Security Engineer - AI Applications
Indexed description
The Senior Product Security Engineer, AI Applications will serve as a senior technical member of the Product Security Team and lead highly technical security reviews across our client's commercial digital product portfolio. This role reviews the full product lifecycle and technology stack, including AI-enabled applications, web and mobile applications, APIs, cloud IaaS/PaaS architectures, SaaS platforms, IoT-connected solutions, data integrations, third-party software, and customer-facing product components.
The Senior Product Security Engineer, AI Applications will combine advanced application/product security expertise with AI-specific security skills to perform risk assessments, threat modeling, secure architecture reviews, application security testing, secure code/dependency review, and SSDLC standards development. The role will evaluate AI risks such as prompt injection, adversarial ML, data/model leakage, model theft, data integrity, bias-related risk indicators, AI supply chain exposure, and secure use of copilots, agents, plugins, and automation workflows.
Required Skills and Experience
•5+ years of hands-on experience as a software developer, senior developer, application security engineer, product security engineer, or similar technical role supporting modern application architectures.
•3+ years of experience performing application security assessments, secure architecture reviews, threat modeling, vulnerability assessments, penetration test coordination, or technical product security reviews.
•Hands-on experience with SSDLC, DevSecOps, SAST, DAST, SCA, SBOM, API security, container security, secrets scanning, secure CI/CD pipeline controls, and remediation workflows.
•Hands-on experience with Microsoft Azure and AWS cloud security, including native cloud security services, IaaS/PaaS security patterns, cloud posture management, and secure workload configuration.
•Strong understanding of IAM across Azure and AWS, including OAuth 2.0, OIDC, SSO, B2C/B2B identity patterns, service principals, workload identities, Azure Managed Identity, and privileged access patterns.
•Hands-on scripting and automation experience with Python and shell scripting for security testing, data/log analysis, automation, and security tool integration.
•Experience assessing AI/ML or generative AI-enabled capabilities, including LLM integrations, prompt injection, data/model leakage, model abuse, model extraction/theft, vendor/model risk, AI threat modeling, and secure AI design patterns.
•Understanding of adversarial machine learning concepts, including evasion, poisoning, insecure model inputs/outputs, model extraction, model leakage, and abuse of AI agents, tools, or plugins.
•Working knowledge of network security fundamentals, including TCP/IP, OSI model, firewalls, IDS/IPS, network segmentation, web/application protocols, and secure service-to-service communication.
•Knowledge of identity and access management, encryption, secure API design, secrets management, secure SDLC practices, vulnerability management, logging/monitoring, privacy/security-by-design, and cloud security architecture.
•Demonstrated ability to identify, explain, prioritize, and drive remediation of complex application, cloud, AI, identity, and product security risks with engineering and product teams.
Day-to-Day
•Lead product security risk assessments across our client's commercial digital products, including AI-enabled applications, web/mobile applications, APIs, SaaS platforms, cloud services, containers, IoT solutions, endpoints, network-connected components, and third-party software.
•Develop, maintain, and mature SSDLC standards, secure design patterns, application security requirements, AI security requirements, and product security procedures aligned to practical engineering workflows.
•Perform hands-on threat modeling for applications, APIs, cloud architectures, data flows, AI/ML integrations, LLM-enabled features, copilots, agents, automation workflows, and external service integrations.
•Assess AI/ML models and AI-enabled workflows for vulnerabilities, adversarial ML risks, evasion, poisoning, model extraction/theft, prompt injection, insecure output handling, data/model leakage, data integrity weaknesses, bias-related risk indicators, and control effectiveness.
•Evaluate AI governance, ethical-use, privacy, data lineage, training/evaluation dataset controls, production monitoring, vendor/model risk, and secure AI data pipeline practices in partnership with product, privacy, risk, and compliance teams.
•Conduct technical security reviews using SAST, SCA, SBOM, DAST, secrets scanning, API security, container security, cloud security posture, vulnerability management, and AI security evaluation tools.
•Use and help operationalize platforms such as Snyk, Wiz, GitHub Advanced Security, DAST tooling, threat modeling tools, SBOM/SCA tooling, CI/CD security tooling, native Azure/AWS security services, SIEM/log analysis tools such as Elastic, and AI security evaluation tools.
•Partner with software engineering and DevSecOps teams to integrate security controls, test gates, evidence collection, automated response workflows, and remediation tracking into CI/CD pipelines and product release processes.
•Review identity, access, and secure communication architectures, including IAM, OAuth 2.0, OIDC, SSO, B2C/B2B identity patterns, service principals, workload identities, Azure Managed Identity, privileged access, encryption, secure APIs, secrets management, logging/monitoring, and service-to-service communication.
•Analyze application, cloud, API, container, endpoint, and AI security telemetry to support threat detection, anomalous behavior investigation, incident triage, containment support, product risk decisions, and prioritized remediation plans.
•Translate technical findings into concise remediation guidance, risk decisions, standards updates, metrics, and leadership-ready summaries for product, engineering, security, customer-facing, risk, and compliance stakeholders.
•Support customer-facing cybersecurity discussions, questionnaires, and technical documentation related to client commercial product security, AI security controls, product architecture, and SSDLC practices.
•Stay current on application security, AI security, adversarial ML, cloud security, DevSecOps, vulnerability management, secure coding, threat intelligence, and relevant frameworks and standards including NIST, OWASP, CIS, ISO 27001, SOC 2, and ISO/IEC 5338.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search