Senior Security Engineer, AI/ML

About The Position

Requirements

• 6+ years of combined experience across software engineering / machine learning and security research, penetration testing, or exploit development, with a focus on application or cloud security.
• Strong programming skills in Python, including building APIs and backend components, plus scripting and automation for testing and PoC development.
• Experience training ML models using Scikit-learn, TensorFlow, or PyTorch, and a strong working knowledge of LLM architectures (transformers, embeddings, fine-tuning, RAG).
• Hands-on experience with LangChain, LlamaIndex, or other GenAI frameworks, and with building multi-agent or autonomous AI workflows.
• Familiarity with GenAI-specific risks such as prompt injection, model evasion, hallucination-based exploits, data leakage, or model theft, and with LLM deployment scenarios (e.g., OpenAI, HuggingFace, custom-hosted models) and their threat surfaces.
• Ability to analyze logs, API interactions, inference responses, and prompt chains to identify anomalous or risky behavior.
• Working knowledge of SQL, Pandas, and large-scale data processing, with experience developing and deploying ML systems in Agile environments.
• Strong analytical mindset, excellent technical writing skills, and familiarity with responsible disclosure practices, bug bounty programs, or security research ethics.

Nice To Haves

• Background in AI/ML security red teaming or adversarial ML.
• Knowledge of vector database risks, insecure RAG pipelines, model fingerprinting, and AI model supply chain attacks.
• Experience using or contributing to tools such as AutoGen, CrewAI, MetaGPT, Guardrails.ai, LLM Guard, or Tracer.
• Familiarity with LLMs such as GPT-4, Claude, Mistral, LLaMA, or Falcon, and integrating them via APIs.
• Experience with cloud platforms (AWS, GCP, Azure), containerized deployments, and MLOps tooling for monitoring, retraining, and CI/CD automation.
• Familiarity with Secure SDLC and threat modeling frameworks (e.g., STRIDE, MITRE ATLAS) and AI-specific security checklists.
• Publications or presentations at conferences such as Black Hat, DEF CON, USENIX, NeurIPS, or OWASP, and contributions to AI/ML projects in security, compliance, or enterprise applications.

Responsibilities

• Build and deploy GenAI applications using LangChain, LlamaIndex, or similar frameworks, and orchestrate agentic AI workflows with tools such as AutoGen, CrewAI, or custom agent-based architectures.
• Design, train, and evaluate ML models from scratch, spanning both classical ML and deep learning, and develop end-to-end pipelines for ingestion, preprocessing, training, evaluation, and deployment.
• Implement and optimize RAG pipelines using embeddings and vector databases (e.g., FAISS, Pinecone, Qdrant), with security and data-leakage controls built in from the start.
• Write robust backend APIs in Python to serve models, process data, and integrate with cloud infrastructure; monitor model performance, latency, and accuracy in production and iterate continuously.
• Conduct in-depth research on security vulnerabilities in LLMs and AI systems, including prompt injection, jailbreaks, data leakage, model theft, and adversarial attacks.
• Design and execute offensive security assessments and red teaming campaigns against GenAI and ML-powered systems, including the agentic pipelines built in-house.
• Identify and classify novel threat vectors targeting model inference, training pipelines, and model-serving architectures.
• Contribute to and build internal tooling for scanning, fuzzing, and automating LLM vulnerability discovery.
• Collaborate cross-functionally with product and engineering teams to design secure AI-powered features and define hardening strategies.
• Develop proof-of-concepts, technical whitepapers, or blog posts on emerging threats and best practices; monitor threat intelligence and academic research on AI model security and supply chain risks.
• Represent Qualys in security and AI research communities through speaking, publishing, or standardization efforts, and mentor engineers on secure AI development.

Benefits

• healthcare
• retirement plans