Staff Information Security Engineer - AI First

Accountabilities

• Act as the connective layer between architectural security intent and real-world implementation, resolving gaps by designing compensating controls and tracking residual risks within structured risk frameworks.
• Build and enforce preventive, always-on security controls across cloud and enterprise environments using infrastructure-as-code and policy-as-code approaches, including governance for AI tools and model usage.
• Design and manage identity and access controls across human, non-human, and AI agent identities, ensuring least-privilege access and secure boundaries in collaboration with platform and IT teams.
• Maintain and evolve the information security risk register, translating emerging threats—especially AI-related risks—into actionable engineering guidance.
• Lead automation of security operations workflows, including access reviews, evidence collection, alert enrichment, and AI-assisted security agents with controlled human-in-the-loop safeguards.
• Integrate and enhance security tooling (SIEM, CSPM, SAST/DAST, vulnerability scanners) with LLM-driven intelligence to improve signal quality and response efficiency.
• Define and enforce security requirements for AI-powered systems, including prompt injection defenses, data handling constraints, output validation, and model access governance.
• Perform threat modeling for LLM and agent-based systems, identifying novel attack surfaces such as tool misuse, indirect prompt injection, and supply chain vulnerabilities.

Requirements

• 5+ years of security engineering experience with strong exposure to AI/ML security domains such as prompt injection, adversarial inputs, model supply chain, and RAG architectures.
• Hands-on experience leveraging AI tools (e.g., ChatGPT, Copilot, Claude) and LLM frameworks/APIs (OpenAI, Anthropic, LangChain, or similar) to enhance engineering productivity.
• Deep expertise in identity and access management across modern cloud environments, including governance for non-human and agent-based identities.
• Strong background in infrastructure-as-code and policy-as-code (e.g., Terraform, OPA/Rego) and automation using Python or similar scripting languages.
• Proven cloud security expertise (AWS or equivalent), including multi-account governance, preventive guardrails, and secure architecture design.
• Experience with application security principles (OWASP Top 10 and OWASP LLM/GenAI Top 10), secure SDLC, and structured threat modeling methodologies.
• Familiarity with security frameworks such as SOC 2 and/or ISO 27001.
• Strong communication skills with the ability to translate complex technical risks into clear engineering and business guidance.
• Preferred: experience building AI agents in production, red teaming/AI security research, privacy-by-design (GDPR/CCPA), and security certifications (AWS, CCSK, or similar).

Benefits

• Competitive base salary range: $170,000 – $220,000 annually (U.S. market aligned)
• Annual discretionary bonus of approximately 12% of base salary
• Comprehensive medical, dental, and vision coverage starting Day 1 with HSA contributions
• 6% 401(k) employer match
• Remote-first work environment with flexibility and strong work-life balance support
• Generous PTO package including paid holidays, sick leave, wellness days, and volunteer day
• Paid parental leave (12 weeks primary caregiver, 4 weeks secondary caregiver)
• Life insurance, disability coverage, and additional voluntary insurance options
• Wellness and mental health support, including access to Calm and Employee Assistance Program
• Remote work stipend ($65/month) for internet and home office support
• Career development, tuition assistance, and internal growth opportunities
• Charitable donation matching up to $250 annually
• Additional perks including pet insurance, identity theft protection, and legal assistance plans.

How Jobgether works: We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best! Why Apply Through Jobgether?

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

#LI-CL1