AI Security Engineer

As a GenAI Security Engineer, you will develop and implement next-generation security controls to protect the firm’s agentic and human-in-the-loop GenAI systems. Specifically, you will:

• Build and run generative AI (GenAI) security controls for applications and platforms, including guardrails for model usage and API integrations.
• Secure agent/tool-calling and connector workflows, such as MCP or equivalent, to prevent tool abuse and data exfiltration.
• Lead AI threat modeling and risk assessments, maintaining threat models for prompt injection, jailbreaks, tool injection, data exfiltration, training data leakage, and supply chain risks, and driving mitigations.
• Define secure-by-default reference architectures for cloud-native and hybrid GenAI workloads, including network isolation and secrets handling.
• Develop and continuously improve monitoring and detection for anomalous AI behavior and unsafe outputs.
• Lead incident response and remediation for security events involving AI applications and/or data breaches.
• Translate policy and regulatory requirements into implementation, including governance artifacts, evidence collection, control testing, and audit-ready documentation
• Act as the GenAI security SME with other internal Technology teams, Compliance, and business stakeholders, staying current on evolving threats.

What’s required

• 6+ years of software engineering experience with strong coding experience in one or more general purpose languages, such as Python, Go, and/or Java.
• Experience building containerized services using Kubernetes.
• Experience with AI/ML and/or GenAI tools and technologies.
• Experience defining and implementing infrastructure and application pipelines.
• Expert understanding of software development methodologies and concepts.
• Ability to deliver robust, production-ready security controls for agentic GenAI systems and platforms, drive continuous improvement, advocate for safety and privacy-by-design, and communicate effectively with technical and business stakeholders.
• Comfort partnering across various internal teams, such as DevOps, MLOps, Product,Legal, and Compliance, to land guardrails without blocking delivery.
• Excellent organizational, communication, interpersonal, motivational skills in achieving business objectives.
• Background in cybersecurity, including threat modeling and broader security engineering practices.
• Commitment to the highest ethical standards.