AI Security Engineer

About The Position

Requirements

• 10+ years in security architecture, application security, cloud/platform security, or related fields
• Demonstrated experience securing AI/ML or LLM‑based systems in enterprise environments
• Strong background in threat modeling, secure design, and risk management
• Experience working cross‑functionally with engineering, product, legal, and compliance teams
• Strong written and verbal communication skills, including executive‑level communication
• Highly technology‑savvy and continuously current on rapidly evolving AI/LLM platforms, agent frameworks, developer tooling, and emerging attack techniques through hands-on experimentation and learning.
• Brings strong engineering intuition through prior software development experience or equivalent hands-on technical background, enabling effective architecture reviews, threat modeling, and pragmatic security guidance.
• Comfortable reading, writing, and reviewing code (e.g., Python, TypeScript, or similar) to understand AI workflows, model integrations, APIs, pipelines, and real‑world failure modes.
• Practical experience experimenting with AI tooling, copilots, agents, and “vibe‑coding” workflows, with an understanding of how developers’ prototype, iterate, and ship AI‑enabled systems.
• Able to translate modern developer behaviors (prompt‑driven development, agent orchestration, rapid iteration) into realistic, enforceable security controls rather than theoretical policy.
• Uses technical credibility to influence engineering teams, accelerate adoption of secure AI patterns, and ensure security enables—rather than blocks—innovation.

Nice To Haves

• Prior experience as a software engineer, platform engineer, or security engineer with significant coding responsibilities
• Experience with AI governance frameworks or enterprise risk management programs
• Familiarity with security testing, red teaming, and detection engineering
• Experience building security programs with clear KPIs, metrics, and audit readiness

Responsibilities

• Own enterprise AI discovery, inventory, and intake workflows covering AI use cases, models, tools, agents, and integrations
• Define and enforce AI risk tiering and classification (data sensitivity, model risk, autonomy level, exposure)
• Partner with AI Governance, Legal, Privacy, and Risk teams to establish approval, exception, and waiver processes
• Ensure AI security controls align with enterprise risk management and audit expectations
• Lead AI‑specific threat modeling, including prompt injection, data leakage, model poisoning, tool abuse, agentic risk, and supply‑chain threats
• Define secure AI architecture patterns and prohibited design patterns
• Conduct and oversee risk assessments for LLM‑integrated applications, internal copilots, and external AI services
• Track AI security risks and exceptions through remediation and closure
• Define and operationalize AI security guardrails, including: Authentication and authorization for AI systems Data boundaries, retention, and usage controls Output/content controls and policy enforcement Identity, secrets, and key management for AI workloads
• Lead security requirements for agent frameworks, MCP servers/clients, AI gateways, and proxies
• Partner with AppSec and Platform teams to deliver secure “paved‑road” AI solutions for engineering teams
• Establish secure AI lifecycle gates (pre‑prod, prod, post‑deployment)
• Own AI security testing and validation, including red teaming, abuse testing, and guardrail effectiveness
• Define requirements for telemetry, audit logging, and retention for AI sessions, tool calls, and memory usage
• Integrate AI signals into SIEM, detection, and incident response workflows
• Own AI‑specific detection use cases and alerting strategies
• Partner with IR teams to develop and maintain AI incident response posture and integration with SIEM tools
• Lead post‑incident reviews and drive control improvements
• Publish executive and operational AI security metrics and dashboards