, platforms, automation, and tooling.
• Perform and oversee manual and automated code reviews (static, dynamic, dependency, and supply‑chain analysis).
• Establish clear release gates requiring security approval before software or AI systems are delivered to customers or promoted internally.
• Define remediation standards and risk acceptance criteria for security findings.
• Conduct secure design reviews and application threat modeling during early development phases to identify and mitigate risk before implementation.

AI & Emerging Technology Security

• Review internally developed AI models, agents, prompts, integrations, and data pipelines for security, privacy, and misuse risk.
• Ensure AI systems comply with internal governance, customer contractual obligations, and emerging regulatory expectations.
• Partner with engineering and data teams to implement secure AI development patterns, including data protection, access controls, and auditability.

DevSecOps Enablement

• Integrate security tooling into CI/CD pipelines (e.g., SAST, DAST, dependency scanning, container scanning, secrets detection).
• Promote “shift‑left” security practices and reduce late‑stage security blockers through developer enablement.
• Collaborate with DevOps and Platform teams on secure delivery pipelines and runtime controls.

Risk, Compliance & IP Protection

• Protect XTIUM’s intellectual property by ensuring secure design, code custody, and controlled access to source repositories.
• Support compliance efforts across frameworks such as SOC 2, ISO 27001, and customer‑specific security requirements.
• Produce audit‑ready artifacts including risk assessments, code review records, and security sign‑offs.

Leadership & Collaboration

• Act as the primary application security escalation point for engineering and leadership.
• Mentor developers and engineers on secure coding practices and threat modeling.
• Provide executive‑level reporting on application and AI security posture, trends, and risk exposure.

What Qualifies You

Required Qualifications:

• 8+ years of experience in application security, DevSecOps, or secure software development.
• Strong hands‑on experience reviewing code in one or more modern languages (e.g., Python, JavaScript/TypeScript, C#, Java, Go).
• Proven experience securing APIs, web applications, microservices, and cloud‑native platforms.
• Experience integrating security controls into CI/CD pipelines and modern DevOps workflows.
• Deep understanding of common vulnerabilities and attack patterns (OWASP Top 10, API security risks, supply chain threats).
• Ability to balance security rigor with delivery velocity in a customer‑facing MSP environment.

Preferred Qualifications:

• Experience securing AI/ML systems, automation platforms, or data‑driven applications.
• Familiarity with cloud platforms (Azure, AWS) and containerized environments.
• Experience in a Managed Services Provider (MSP) or SaaS organization with external customer delivery obligations.
• Knowledge of regulatory and compliance frameworks impacting software and data security.

Key Competencies

• Secure Software Architecture
• Application & API Security
• AI Security & Governance
• DevSecOps Tooling & Automation