AI Security Engineer

About The Position

Requirements

• Minimum of 5 years of hands-on experience in information technology, with a focus on risk management and compliance.
• Comprehensive knowledge of industry market structures and associated regulatory compliance frameworks, such as ISO 27001, SOC 2, NIST, NIS2, and GDPR.
• Demonstrated expertise in identity management standards, as well as cloud-based storage and disaster recovery strategies.
• Proficiency in utilizing security assessment tools, including but not limited to Rapid7.
• Familiarity with Governance, Risk, and Compliance (GRC) platforms and best practices, such as ZenGRC, OneTrust, and Archer.
• Documented success in coordinating and executing multiple risk and compliance initiatives.
• Proven ability to manage third-party audits, including compiling audit evidence and organizing comprehensive audit responses.
• Exceptional attention to detail and accuracy in all aspects of work.
• Strong written and verbal communication skills, with the ability to collaborate effectively across cross-functional teams.
• Well-developed analytical and problem-solving skills, with a track record of driving initiatives that support organizational objectives.
• 3–5 years of progressive experience in security engineering, application security, or a closely related role.
• Hands-on experience with secure coding practices in one or more languages (Python, JavaScript/TypeScript, Go, or similar).
• Demonstrated knowledge of OWASP Top 10, OWASP LLM Top 10, and common application security vulnerabilities.
• Experience conducting SaaS application security reviews or third-party vendor security assessments.
• Familiarity with AI/ML platforms, LLM integrations, or AI-assisted development tooling from a security perspective.
• Understanding of OAuth 2.0, SAML, API security patterns, and modern identity and access management concepts.
• Experience with SAST, DAST, or SCA tooling (e.g., Semgrep, Checkmarx, Snyk, Burp Suite).
• Strong written and verbal communication skills, with the ability to convey technical risk to non-technical stakeholders.

Nice To Haves

• Experience securing marketing technology platforms such as Salesforce, HubSpot, Adobe Experience Cloud, or similar.
• Familiarity with browser extension security, plugin frameworks, and marketplace governance.
• Exposure to cloud security principles on AWS, Azure, or GCP relevant to SaaS and AI workloads.
• Relevant certifications such as CSSLP, CEH, GWAPT, AWS Security Specialty, or equivalent.
• Experience contributing to security architecture review processes or developing reference security patterns.
• Knowledge of data privacy regulations (GDPR, CCPA, HIPAA) as they apply to marketing and analytics platforms.

Responsibilities

• Evaluate AI tools, models, and platforms for security risk, including prompt injection vulnerabilities, data leakage, model output integrity, and supply chain risks.
• Develop and enforce security standards for AI-assisted development workflows, including LLM-integrated CI/CD pipelines and code generation tools.
• Assess AI API integrations and third-party model usage for data handling compliance, authorization controls, and audit logging.
• Participate in the design and review of AI-powered internal tooling and automation, ensuring security requirements are embedded from inception.
• Stay current on evolving AI security threats including adversarial prompting, model poisoning, and emerging OWASP LLM Top 10 guidance.
• Conduct secure code reviews across multiple languages and frameworks, with an emphasis on Python, JavaScript/TypeScript, and cloud-native applications.
• Apply OWASP principles and industry-standard secure development lifecycle (SDLC) practices to engineering workflows.
• Perform static and dynamic application security testing (SAST/DAST) and triage findings with development teams through to remediation.
• Collaborate with software engineers to embed security controls into code pipelines, authentication flows, and data handling routines.
• Lead third-party SaaS application security assessments, evaluating vendor security posture, data handling practices, access control models, and contractual compliance.
• Maintain a SaaS application inventory and risk register, conducting periodic reviews and ensuring ongoing controls alignment.
• Evaluate browser-based plugins, marketplace extensions, and integrations for privilege scope, data exfiltration risk, and policy adherence.
• Partner with Procurement and Legal during the vendor onboarding process to communicate security requirements and assess residual risk.
• Assess the security posture of marketing platforms including CRMs, CDPs, ad tech stacks, campaign automation tools, and analytics platforms.
• Evaluate data flows between marketing systems and core enterprise infrastructure, identifying excessive data sharing, weak authentication, and shadow IT exposure.
• Support the review and governance of marketing API keys, OAuth tokens, and webhook configurations.
• Partner with Marketing and Digital teams to align platform configuration with data privacy requirements (GDPR, CCPA) and organizational policy.
• Participate in architecture review boards (ARB) to assess new systems and integration patterns for security risk.
• Develop and maintain security reference architectures for SaaS integrations, AI platform connections, and plugin frameworks.
• Contribute to security policies, standards, and playbooks relevant to AI security, SaaS governance, and third-party risk.
• Support threat modeling exercises for new platform deployments and significant system changes.

Benefits

• Generous medical, dental, vision and other great benefits
• Paid parental and medical leave programs
• 401(k) with a company match component and profit sharing
• 15 days of paid time off plus company holidays
• Tuition reimbursement and student loan repayment assistance
• Inclusive employee resource groups