Associate Director, AI & Application Security - HYBRID ROLE

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field or equivalent experience.
• Significant experience in application security, product security, cloud security, or a related cybersecurity discipline.
• Strong experience securing cloud environments, particularly Azure and AWS; familiarity with GCP is a plus.
• Deep knowledge of application security fundamentals and secure software development practices.
• Experience securing APIs, platforms, and complex distributed systems.
• Experience leading threat modeling, architecture reviews, and risk-based security assessments.
• Experience applying security and risk frameworks in engineering environments, including familiarity with NIST AI RMF, NIST CSF, and common application security standards.
• Demonstrated ability to partner effectively with engineering and platform teams to embed security into design and delivery processes.
• Experience securing generative AI applications, agentic workflows, or machine learning-enabled services.
• Experience defining AI guardrails and monitoring strategies at scale.
• Excellent communication and influence skills, with the ability to engage both technical teams and senior leaders.
• Cloud security architecture and controls across Azure and AWS
• Familiarity with GCP security concepts and services
• Secure software development lifecycle (SDLC) practices
• Secure coding standards and code review practices
• SAST, DAST, automated security scanning, and remediation workflows
• OWASP Top 10 and common application and API security risks
• Familiarity with OWASP guidance for LLM/GenAI applications
• API security, identity and access management, secrets management, and service-to-service trust
• Logging, telemetry, monitoring, and detection for cloud-native environments
• Threat modeling and misuse-case analysis
• Familiarity with AI security risks, including: prompt injection, data leakage, model misuse, tool or action abuse, unsafe outputs, policy enforcement
• Familiarity with AI platforms and providers such as: Microsoft Copilot / Azure OpenAI, Anthropic, Google Gemini, AWS Bedrock, emerging AI platforms and services

Nice To Haves

• Experience working in biopharmaceutical or other GxP-regulated environments with strong privacy and data protection requirements.

Responsibilities

• Lead AI and application security across the full lifecycle of AI-enabled systems, from design and development through deployment and operations.
• Define and evolve security standards, guardrails, and control expectations for AI systems used across Vertex.
• Apply and operationalize industry-recognized security frameworks and control models, including: NIST AI Risk Management Framework (AI RMF), NIST Cybersecurity Framework (CSF), OWASP Top 10, OWASP Top 10 for LLM and Generative AI Applications.
• Secure AI workloads and AI-enabled applications across cloud and SaaS environments, with emphasis on: policy enforcement, data protection, logging and telemetry, monitoring and operational visibility.
• Lead threat modeling and misuse-case analysis for AI systems, including risks such as: prompt injection and prompt abuse, sensitive data leakage, tool or action abuse, unsafe outputs, model misuse.
• Define and mature AI guardrails, including monitoring, detection, logging, and misuse or negative testing practices.
• Establish secure development expectations for AI-enabled applications and services, including secure coding practices and appropriate separation of development and production environments.
• Build and lead application security testing practices for AI-enabled applications and supporting services, including SAST, DAST, automated scanning, and retesting processes.
• Partner with Cloud Security, Security Operations, Privacy, Legal, Data Science, and Engineering teams to align security controls with business, technical, and regulatory requirements.
• Influence architecture and platform decisions through practical, risk-based guidance that can scale with AI adoption.
• Communicate risks, tradeoffs, and recommendations clearly to both technical teams and senior leadership.

Benefits

• medical, dental and vision benefits
• generous paid time off (including a week-long company shutdown in the Summer and the Winter)
• educational assistance programs including student loan repayment
• a generous commuting subsidy
• matching charitable donations
• 401(k)