AI Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Oversees AI Security Architecture & Secure Design initiatives by creating and implementing security controls throughout the lifecycle of data ingestion, training, evaluation, deployment, and monitoring environments to effectively minimize AI-specific risks while ensuring product development speed.

• Performs structured Threat Modeling & Risk Assessment exercises for generative AI, RAG, and agent-based systems, assessing risks such as prompt injection, data poisoning, model extraction, model inversion, abuse/misuse, and data leakage, and aligning results with OWASP Top 10 for LLM Applications, MITRE ATLAS, and NIST AI RMF to facilitate remediation with engineering teams.

• Establishes and operationalizes Monitoring, Detection & Incident Response capabilities for AI systems by implementing prompt and output telemetry, tool-call logging, anomaly detection, and AI-specific incident response playbooks integrated into SIEM/SOC workflows.

• Delivers quantifiable outcomes in line with 30-, 150-, and 210-day milestones, which include secure reference architectures, fortified AI environments, integrated security controls, and executive-ready reporting on AI risk mitigation and posture maturity.

• Develops and formalizes AI Governance, Privacy & Third-Party Risk requirements by setting security expectations for AI use cases, third-party models, vendor integrations, and sensitive data handling, embedding controls into SDLC, procurement, and engineering standards.

• Promotes Cross-Functional Collaboration & Enablement by working closely with Engineering, Data Science, DevSecOps, Product, Legal/Privacy, and SOC teams to establish a shared understanding of risk appetite, escalation procedures, and secure design guardrails while enhancing AI security maturity across the organization.

• Compiles inventories of current and upcoming AI/ML initiatives, documents system architectures and sensitive data touchpoints, and implements a systematic AI security intake and risk-rating procedure that ensures accountability and transparency.

• Crafts and communicates forward-looking 6- and 12-month AI security maturation plans that align technical priorities with business objectives and clearly convey risk trends, metrics, and investment requirements to Security leadership and the CISO.

• Integrates Secure MLOps / MLSecOps controls into AI delivery pipelines, which encompass secure model registries, artifact signing and provenance validation, dependency scanning, secrets management, CI/CD guardrails, and reinforced training and inference environments across AWS and Azure.

• Develops and scales AI Security Testing & Red Teaming workflows by designing repeatable adversarial evaluation plans for jailbreaks, model evasion, prompt injection, and data exfiltration scenarios, ensuring the ongoing effectiveness of security controls.

• Creates automated regression test harnesses to continuously validate AI security measures as models, prompts, and dependencies evolve, minimizing manual effort and enhancing coverage.

• Establishes a sustainable AI security operational rhythm that includes intake reviews, threat modeling checkpoints, remediation tracking, and structured monitoring ownership to introduce consistency and order to AI risk management.

• Enhances AI Security Testing & Red Teaming capabilities through adversarial experimentation and multi-dimensional analysis, proactively identifying emerging AI threat patterns before they impact production.

• Utilizes AI and automation to bolster testing coverage, automate regression validation, refine anomaly detection logic, and enhance the scalability of AI security monitoring and response.

• Continuously assesses emerging AI security research, tooling innovations, and regulatory changes, translating insights into adaptive defensive controls that support InvoiceCloud’s AI-first strategy while fostering responsible innovation.

⛳️ Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, Data Science, or a related field (or equivalent practical experience).

• 5+ years of experience in security engineering, application/product security, cloud security, or DevSecOps.

• 2+ years of experience building or securing AI/ML systems (including LLM-based applications) in production settings.

• Strong knowledge of AI/ML threats and defenses, including prompt injection, data poisoning, model extraction, model inversion, adversarial inputs, data leakage, and abuse/misuse scenarios.

• Experienced in integrating security into CI/CD and MLOps pipelines.

• Proficient with cloud platforms (AWS and Azure), container security, IAM, network segmentation, key management, and secrets management.

• Familiarity with industry standards such as OWASP GenAI/Top 10 for LLM Applications, MITRE ATLAS, and/or NIST AI RMF is preferred.

• Relevant certifications such as CISSP, CSSLP, CCSP, Azure Security certifications, or GIAC certifications are preferred.

🏝️ Benefits

• Base salary is one component of total compensation. Employees may also be eligible for an annual bonus or commission. Some roles may also qualify for overtime pay.