Responsibilities
- Embed robust security practices throughout the software and AI development lifecycle (SDLC).
- Lead secure design reviews, threat modeling, and risk assessments for AI-driven products, APIs, and backend services.
- Partner with engineering and product teams to ensure security, privacy, and compliance by design.
- Build and maintain security automation and governance frameworks that integrate seamlessly into development workflows.
- Architect and enforce security controls for AI/ML systems, including model training, data pipelines, and inference environments.
- Identify and mitigate AI-specific attack vectors such as data poisoning, model inversion, prompt injection, and model theft.
- Collaborate with governance and compliance teams to align with ethical AI principles and frameworks like NIST AI RMF and the EU AI Act.
- Implement model provenance, integrity, and auditability controls to ensure responsible and secure AI operations.
- Partner with DevOps and SRE teams to secure service meshes, container networking, and secrets management.
- Drive software supply chain security, including artifact integrity, dependency management, and vulnerability reduction.
- Build internal frameworks for continuous assurance and real-time vulnerability management.
- Define and maintain reference security architectures for microservices, APIs, and AI-powered systems deployed in the cloud.
- Mentor teams on secure coding, containerization best practices, and AI risk management.
- Promote a security-first culture through advocacy, documentation, and training.
- Represent product security in cross-functional initiatives and leadership discussions.
Requirements
- 7+ years of experience in product, application, or cloud security engineering.
- Deep understanding of secure SDLC, threat modeling, and secure architecture design.
- Proven expertise with AWS cloud security concepts and best practices.
- Strong experience with container security, orchestration, and runtime protection.
- Proficiency in Python, Java, and/or JavaScript for security automation, code review, and tooling.
- Experience securing AI/ML pipelines, data workflows, or model-serving infrastructure.
- Familiarity with DevSecOps and continuous integration/deployment environments.
Nice to Have
- Experience with GCP or Azure cloud platforms.
- Knowledge of AI and LLM security
- Experience with software supply chain security and artifact integrity verification.
- Familiarity with compliance and governance frameworks (SOC 2, ISO 27001, NIST 800-53, NIST AI RMF).
- Certifications such as CKS (Certified Kubernetes Security Specialist), CISSP, CSSLP, or AI/ML-focused security credentials.
