Shortcuts:
Position Details: AppSec and; AI Security Manager
| Location: | All Deloitte USI Locations |
| Openings: | 1 |
| Salary Range: |
Description:
Skill- AppSec & AI Security Manager
Exp- 8-12 yrs
Hybrid-All Deloitte USI Locations
No of positions-2
As an AppSec & AI Security Manager, you will:
• Architect and oversee the build of *AI agents and agentic workflows
• for security automation (e.g., AppSec triage agents, security copilots,
autonomous remediation workflows, AI red-team automation).
• Lead end-to-end delivery of *AppSec, DevSecOps, and AI Security
(AISecOps)
• engagements—managing onshore/offshore engineers and
architects across the lifecycle (assess, design, implement, operate).
• Define and drive adoption of *secure-by-design architectures
• for
modern applications, cloud-native platforms, and AI/agentic systems;
establish reference architectures and reusable patterns.
• Review and approve security architecture for systems spanning
• microservices,
APIs, distributed platforms, and AI/RAG/agentic solutions*, including
data flows, trust boundaries, secrets, encryption, and third-party
dependencies.
• Establish reusable patterns for *CI/CD pipeline security*,
• policy-as-code*, IaC scanning, and software/artifact integrity (e.g.,
• SBOM
• and *ML-BOM
• workflows), aligned to secure SDLC goals.
• Establish and assess *container/Kubernetes security
• patterns
(admission control, multi-tenant isolation, runtime protection) and
supply-chain controls (e.g., *SLSA*, *sigstore*).
• Define and assess *LLM/agent guardrails
• (prompt/output handling
controls, grounding strategies, tool allow-listing, sandboxing, rate
limits/quotas, and human-in-the-loop patterns) and verify effectiveness
through testing.
• Drive *LLM/agent security testing
• (abuse/misuse cases, prompt
injection/jailbreak testing, tool-use abuse validation, adversarial
evaluation) and ensure findings are translated into actionable mitigations
and risk decisions.
• Define *runtime monitoring and incident response
• requirements for AI
systems (secure telemetry, privacy-aware prompt/output logging patterns,
abuse detection, drift signals, containment/rollback playbooks).
• Shape clients’ enterprise *AppSec and AISecOps programs*—build
roadmaps aligning security investment with business outcomes and regulatory
requirements; define governance, metrics, and operating model.
• Serve as the primary day-to-day client interface—build rapport and
trust with senior stakeholders (e.g., CISOs, CTOs, Heads of AI/Engineering)
and guide prioritization and decision-making.
• Oversee the quality of project deliverables—assessment reports,
architectures, threat models, runbooks, and risk/security recommendations.
• Support business development: define scope, build estimates and
pricing, package proposals, and support proposal presentations.
• Contribute to eminence—whitepapers, points-of-view, conference
content—on the convergence of AppSec, DevSecOps, and AISecOps.
Lead talent processes—recruiting, coaching, performance management, and
capability building for AppSec and AI Security professionals.
Perform an action:
