Sr. Security Engineer Jobs 2026 XTIUM Islamabad Remote
XTIUM
Posted Jun 22, 2026
About the Job
XTIUM is a Managed Services Provider with proprietary platforms and customer-facing systems that requires strong governance over secure development practices. The company is hiring a Sr. Security Engineer (Development) for a full-time remote position based in Islamabad, Pakistan. This role is responsible for establishing and enforcing security standards across all internally developed software, AI solutions, and automation tooling.
Job Details
| Company | XTIUM |
| Position | Sr. Security Engineer (Development) |
| Location | Islamabad, Pakistan (Remote) |
| Employment Type | Full-Time, Remote |
| Experience | 8+ years in application security, DevSecOps, or secure software development |
| Apply | https://xtium.careers-page.com/jobs/2e8fac3a-3276-414f-b2bf-1791a96653f9 |
Key Responsibilities
Application & Code Security Governance
- Own and enforce secure development standards for all internally built applications, platforms, automation, and tooling
- Perform and oversee manual and automated code reviews (static, dynamic, dependency, and supply-chain analysis)
- Establish clear release gates requiring security approval before software or AI systems are delivered
- Define remediation standards and risk acceptance criteria for security findings
- Conduct secure design reviews and application threat modeling during early development phases
AI & Emerging Technology Security
- Review internally developed AI models, agents, prompts, integrations, and data pipelines for security, privacy, and misuse risk
- Ensure AI systems comply with internal governance, customer contractual obligations, and emerging regulatory expectations
- Partner with engineering and data teams to implement secure AI development patterns
DevSecOps Enablement
- Integrate security tooling into CI/CD pipelines (SAST, DAST, dependency scanning, container scanning, secrets detection)
- Promote shift-left security practices and reduce late-stage security blockers through developer enablement
Risk, Compliance & IP Protection
- Protect XTIUM's intellectual property by ensuring secure design, code custody, and controlled access to source repositories
- Support compliance efforts across frameworks such as SOC 2, ISO 27001, and customer-specific security requirements
- Produce audit-ready artifacts including risk assessments, code review records, and security sign-offs
Leadership & Collaboration
- Act as the primary application security escalation point for engineering and leadership
- Mentor developers and engineers on secure coding practices and threat modeling
- Provide executive-level reporting on application and AI security posture, trends, and risk exposure
Required Qualifications
- 8+ years of experience in application security, DevSecOps, or secure software development
- Strong hands-on experience reviewing code in one or more modern languages (Python, JavaScript/TypeScript, C#, Java, Go)
- Proven experience securing APIs, web applications, microservices, and cloud-native platforms
- Experience integrating security controls into CI/CD pipelines and modern DevOps workflows
- Deep understanding of common vulnerabilities and attack patterns (OWASP Top 10, API security risks, supply chain threats)
- Ability to balance security rigor with delivery velocity in a customer-facing MSP environment
Preferred Qualifications
- Experience securing AI/ML systems, automation platforms, or data-driven applications
- Familiarity with cloud platforms (Azure, AWS) and containerized environments
- Experience in a Managed Services Provider (MSP) or SaaS organization with external customer delivery obligations
- Knowledge of regulatory and compliance frameworks impacting software and data security
Key Competencies
- Secure Software Architecture
- Application & API Security
- AI Security & Governance
- DevSecOps Tooling & Automation
How to Apply
Apply online at: https://xtium.careers-page.com/jobs/2e8fac3a-3276-414f-b2bf-1791a96653f9
How to Prepare for This Role
The Sr. Security Engineer (Development) role at XTIUM is a senior-level remote position requiring deep expertise across application security, AI system security, and DevSecOps. The interview process at a Managed Services Provider of this type typically includes a technical screening, a deep-dive technical interview, and a leadership or cultural fit conversation. The four areas below cover what will matter most across these stages.
The core of this role is owning secure development standards and conducting manual and automated code reviews. The technical interview will likely require you to walk through how you approach a code review: the types of vulnerabilities you look for (injection flaws, insecure deserialization, broken access control, secrets in code, dependency risks), the tools you use for static and dynamic analysis, and how you handle supply-chain security. Prepare concrete examples of code review findings you have made, how you defined remediation standards, and how you communicated risk to engineering teams. The ad specifically requires hands-on experience in Python, JavaScript/TypeScript, C#, Java, or Go, so be ready to discuss code-level security issues in at least one of these languages in detail.
XTIUM is an MSP with customer-facing systems. The interview panel will want to understand how you balance security rigor with delivery velocity in a fast-moving environment. Prepare an example of a situation where you enforced a security release gate that blocked a deployment, how you communicated the decision, and how the issue was resolved without causing extended delays.
This role is distinctive in its explicit focus on AI security: reviewing AI models, agents, prompts, integrations, and data pipelines for security, privacy, and misuse risk. This is a growing and specialized area. Be prepared to discuss how you think about prompt injection attacks, data exfiltration risks through AI agents, model governance, and privacy compliance in AI pipelines. If you have direct experience securing AI or ML systems, automation platforms, or data-driven applications, lead with that in the interview. If your AI security experience is limited, review current frameworks and threat models for LLM and agentic systems before your interview, as this is listed both as a responsibility and as a preferred qualification.
The ad requires ensuring AI systems comply with internal governance, customer contractual obligations, and emerging regulatory expectations. Prepare to discuss how you would design a security review process for an AI feature before it is delivered to customers, including what documentation and sign-off artifacts you would produce.
The role requires integrating security tooling into CI/CD pipelines including SAST, DAST, dependency scanning, container scanning, and secrets detection. Be ready to describe which specific tools you have used in each of these categories, how you integrated them into an existing pipeline, and what the engineering team's reaction was. The ad also emphasizes promoting shift-left security practices and reducing late-stage security blockers. Prepare to explain how you have moved security earlier in the development lifecycle at a previous organization: what training or enablement you provided to developers, how you reduced the number of findings reaching production, and how you measured improvement over time. Familiarity with Azure and AWS environments and containerized deployments is preferred.
Compliance frameworks SOC 2 and ISO 27001 are explicitly mentioned. Prepare to describe how you have produced audit-ready artifacts: risk assessments, code review records, and security sign-offs. If you have supported a SOC 2 audit or ISO 27001 certification effort in a software development context, walk through your specific contributions.
As a senior role, this position requires acting as the primary application security escalation point, mentoring developers on secure coding, and providing executive-level reporting on security posture and risk exposure. The interview panel will assess your ability to translate technical security risk into business language that leadership can act on. Prepare a brief example of a security posture report or risk summary you have presented to senior leadership or a board: what metrics you tracked, what trends you highlighted, and what decisions were made as a result. Also prepare to discuss how you have mentored junior engineers or developers, what secure coding training you delivered, and how you measured the impact on code quality and vulnerability rates.
You'll be redirected to the official portal
Find Your Next Opportunity on Genzeejobs
Verified listings updated daily across all cities and sectors in Pakistan.