Principal Ai Cybersecurity Engineer

Summary of Position

The Principal AI Security Engineer is a senior technical leader on the AI Security team, responsible for designing, building, and operating security controls for generative AI and Machine Learning (ML) systems across their full lifecycle: data, training, deployment, and runtime.

This role is deeply hands-on: you will work directly with data science, MLOps, platform, devops and application teams to secure LLMs, RAG systems, AI agents, and AI-enabled products. You will also lead the intake and review process for AI use cases, helping the organization adopt AI safely and at scale in a highly regulated environment.

The ideal candidate combines:

* Strong security engineering and cloud architecture experience

* Deep, current familiarity with modern AI/LLM tooling and practices

* Familiar and can cover basic coding within the AI tooling space (python, others)

* The ability to communicate clearly with senior leadership and influence enterprise wide strategy

Essential duties and responsibilities:

Secure AI / ML platforms and workloads

• Lead security architecture and threat modeling for AI/ML systems, including LLMs, RAG pipelines, agents, and AI-powered applications.
• Design and implement security controls as code (services, libraries, infrastructure-as-code, policy-as-code) for AI/ML platforms and workloads.
• Lead and help setup the basic infrastructure needed to safely rollout AI - MCPs, LLMs, pipelines, Test harness for AI (ie: harmbench), intake automation.
• Partner with data science and MLOps teams to harden:
• Data ingestion and labeling
• Training and fine-tuning pipelines
• Model registries and deployment workflows
• Inference APIs, agents, and integrations
• Define and champion secure reference architectures and patterns for common AI use cases and focus on composable archiecture.

AI use case intake & governance

• Design, implement, and continuously improve the intake, triage, and review process for AI/ML and generative AI use cases across the organization.
• Build and automate self-service workflows (e.g., request forms, risk questionnaires, routing, approvals) that balance speed of delivery with security, privacy, and compliance with a focus on risk scoring and scorecards.
• Define risk-based criteria for AI use case approval, including data sensitivity, model and vendor selection, integration patterns, and control requirements; this will involve in re-mapping the complete end to end lifecycle.
• Review proposed AI solutions from concept through deployment, providing clear, actionable guidance to product and engineering teams.
• Maintain visibility into the AI use case portfolio and risk posture, and provide regular reporting to leadership and governance bodies.

Monitoring, detection & assurance

• Establish and maintain monitoring and detection for AI-specific threats, such as:
• Prompt injection and jailbreak attempts
• Data exfiltration and sensitive data exposure
• Misuse or abuse of AI tools and agents
• Anomalous model or pipeline behavior
• Integrate AI/ML systems with existing logging, SIEM, and incident response processes.
• Lead or participate in AI-focused security assessments, red-teaming, and adversarial testing; drive remediation and verification.

Strategy, leadership & enablement

• Help define and evolve the organization's AI security strategy, standards, and roadmap in partnership with Security, Engineering, Data, Legal, Privacy, and Risk.
• Translate global privacy, data sovereignty, and regulatory requirements into practical technical controls for AI workloads across multiple cloud environments.
• Prepare and deliver executive-ready briefings and narratives on AI security risks, controls, and progress.
• Mentor other engineers and serve as THE internal subject matter expert on AI/ML security, generative AI, and LLM-based systems.

Minimum Qualifications:

• 7+ years of experience in information security, security engineering, or related fields, including significant time building and securing production systems.
• 3+ years of hands-on experience with AI/ML technologies (such as LLMs, RAG, model training/fine-tuning, MLOps, or AI-powered products), including implementation of security controls or guardrails for these systems.
• Strong programming skills in one or more relevant languages (e.g., Python, TypeScript/JavaScript, Go, or similar), with a track record of contributing to production-grade tools, services, or libraries.
• Deep understanding of cloud security architecture and controls on at least one major cloud platform (AWS, Azure, or GCP), including identity, networking, secrets management, data protection, logging, and monitoring.
• Experience designing and implementing controls in a highly regulated environment; healthcare or financial services preferred.
• Demonstrated ability to lead complex technical initiatives across multiple teams, from problem definition through design, implementation, and adoption.
• Proven ability to communicate complex technical and risk topics clearly to both engineering teams and senior leadership.

Preferred Qualifications:

• Practical experience securing LLM- and genAI-based systems, such as:
  • RAG architectures backed by internal data
  • AI assistants, copilots, or agents integrated with enterprise tools
  • Fine-tuned models and model hosting platforms
• Experience with AI IDE tools
  • cursor, windsurfer, others
  • Knows the security problems and has practical solutions that balances innovation with innovation.
• Familiarity with AI/ML frameworks and ecosystems (e.g., TensorFlow, PyTorch, Scikit-learn) and/or modern LLM development stacks and IDEs (e.g., API-based LLMs, self-hosted models, AI-enhanced coding tools).
• Experience with:
  • Security for data pipelines, feature stores, and model registries
  • Detection engineering or SIEM tuning for AI-related events
  • Red-teaming or adversarial testing of AI systems
• Evidence of ongoing engagement with AI and security (such as side projects, open-source contributions, lab environments, publications, or conference talks).
• Familiarity with emerging AI security and safety standards and forward-looking industry guidance and horizon reports.
• Relevant certifications (e.g., cloud security, security engineering, or governance) are a plus.
• Strong analytical and problem-solving skills, with the ability to operate effectively in a fast-evolving technical and regulatory landscape.
• High level of integrity and ethical conduct.