Application Security Engineer

Role Overview

Millennium is seeking an experienced Application Security Engineer who can serve as a technical authority across a broad range of security tools, technologies, and approaches. This position is centered on strengthening enterprise security and AI security by creating practical tooling and repeatable processes that help secure-by-design practices become standard across the organization.

The environment is highly complex and technically demanding, and the team works collaboratively to build a leading security program that partners closely with the business to safeguard the firm’s information assets and computer systems. Protecting the organization against both external and internal threats is a key priority.

Principal Responsibilities

• Set the direction for AI security by creating and applying guardrails for Generative AI, large language models, and agentic frameworks so they can be adopted safely in the enterprise.
• Perform focused AI risk work, including threat modeling, red teaming, and detailed risk reviews for AI and ML systems, with attention to issues such as prompt injection, model extraction, and data poisoning.
• Provide security advisory support for IT initiatives by leading risk assessments, reviewing designs, and recommending practical mitigations.
• Stay involved across the software development lifecycle to uncover weaknesses, carry out code reviews and penetration testing, and promote secure development standards.
• Build awareness of application security and AI security through training, developer education, outreach, and supporting materials.
• Develop security architecture and embed automated controls such as SAST, DAST, and SCA into CI/CD workflows.
• Work closely with Technology, Trading, Legal, and Compliance teams to shape policy and explain technical risk clearly to non-technical audiences.

Requirements

• A bachelor’s degree or higher in Computer Science, Computer Engineering, IT Security, or a related discipline.
• At least 5 years of experience in Application Security, Software Engineering, or a comparable role.
• Strong knowledge of AI-related security threats, including the OWASP Top 10 for LLMs, along with hands-on experience securing LLM-based applications.
• Practical experience with AI models, agentic frameworks, and the security concerns associated with them.
• Experience collaborating with distributed global teams and contributing to code review and presentation work.
• Proven exposure to hybrid environments spanning on-premise infrastructure and public cloud platforms such as AWS, GCP, and Azure.
• Solid understanding of security architecture, secure configuration, secure coding practices, cryptography basics, and encryption protocols.
• Experience with source control and CI/CD platforms such as GitHub, Jenkins, and Artifactory, including integrating security scanning and vulnerability management into pipelines.
• Working knowledge of static and dynamic analysis tools, as well as SCA and SBOM solutions.
• Hands-on familiarity with secrets management and password vault tools such as Delinea Secret Server and/or HashiCorp Vault.
• Strong programming skills in languages such as Python, Java, C++, C#, or similar.
• Exposure to infrastructure-as-code tooling such as CloudFormation, Terraform, and Ansible.
• Familiarity with web application security testing methods and tools.
• Understanding of security frameworks and standards including ISO 27001, NIST, and OWASP.
• Knowledge of Linux, operating system internals, and containers would be an advantage.
• Certifications such as CISSP, CISM, CompTIA Security+, or CEH are considered beneficial.

Additional Information

This is a full-time, on-site position based in Dublin, County Dublin, Ireland.

No stipend or salary amount was provided in the source material.