Cybersecurity Engineer

About The Position

Requirements

• Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or related field, or (4) years of equivalent work experience. (Required for Level III and IV)
• (5) years of experience in IT technical security, DevSecOps, or Platform Engineering. (Required for Level III)
• (8) years of experience designing, implementing and troubleshooting networked computer systems including systems integration, hardware requirements and network design planning and (4) years of with secure network and systems architecture, design and implementation, intrusion detection, defense and incident response, security configuration management, access controls design and implementation and security policy and standards development. (Required for Level IV)
• Current certification in Information Security, or ability to obtain certification within 6 months of hire. Examples of appropriate certifications include CISSP, GIAC, GSEC, and SSCP. (Required for Level III and IV).

Nice To Haves

• Primary Cloud Expertise: Strong experience with Microsoft Azure security architecture (AKS, APIM).
• Identity Experience: Hands-on experience with Okta (OIDC/OAuth scopes, claims) and configuring M2M auth patterns.
• Infrastructure Skills: Proficiency with Helm Charts, Kubernetes (Runners, Ingress), and IaC (Terraform or Bicep).
• AppSec Tool Proficiency: Experience with Snyk, SonarQube, and JFrog.
• AI Fundamentals: Understanding of how models are trained, deployed, and secured, including familiarity with agentic system architectures and orchestration patterns.
• Portkey Admin: Specific experience administering Portkey or similar LLM gateways.
• Azure APIM: Deep knowledge of configuring and securing Azure API Management.
• Snowflake DB: Experience securing data within Snowflake environments.
• Azure ADO: Proficiency with Azure DevOps for CI/CD pipelines and board management.
• Technical Competencies
• Vulnerability Management: Expertise in the full lifecycle: discovery, prioritization, remediation, and validation.
• Observability: Ability to set up and analyze logs/metrics within a Kubernetes environment for security insights.
• Traffic Security: Deep understanding of SSL/TLS offloading, DNS security, and Ingress routing.
• AI Defense: Knowledge of mitigation techniques for prompt injection and model isolation.
• Data Protection: Expertise in handling sensitive data, including redaction and encryption (at rest and in transit).
• Professional Competencies
• Soft Skills & Business Alignment: Ability to align security practices with business goals and communicate complex risks effectively.
• Problem Solving: Excellent conceptualization, analytical, and logic skills.
• Teamwork: Exemplifies teamwork and serves as a role model; capable of influencing at all levels across the company.

Responsibilities

• AI Security & Governance
• Secure AI Assets: Protect data pipelines, AI models, and AI agents from threats including prompt injection, model hijacking, training-data poisoning, and trojan horses.
• RAG Security: Secure document ingestion, retrieval integrity, and data-access controls to prevent indirect prompt injection and unauthorized data leakage via the retrieval layer.
• Secure Agent Tool Integrations: Secure connections to internal tool servers (e.g., Model Context Protocol (MCP)), ensuring strict authentication and authorization for agent-initiated actions.
• Guardrails & Safety: Define and enforce AI guardrails to prevent unsafe outputs, implement tool permissioning and action scoping for agents to manage trade-offs between capabilities and safety.
• AI Threat Modeling: Lead risk assessments for modern AI concerns such as jailbreaks, indirect prompt attacks, and non-deterministic system behavior.
• Compliance & Governance: Ensure AI systems meet regulatory standards, maintain audit trails, and enforce governance policies across model usage.
• Platform, Traffic & Infrastructure Security
• Multi-Cluster Operations: Operate security controls consistently across four environments/3 AKS clusters, utilizing policy-as-code to ensure promotion consistency and drift detection.
• Identity & Access (IAM): Manage Okta integrations and Machine-to-Machine (M2M) authentication protocols, oversee per-application OIDC/OAuth client configuration (scopes, audiences, claims) and implement key/secret rotation automation.
• Gateway Administration: Act as the Portkey Admin (IT Interface), responsible for LLM model routing and provisioning, enforcing rate limits, maintaining tenant isolation, configuring AI guardrails, and managing comprehensive logging.
• Traffic Management: Secure the network layer by managing Ingress controllers, SSL certificate lifecycles, and DNS configurations for AI services.
• Compute & IaC: Secure Kubernetes environments (Azure AKS); manage Runners, Helm Charts, and Infrastructure as Code (IaC) templates to ensure compliant deployment of AI workloads.
• Observability: Configure and monitor K8s Metrics and Logs to detect security events, performance anomalies, and potential breaches in real-time.
• Application Security & Vulnerability Management
• Container & Python Security: Secure containerized Python applications, focusing on dependency management (SBOMs), hardening base image strategies, and enforcing a strict patch cadence.
• SAST & DAST Implementation: Design and manage Static and Dynamic Application Security Testing pipelines to detect security flaws early in the lifecycle.
• Vulnerability Remediation: Lead regular vulnerability scans of codebases and containers. Analyze results, prioritize critical issues, and partner with engineering teams to drive remediation.
• Secure Supply Chain: Manage artifact security and dependency scanning using tools like JFrog and Snyk.
• Code Quality: Oversee code quality and security gates using SonarQube.

Benefits

• Medical, vision, and dental coverage with low employee premiums.
• Voluntary benefit offerings, including pet insurance for paw parents.
• Life and disability insurance.
• Retirement programs, including a 401K employer match and, believe it or not, a pension plan that is vested after 3 years of service.
• Wellness incentives with a wide range of mental well-being resources for you and your dependents, including counseling services, stress management programs, and mindfulness programs, just to name a few.
• Generous paid time off to reenergize.
• Looking for continuing education? We have tuition assistance for both undergraduate and graduate degrees.
• Employee recognition program to celebrate anniversaries, team accomplishments, and more.
• For our hybrid employees, our on-campus model provides flexibility to create your own routine with access to on-site resources, networking opportunities, and team engagement.
• Commuter perks make your trip to work less impactful on the environment and your wallet.
• Free convenient on-site parking.
• Subsidized on-campus cafes make lunchtime connections with colleagues fun and affordable.
• Participate in engaging on-site activities such as health and wellness events, coffee connects, disaster preparedness fairs and more.
• Our complementary fitness & well-being center offers both in-person and virtual workouts and nutritional counseling.
• Need a brain break? Challenge someone to a game of shuffleboard or ping pong while on campus.