Staff Information Security Engineer - AI First
New
R
Rithum LinkedIn BoardE-commerce, Security
United States - RemoteFull-TimeStaff
Salary$170,000-$220,000 per year
Apply NowOpens the employer's application page
Job Details
- Experience
- 5+ years
- Required Skills
- AWSPython
Requirements
- 5+ years of security engineering experience with demonstrated AI/ML security depth (prompt injection, model supply chain, adversarial inputs, RAG).
- Experience using AI tools (ChatGPT, Copilot, Claude, etc.) and LLM frameworks and APIs (OpenAI, Anthropic, LangChain, or similar).
- Hands-on identity and access expertise across modern enterprise and cloud identity stacks, including access models for AI systems and non-human identities.
- Infrastructure and policy-as-code (e.g. Terraform, OPA/Rego) and proficiency in a scripting language for automation (Python preferred).
- Cloud security expertise: AWS Solutions Architect / Security Specialty or equivalent demonstrated expertise.
- Application security (OWASP Top 10 and the OWASP LLM/GenAI Top 10, secure SDLC) and threat-modelling methodologies (STRIDE, PASTA, or equivalent).
- Practical experience building or operating AI agents, and integrating security tooling (SIEM, CSPM, SAST/DAST/SCA).
- Working knowledge of SOC 2 and/or ISO 27001 control frameworks.
Responsibilities
- Act as the bridge between architectural intent and operational reality; mediate conflicts between security requirements and feasible implementation, propose compensating controls where gaps exist and help register, track and remediate residual risks.
- Implement preventive, default-on security controls across cloud and enterprise environments, codified as policy- and infrastructure-as-code so security is enforced by design, including controls that govern how AI tools and models may be used.
- Implement and enforce identity and access controls to an agreed standard, including access boundaries for AI systems and non-human/agent identities by partnering with Platform Engineering and IT to align tooling and policy to the architecture.
- Assist in maintaining the InfoSec risk register; track emerging threats and translate them into actionable guidance for engineering teams.
- Support third-party and vendor risk assessments, with a focus on vendors who process data through AI pipelines.
- Automate repetitive security workflows (evidence collection, access reviews, alert enrichment) and build or operate AI-assisted security agents.
- Integrate security tooling (SIEM, CSPM, DAST/SAST, vulnerability scanners) with LLM layers to surface actionable insight and automated responses.
- Define and enforce security requirements for AI-powered features: model access controls, prompt-injection mitigations, output validation, and data-handling boundaries.
- Conduct threat modelling on agentic and LLM-based systems, accounting for novel attack surfaces such as tool misuse, indirect prompt injection, and supply chain risk.
View Full Description & ApplyYou'll be redirected to the employer's site
