Senior Staff Platform and Product Security AI engineer

Adobe•San Jose, CA

About The Position

Adobe empowers individuals and organizations to create exceptional content effortlessly. We are looking for an experienced lead AI security engineer at the senior staff level. This person will define and champion all aspects of the security strategy and execution for AI-enabled product and technology frameworks within the Adobe Express product group. As a Senior Staff expert in AI security engineering, you will influence product teams security roadmaps, provide build-vs-buy recommendations and technology-enhanced security approaches across the business unit. The work should create durable mechanisms that help ship securely at scale. You will help move security from advisory mentorship to embedded controls: secure-by-default AI coding configurations, agent harness guardrails, automated SDLC checks and recommendations, AI security skills, sandboxed agent execution, and measurable vulnerability reduction before code reaches production.

Requirements

12+ years of experience in security engineering, with a track record of securing large-scale products and engineering platforms.
Deep product security fundamentals, including threat modeling, API security, input validation, SSRF prevention, vulnerability management, and secure SDLC practices.
Practical expertise in one or more languages such as Python, Java, TypeScript, Go, or similar.
Experience with AI/agent frameworks.
Experience maturing security ideas from prototype into production grade.
Outstanding communication skills, strong planning skills, and high attention to detail.
Strong judgment in balancing security, business, customer, and developer productivity needs.
Demonstrated technology leadership through strategy documents, technical talks, and conference submissions.

Nice To Haves

CISSP, CCSP, or an equivalent security certification would be advantageous.

Responsibilities

Architect secure-by-default guardrails for AI-assisted development.
Design and scale security guardrails for modern engineering workflows: CI/CD pipelines, policy-as-code, developer tooling, PR feedback, and secure-by-default platform patterns.
Define and enforce security controls for AI coding assistants and tools, including safer permissions, sandboxing, credential protections, across various surfaces including web, desktop, mobile and backend infrastructure.
Drive DevSecOps and automation across the SDLC, including PR feedback, SAST/SCA, secrets scanning, infrastructure-as-code review, container security, and SBOM intelligence.
Establish reusable security standards, security skills, secure coding rules, and paved-road patterns that product teams can adopt without inventing their own approach.
Lead production agent security including runtime prompt-injection defense, tool-use sandboxing, multi-tenant data isolation, agent output handling, and setting trust boundaries across services.
Lead security incident response.
Drive post-incident architecture changes to improve security posture of the application and the platform.
Partner with Product, Engineering, AI platform teams including Privacy, Legal, Trust and Safety to align security strategy with business priorities and customer outcomes.
Translate compliance requirements into engineering controls.
Track adoption, coverage, remediation speed, developer friction, and residual risk.
Use those metrics to influence roadmap decisions, and security culture programs.