Senior AI & Application Securi...

NFA is purpose-driven. We safeguard the integrity of the derivatives markets, protect investors and ensure that our Members meet their regulatory obligations. We take pride in our work; maintain a conviction to do the right thing; empower each other; and support our community. Envision your career in a place where performing critical regulatory work within the financial industry is as significant as the passionate and talented individuals with whom you work.

When you join NFA as a Senior AI & Application Security Engineer, you'll play a critical role in advancing secure-by-design practices across our applications, APIs, cloud platforms, and emerging AI solutions.  You will be a hands-on technical leader and subject matter expert developing, designing, and automating secure applications while partnering closely with developers, architects, data, and governance teams. Your expertise will help protect business critical systems while enabling innovation through secure development practices and modern security architecture. 

Bring your analytical and innovative mindset to identify and mitigate security risks across traditional and AI-enabled applications.  This role requires deep knowledge of application security principles, including OWASP Top 10, API security, threat modeling, secure coding practices, vulnerability management, and application testing tools. You will leverage your experience with Large Language Models (LLMs), Generative AI, and cloud native technologies to help establish security standards, evaluate emerging risks, and guide secure adaptation of AI capabilities across the organization. 

Beginning your first day, and throughout your career at NFA, you will work closely with development and architecture teams to create secure applications, perform code reviews, assess cloud security controls, and strengthen our security posture through automation and DevSecOps practices. You will serve as a trusted advisor on Cloudflare security architecture, Web Application Firewall (WAF) technologies, secure API design, and cloud security while helping teams deliver scalable, resilient, and secure solutions that support our mission at NFA. 

What you'll do:

In this role you will lead the secure design and implementation of  both traditional enterprise and AI-powered applications by integrating security throughout the SDLC, performing architecture reviews, threat modeling, and application security testing across cloud and AI environments.  In addition, you will:

• Lead application security architecture reviews, threat modeling exercises, vulnerability assessments, and secure design assessments for web applications, APIs, cloud native platforms, and AI-enabled solutions
• Develop the vision, roadmap, and operating model for securing applications, that illustrates how applications, integrations, cloud services, infrastructure, and network architecture work together as a cohesive ecosystem.
• Partner across technology and business teams to define security standards, identify emerging risk, implement proactive controls while developing meaningful metrics that demonstrate risk reduction and program effectiveness.
• Perform secure code reviews and implement remediation of application vulnerabilities.
• Assess and mitigate risks associated with Large Language Models (LLMs), Generative AI, AI agents, and AI assisted development tools.
• Develop, maintain, and adapt to application security standards that are aligned with OWASP Top 10, and industry best practices.
• Utilize security testing tools including BURP, to identify vulnerabilities, validate security controls, and follow through with remediation.
• Design, implement, and optimize Cloudflare security services including WAF, API security, DDoS protection, and Zero Trust capabilities.
• Integrate security controls automated testing, and policy validation into CI/CD pipelines and DevSecOps workflows.
• Collaborate with engineering teams to secure cloud environments and applications hosted in diverse cloud platforms.
• Serve as a SME on application security, AI security, cloud security, and secure software development practices. 
• Present security assessments, risk findings, and strategic recommendations to senior leadership and key stakeholders, translating complex technical concepts into actionable outputs.

What we are looking for:

We are seeking a subject matter expert across AI and traditional applications, security architecture, cloud technologies and network infrastructure with a deep understanding of how these domains work together to support secure operations.  Additional qualifications include:

• Hands on experience reviewing and writing code in one or more modern programming languages.
• Strong knowledge of secure coding practices, threat modeling, vulnerability management, and Secure SDLC methodologies.
• Expertise with OWASP Top 10, API Security, authentication, authorization, and application layer security controls.
• Experience securing and assessing cloud-native applications and architectures within various cloud platforms, as well as designing secure  AI/LLM technologies.
• Experience architecting, implementing, and maintaining Cloudflare-based security protections, including WAF, API security, DDoS defenses, and other web application security controls.
• Strong communications skills with the ability to influence technical teams and drive security initiatives across the organization.
• Demonstrated experience guiding secure applications through the full lifecycle from requirements gathering, and architecture reviews to design, development, deployment, remediation and on-going optimization.
• Deep knowledge of how applications reside and interact across the cloud, network, an infrastructure environment, enabling the development of comprehensive security strategies and roadmaps.
• Experience interpreting and implementing enterprise security architecture principles and governance frameworks, with practical application of NIST SP 800‑53, NIST Cybersecurity Framework (CSF) 2.0, NIST AI Risk Management Framework (AI RMF), NIST SP 800‑218 (SSDF), and NIST SP 800‑207 within application security programs.
  
  

The salary range for this position is $152,950 to $272,000

Customers and market participants depend on NFA to act with integrity and impartiality as it carries out its mission of safeguarding the markets and protecting investors. Therefore, NFA employees have a responsibility to conduct themselves according to high ethical standards, and must abide by NFA's Code of Professional Conduct. Learn more about the Code of Professional Conduct.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

To learn more about NFA and the benefits we offer please visit: What We Offer | National Futures Association