Sr. Security Engineer, AppSec (AI/ML Security)

About the Role

You will drive platform security initiatives with a primary focus on securing AI/ML systems and models. You’ll partner with engineering, product, and data science teams to ensure robust security for AI-powered features and infrastructure, while maintaining coverage for traditional AppSec domains.

Responsibilities & Accountabilities

• AI Security Leadership: Lead the design and implementation of security controls for AI/ML models, pipelines, and data flows.
• Vulnerability Management: Ensure coverage of AI/ML and application vulnerabilities using SAST, DAST, dependency scanning, and specialized AI security tools.
• Threat Modeling & Red Teaming: Conduct comprehensive threat modeling and AI/ML red teaming exercises, including prompt injection, jailbreaking, adversarial attack simulations, and vulnerability assessments for AI systems. Assess risks such as adversarial attacks, model theft, data poisoning, privacy risks, and other emerging threats to AI/ML models and pipelines.
• Automation & Tooling: Build and maintain automation pipelines for AI/ML security testing and monitoring.
• Cross-Functional Collaboration: Partner with Engineering, Product, and Data Science to embed security into AI/ML development lifecycles.
• Incident Response: Support detection, triage, and remediation of AI/ML-specific security incidents.
• Training & Advocacy: Facilitate secure development training focused on AI/ML risks and best practices.
• Metrics & Reporting: Track and report status of vulnerabilities, including AI/ML-specific metrics (e.g., model robustness, data integrity).
• Program Ownership: Design and execute quarterly OKRs for AI/ML security initiatives.

Performance Measurement

• Demonstrates deep understanding of AI/ML security risks and mitigations.
• Leads identification, triage, and management of AI/ML and application security issues.
• Establishes routines for updating documentation, runbooks, and dashboards with AI/ML security content.
• Effectively communicates complex AI/ML security topics to technical and non-technical stakeholders.

Educational and Experience Requirements

• 5+ years in information security, with significant experience in application security and AI/ML security.
• Hands-on experience securing AI/ML models, pipelines, and data within the AI/ML SDLC.
• Familiarity with common AI/ML security threats (adversarial attacks, model inversion, data poisoning).
• Experience with security tools for AI/ML (e.g., Adversarial Robustness Toolbox, MLFlow security plugins).
• Development or scripting experience (Python preferred; experience with AI/ML frameworks a plus).
• Excellent communication skills.

Preferred Qualifications

• Bachelor’s degree in a related field.
• Relevant certifications (e.g., AIRTP+, CAISF, Microsoft AI Security Fundamentals, AWS Certified Security – Specialty, GIAC, CISSP, CEH are highly desirable).
• Experience working directly with software developers and data scientists to improve code/model security.

Competencies and Behaviors

• Establishes credibility among Engineering and Data Science counterparts.
• Advocates for AI/ML security best practices.
• Drives tasks to completion and maintains accuracy of information.
• Effective prioritization and escalation to management.