Staff Engineer, AI Security and Product Security

About The Position

Requirements

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field
• 10+ years of experience in product security or application security
• Proven track record securing complex products
• Deep understanding of security principles, threats, and countermeasures as they relate to product design and development
• Familiarity across standards and frameworks including OWASP, NIST, ISO/IEC 27001, and CVSS-based vulnerability prioritization
• Hands-on proficiency with penetration testing frameworks and tools (Metasploit, Burp Suite, Nmap, Wireshark)
• Proficiency in web application attack techniques (SQL injection, XSS, CSRF, OWASP Top Ten)
• Ability to simulate real-world attacks and assess their impact
• Expertise in one or more programming languages (e.g., Python, Java, C++)
• Strong command of secure coding practices, encryption standards, and integrating security tooling into CI/CD and development workflows
• Demonstrated experience securing AI/ML systems and LLM-powered or agentic products in production
• Familiarity with AI attack surfaces (prompt injection, data poisoning, model extraction, membership inference, RAG poisoning)
• Hands-on red-teaming of AI pipelines and agentic workflows
• Working knowledge of AI security frameworks (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, EU AI Act)
• Experience vetting third-party foundation models, open-source weights, and AI APIs as part of a structured supply chain security program
• Familiarity with securing ML infrastructure — including training pipelines, experiment tracking, model registries, and inference endpoints
• Experience designing least-privilege access controls for AI agents with external system or tool access
• Excellent communication and influencing skills
• Ability to drive security initiatives across engineering, legal, privacy, and executive stakeholders
• Ability to mentor teams on security best practices

Nice To Haves

• CISSP, OSCP, or GWAPT certifications
• AI-focused certifications such as GAISC, Offensive ML (OffSec), or cloud provider AI security tracks (AWS/GCP)

Responsibilities

• Define and lead product security strategy across web, mobile, API, cloud, infrastructure, and container security
• Conduct threat modeling, risk assessments, and security reviews throughout the development lifecycle with a strong shift-left focus
• Embed secure development practices by designing and implementing secure coding standards, encryption, and security testing methodologies
• Own Enterprise AI Security end-to-end, including securing LLM integrations, agentic pipelines, and ML model ingestion
• Defend against AI-specific threats (prompt injection, data poisoning, model extraction, RAG poisoning)
• Build AI incident response playbooks and red-team AI systems
• Secure the AI supply chain and MLOps infrastructure by vetting third-party foundation models, open-source weights, and AI APIs
• Partner with ML engineering to protect training pipelines, feature stores, and model serving endpoints
• Champion compliance and AI governance by operationalizing frameworks such as OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act requirements
• Collaborate with legal, privacy, and responsible AI teams to support audits and evolving regulatory expectations
• Evaluate and deploy security tooling, detect policy violations, and drive security outcomes
• Elevate the security culture across the organization by serving as a subject matter expert and mentoring engineering teams
• Lead incident response efforts from investigation through mitigation and prevention
• Maintain the security foundation through thorough documentation, including security requirements, guidelines, and incident response plans
• Perform hands-on penetration testing and code reviews

Benefits

• Annual bonus
• Equity compensation
• Comprehensive benefits package