Senior Security Engineer, AI Model and Application

Company Overview
ImmunityBio, Inc. (NASDAQ: IBRX) is a commercial-stage biotechnology company developing cell and immunotherapy products that are designed to help strengthen each patient's natural immune system, potentially enabling it to outsmart the disease and eliminate cancerous or infected cells. We envision a day when we no longer fear cancer, but can conquer it, thanks to the biological wonder that is the human immune system. Our scientists are working to develop novel therapies that harness that inherent power by amplifying both branches of the immune system, attacking cancerous or infected cells today while building immunological memory for tomorrow. The goal: to reprogram the patient's immune system and treat the host rather than just the disease.

Why ImmunityBio?
* ImmunityBio is developing cutting-edge technology with the goal to transform the lives of patients with cancer and develop next-generation therapies and vaccines that complement, harness and amplify the immune system to defeat cancers and infectious diseases.
* Opportunity to join a publicly traded biopharmaceutical company with headquarters in Southern California.
* Work with a collaborative team with the ability to work across different areas of the company.
* Ability to join a growing company with professional development opportunities.

Position Summary

The Senior Security Engineer AI Model and Application is a hands-on, systems-level role at the intersection of security engineering and artificial intelligence, involving close interaction with ML engineering, product, platform, and SOC/security operations teams. The Senior Security Engineer will serve as the subject matter expert (SME) in AI and LLM security across the organization, owning end-to-end security of AI systems - from data and training pipelines to inference endpoints and user-facing features. This role will support security leadership in driving threat modeling, adversarial testing, red teaming, and the implementation of secure-by-design AI features in alignment with applicable regulatory frameworks including NIST AI RMF, NIST CSF, and SOC 2 Type 2.

Essential Functions

• Design, implementation, and maintenance of security controls across the full AI/ML lifecycle, including training data validation, model registry policies, deployment guardrails, and production monitoring for anomalous model behavior.
• Develop and maintain comprehensive threat models for AI/ML systems, covering prompt injection, data leakage, model evasion and extraction, data poisoning, and agent hijacking scenarios.
• Lead red teaming and adversarial testing of LLMs and agentic workflows - including jailbreak attempts, prompt injection, output manipulation, and business logic abuse - and drive remediation with engineering teams.
• Partner with ML engineers to embed security into model development pipelines, including secure training, evaluation, and deployment processes, as well as secure use of RAG architecture, tooling integrations, and multi-agent workflows.
• Implement and define policies for safe prompt and response handling, including PII and sensitive content detection, output filtering, and usage logging to support investigations and compliance requirements.
• Work with security engineering to integrate AI telemetry into SIEM, EDR, and SOC workflows; define and maintain runbooks for AI-related security incidents and forensic investigations.
• Lead the creation, modification, and maintenance of AI security documentation, including threat model reports, security specification documents, SOPs, data flow diagrams, and network topology documentation.
• Stay current on AI-specific attack techniques, emerging tooling, and relevant frameworks (NIST AI RMF, OWASP LLM Top 10, MITRE ATLAS, secure AI development guidelines) and translate findings into internal standards and controls.
• Consult and collaborate with cross-functional SMEs across ML, Product, Platform Engineering, Legal, and Compliance to influence security design decisions and ensure operability and technical feasibility.
• Provide technical mentoring and oversight to less experienced security engineers responding to and investigating AI-related security issues.
• Create, edit, and adhere to Standard Operating Procedures (SOPs), security playbooks, and standardized documentation templates.
• Perform ad-hoc and cross-functional projects assigned to support business needs and provide developmental opportunities.

Education & Experience

• Bachelor's degree in Computer Science, Information Security, Engineering, or a related field with 7+ years of relevant experience is required.
• 5+ years of experience in application security, product security, or offensive security, including hands-on threat modeling and secure design for complex systems, is required.
• Practical, demonstrated experience assessing or attacking AI/ML or LLM systems (e.g., prompt injection, model abuse, data exfiltration via LLMs, or adversarial examples) is required.
• Experience working within or alongside regulated industries with compliance obligations (e.g., NIST AI RMF, SOC 2, ISO 27001) is preferred.
• Experience with RAG pipelines, vector databases, or agent frameworks and their associated security risks is preferred.

Knowledge, Skills, & Abilities

• Excellent interpersonal skills and ability to work effectively in a cross-functional team environment spanning security, ML, and product disciplines.
• Excellent technical writing, communication, and organizational skills, with the ability to translate complex security risks into clear trade-offs and actionable requirements for non-security stakeholders.
• Strong proficiency in Python and familiarity with modern ML/LLM frameworks (e.g., LangChain, LlamaIndex, Hugging Face, OpenAI API).
• Solid understanding of common web and API security vulnerabilities (OWASP, authentication and authorization, rate limiting, abuse prevention) and how they manifest in AI-powered applications and agents.
• Strong knowledge of AI-specific threat frameworks including NIST AI RMF, OWASP LLM Top 10, and MITRE ATLAS.
• Strong data analytics skills with experience integrating AI telemetry into security monitoring and detection workflows.
• Strong leadership skills with the ability to drive security initiatives independently and mentor junior team members.

Working Environment / Physical Environment

• This position works on-site or remote based on the candidate's geographic location.
• Regular work schedule is Monday - Friday, within standard business hours. Flexibility is available with manager approval.
• Must possess mobility to work in a standard office setting and to use standard office equipment, including a computer.
• Lift and carry materials weighing up to 30 pounds.

This position is eligible for a discretionary bonus and equity award. The annual base pay range for this position is below. The specific rate will depend on the successful candidate's qualifications, prior experience as well as geographic location.

National Market (all markets unless identified as Premium)

$135,000 (entry-level qualifications) to $150,000 (highly experienced) annually

Premium Market (Premium markets include Los Angeles, San Diego, San Francisco, New York City, Chicago, & Boston)

$144,000 (entry-level qualifications) to $160,000 (highly experienced) annually

The application window is anticipated to close on 60 days from when it is posted or sooner if the position is filled or closed.

ImmunityBio employees are as valuable as the people we serve. We have built a resource of robust benefit offerings to best support the total wellbeing of our team members and their families. Our competitive total rewards benefits package, for eligible employees, include: Medical, Dental and Vision Plan Options * Health and Financial Wellness Programs * Employer Assistance Program (EAP) * Company Paid and Voluntary Life/AD&D, Short-Term and Long-Term Disability * Healthcare and Dependent Care Flexible Spending Accounts * 401(k) Retirement Plan with Company Match * 529 Education Savings Program * Voluntary Legal Services, Identity Theft Protection, Pet Insurance and Employee Discounts, Rewards and Perks * Paid Time Off (PTO) includes: 11 Holidays * Exempt Employees are eligible for Unlimited PTO * Non-Exempt Employees are eligible for 10 Vacation Days, 56 Hours of Health Pay, 2 Personal Days and 1 Cultural Day * We are committed to providing you with the tools and resources you need to optimize your Health and Wellness.

At ImmunityBio, we are an equal opportunity employer dedicated to diversity in the workplace. Our policy is to provide equal employment opportunities to all qualified persons without regard to race, gender, color, disability, national origin, age, religion, union affiliation, sexual orientation, veteran status, citizenship, gender identity and/or expression, or other status protected by law.