Original listing text, shown exactly as published by the company.
Responsibilities
Vulnerability & Risk Management
- Perform vulnerability scanning, assessment, and remediation tracking across applications, networks, and cloud infrastructure.
- Investigate potential security risks in third-party tools and formulate best-practice documentation and guidance to reduce organizational risk.
- Maintains up-to-date knowledge of the latest CVEs, industry trends, and alerts from external security tools and scanners.
Cloud & Architecture Security
- Design, review, and enforce security controls across cloud environments (Azure, GCP, AWS) and container orchestration platforms (Kubernetes/Docker).
- Provide security architecture guidance on new initiatives, ensuring compliance with internal standards and industry frameworks (e.g., CIS, NIST, CSA CCM).
- Partner with internal stakeholders, IT and engineering teams to embed/enforce security requirements throughout the organization.
Security Operations & Tooling
- Implement, configure, and maintain security tools including SIEM, EDR, CSPM, and vulnerability management platforms.
- Monitor security events and alerts; lead investigation, triage, and response for incidents, and recommend mitigations and control improvements.
- Conduct forensic analysis following security incidents to determine root cause and scope of impact.
AI Security & Emerging Technologies
- Assess and mitigate security risks associated with AI/ML systems, including model tampering, data poisoning, adversarial inputs, and prompt injection vulnerabilities.
- Evaluate and establish security guardrails for AI-powered tools, APIs, and third-party integrations adopted by engineering and product teams.
- Integrate security controls into AI model development, training pipelines, and deployment workflows.
- Stay current with evolving AI threat landscapes (e.g., OWASP LLM Top 10, MITRE ATLAS) and translate findings into actionable security guidance.
Collaboration & Governance
- Collaborate with stakeholders to ensure security findings are remediated within defined SLAs.
- Develop, document, and enforce security policies, procedures, and best practices aligned with business and compliance requirements.
- Support security awareness training initiatives and contribute to tabletop exercises and incident response planning.
- Research emerging threats, vulnerabilities, and technologies; contribute findings to continuous security improvement programs.
- Provide mentorship and technical guidance to associate-level security engineers.
Requirements
- 5+ years of experience in security engineering, with demonstrated expertise in cloud security, threat modeling, and security engineering.
- Hands-on experience securing cloud environments across Microsoft Azure, Google Cloud Platform, and/or Amazon Web Services. Experience with Oracle and IBM Clouds is a plus.
- Practical experience with container and orchestration security (Kubernetes, Docker).
- 2+ years of experience using multiple generative AI technologies.
- Experience with scripting languages and knowledgeable of development practices
- Demonstrated ability to support vulnerability management programs and drive remediation with cross-functional teams.
Technical Skills
- Strong command of security principles, protocols, and technologies including IAM, network security, encryption, and zero trust architecture.
- Experience with security tooling such as SIEM platforms, EDR solutions, CSPM, EASM, and commercial vulnerability scanners.
- Familiarity with security frameworks and standards such as: NIST CSF, CIS Benchmarks, SOC 2, ISO 27001, ISO 42001, ISO, 27701, NIS2, and EU Cyber Essentials+.
- Working knowledge of AI/ML security risks and familiarity with frameworks such as OWASP LLM Top 10, MITRE ATLAS, or NIST AI RMF.
- Hands-on experience evaluating or securing LLM-based applications, AI APIs, or ML pipelines is a plus.
Soft Skills
- Highly motivated self-starter who can operate with limited supervision in a fast-paced environment.
- Excellent written and verbal communication skills, with the ability to convey technical risk clearly to both technical and non-technical audiences.
- Strong collaborative instincts and cross-functional partnership skills.
Certifications (Preferred)
- CISSP, CCSP, SSCP, AWS Security Specialty, Azure Security Engineer Associate, Microsoft Security Operations Analyst, CEH, GCSA, CKS, or equivalent cloud/security certifications are a plus.
- Certifications or training in AI security (e.g., GAISC, vendor-specific AI security courses) or demonstrated applied experience securing AI systems is a plus.
