Information Security Engineer, Professional II

Zebra Technologies•Lincolnshire, IL

3d•Hybrid

About The Position

Provides security engineering support across the organization with a developing focus on AI and API security. Participates in the evaluation, configuration, and support of security solutions in the team’s portfolio including, but not limited to: AI application security, API security, identity security, SASE, Zero Trust, data protection, email security, endpoint detection and response (EDR), cloud security, and security architecture. This role is an entry point into AI security and is designed for engineers who are curious about the AI threat landscape and eager to build expertise in one of the fastest-growing areas of cybersecurity.

Requirements

Bachelor’s degree or equivalent experience.
2+ years experience in IT Security. Can include security architecture, risk analysis, security solution deployment and configuration, security operations, and incident response.
Curiosity and willingness to develop hands-on knowledge of generative AI systems, LLMs, RAG architectures, and agentic AI patterns (MCP, tool calling, orchestration frameworks).
Basic awareness of AI-specific security risks: prompt injection, data exposure, model misuse, and insecure integrations.
Ability to learn and apply AI security frameworks such as NIST AI RMF, OWASP LLM Top 10, and MITRE ATLAS with guidance.
Ability to understand new systems and tools. Can include API security, application security, secrets management, and secure software design.
Ability to learn and operate enterprise security platforms.
Familiarity with identity and access management, secrets management, and Zero Trust concepts.
Communication and presentation skills, both online and in-person.
Ability to be a trustworthy advisor to our business partners.
Good business acumen to drive good business decisions.
Ability to work remotely and independently.

Nice To Haves

Some exposure to AI/ML systems, application security, or API security is a plus but not required.
Familiarity with scripting or programming languages (e.g., Python) for automation or testing is a plus; software development background is welcomed.
Familiarity with tools in use at Zebra including CrowdStrike Falcon (EDR/XDR), Zscaler (ZIA/ZPA), Proofpoint Email Security, BeyondTrust Endpoint Privilege Management, and Salt Security (API Security) is a plus.
Experience with cloud platforms (e.g., AWS, Azure, GCP).
Experience working in a global, heterogeneous, cloud and on-prem environment.
Working knowledge of NIST Cyber Security Framework (CSF).
Active participation in the security community, through online resources and in-person conferences.
Exposure to or personal interest in AI tools, GenAI platforms, or agentic developer tooling.

Responsibilities

Participate in AI security reviews of AI-enabled applications and services submitted through the enterprise intake process.
Support the assessment of AI-specific risks including prompt injection, data handling concerns, access controls, and integration risks under the guidance of senior engineers.
Assist in evaluating GenAI applications, LLM-based tools, and agentic AI services for security posture, data classification, and control alignment.
Support the development and documentation of AI security standards, policies, and guidelines aligned with NIST AI RMF, OWASP LLM Top 10, and internal frameworks.
Participate in API security tasks including API discovery, risk identification, and review of API architectures (REST, gRPC, microservices) with attention to APIs that serve or interact with AI systems.
Identify, evaluate, and help justify new solutions and controls to improve the enterprise security posture, including AI and API security tooling.
Evaluate application and network architecture to support business requirements, security best practices, policies, and standards.
Implement and support enterprise security solutions across the team’s tool portfolio.
Provide consultation to business and development teams on how to implement AI-enabled solutions securely.
Create documentation and diagrams for internal and external audiences, including AI security review records and risk summaries.
Conduct risk assessments, analyzing data from various sources and incorporating business needs to articulate risk.
Analyze data and build informational security reports from different sources for a multi-tier audience (e.g., Executive, Management, and Technical).
Participate in operational support for security platforms across identity, endpoint detection and response, internet access security, email security, endpoint privilege management, and cloud security.
Manage technical relationships with security software vendors within assigned areas.