Staff Engineer Security
Remote · Georgia, United States
Job Summary
Staff product security engineer will define, implement, and scale security across the full lifecycle of AI/ML systems; lead the design of secure AI architectures, identify and mitigate AI-specific risks, and partner with cross-functional teams to ensure AI capabilities are developed and deployed securely and in compliance. Responsibilities include identifying, assessing, and mitigating AI-specific security risks (model poisoning, adversarial attacks, prompt injection, model inversion, data leakage, supply chain vulnerabilities); conducting threat modeling and security architecture reviews for AI/ML systems, APIs, and third-party AI services; defining and operationalizing AI security standards, controls, and guardrails aligned with industry frameworks (e.g., NIST AI RMF, OWASP Top 10 for LLMs); supporting governance policies, risk management, and regulatory compliance; embedding security controls throughout the development lifecycle; evaluating third-party AI vendors and open-source models; mentoring security engineers, ML engineers, and product teams; influencing secure AI practices and communicating risk-based recommendations to senior leadership; staying current on AI threats and defense techniques; contributing to long-term AI security strategy and roadmap; and driving organizational readiness.
Required Qualifications
- Bachelor's degree in computer science, Information Security, Engineering, or a related field (or equivalent practical experience)
- 10+ years of experience in application security, product security, or security engineering
- Direct experience securing AI/ML systems, LLM-based applications, or data science platforms
- Familiarity with AI security frameworks (e.g., NIST AI RMF, OWASP Top 10 for LLMs)
- Hands-on experience with secure SDLC practices (e.g., threat modeling, SAST, DAST, and penetration testing)
- Strong understanding of AI/ML concepts and associated security risks
- Experience with cloud platforms (e.g., AWS, Azure) and modern development practices (CI/CD, DevSecOps)
- Knowledge of privacy, regulatory, and compliance requirements applicable to AI systems (e.g., HIPAA, SOC2, HITRUST)
- Experience building or deploying security tooling for AI platforms
- Experience translating technical risks into business context and influencing stakeholders
- Excellent communication, collaboration, and problem-solving skills
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.