Senior Application Security Engineer, AI & Product Security

Artera•Seattle, WA

1d•$146,000 - $175,000•Onsite

About The Position

Artera is seeking a hands-on Senior Application Security Engineer, AI & Product Security to work alongside our AI builders and Systems Engineers to threat-model agentic and LLM-powered features, harden PHI/PII-handling workflows, and ship the "paved road" tooling (secure SDLC guardrails, prompt/agent-identity patterns, SAST/DAST/SCA in CI/CD) that keeps innovation fast and safe. This is a frontier role. You'll be operating where AI security is still being defined — translating policy into code, building guardrails for agent identity and prompt/output filtering, and giving our team the logging, scanning, and safe tool-use patterns. Artera Security finds the secure path and ships it with our AI Builders and System Engineers. This role is based in our Seattle, WA office. In-person collaboration is intentional – you'll be working shoulder-to-shoulder with our AI builders, Systems Engineers, and security leadership as we build Artera's Seattle tech hub. This role supports federal-facing systems and contributes to enterprise security functions. Candidates must meet eligibility for a government background check and follow strict data protection, access control, and incident response protocols. Familiarity with regulatory frameworks is expected. Ongoing compliance training and evidence-based documentation may be required.

Requirements

6–10 years in Application Security, with a hands-on engineering orientation
Demonstrable experience with LLM and agent security — OWASP LLM Top 10, MITRE ATLAS, prompt/output filtering, agent identity, and tool-use risk
You’ve built end-to-end threat models for production platforms and translated them into corrective controls
SAST, DAST, and infrastructure scanning tools in production CI/CD environments
Taking policy, codifying it as infrastructure-as-code (Terraform), and gating CI/CD pipelines on security findings
Significant AWS experience (GCP or Azure background acceptable; AWS is learnable, but cloud depth is required)
Background in regulated environments — healthcare (HIPAA/HITRUST), federal (FedRAMP), or fintech (PCI)
Strong cross-functional communicator;able to partner with engineers and AI builders, find the secure path together.

Nice To Haves

Direct experience threat modeling agentic AI systems (rare — but if you have it, you're the cherry on top)
AWS Agent Core, MCP, or similar agent-platform exposure
Experience at a growth-stage company (~50–500 people) that has already adopted agentic AI
Background in fintech transitioning into agentic systems (a common path into this kind of work today)
Past ownership of an AI monitoring tool rollout or evaluation

Responsibilities

Threat-model agentic and LLM-powered features end-to-end: data ingress/egress, agent identity, tool-use boundaries, and the unique risks that come with frontier AI work
Build the secure SDLC paved road — secure SDLC guardrails, prompt/agent identity patterns, secrets management, PHI/PII redaction patterns
Embed SAST, DAST, SCA, and infrastructure scanning into CI/CD so security gates are part of the pipeline, not an afterthought
Identify and pilot an AI monitoring tool to fill the gap our current tooling (Zscaler) doesn't cover
Translate existing security policy into safe tool-use patterns for the Artera Primitives team, Systems Engineers, and other AI Builder squads
Partner cross-functionally with DevOps, Systems Engineering, and the AI builder teams — meeting AI Builders and engineers in the middle and finding the secure path forward, not the "no" path
Own AWS identity and access management patterns, secrets management, and security tooling decisions in our AWS environment. Collaborate with System Engineers / DevOps on implementation.
Apply frameworks like MITRE ATT&CK, MITRE ATLAS, OWASP Top 10, and OWASP LLM Top 10 to architectural decisions.