Senior Security Engineer (AI)

TL;DR

Senior Security Engineer (AI): Lead application security strategy and implementation for conversational AI platform serving enterprise customers at scale with an accent on secure coding practices, threat modeling, and vulnerability management. Focus on integrating security into SDLC, establishing testing programs for AI applications, and building automation tooling.

Location: San Francisco (in-office)

Salary: $200K – $330K + Equity

Company

Leading conversational AI platform empowering brands to deliver personalized customer experiences across voice, chat, email, and SMS.

What you will do

• Design and implement application security controls including secure coding, threat modeling, and vulnerability management across AI agent platform
• Collaborate with product engineering to integrate security throughout SDLC from design to deployment
• Establish SAST, DAST, and IAST testing programs tailored for AI applications
• Lead security code reviews and architecture assessments with focus on AI integrations and customer data handling
• Build security tooling and automation to enable fast vulnerability remediation
• Respond to security incidents and coordinate post-incident improvements

Requirements

• 5+ years hands-on application security engineering experience
• Expertise in secure software development practices, threat modeling, secure code review, and vulnerability assessment
• Strong software engineering background to review code across languages and frameworks in AI/ML applications
• Experience implementing appsec testing tools and integrating security into CI/CD pipelines
• Knowledge of OWASP Top 10, common vulnerabilities, and modern appsec frameworks
• Proven track record remediating security findings while balancing security and business needs

Nice to have

• Experience securing AI/ML applications including prompt injection and adversarial protections
• Background with large-scale multi-tenant SaaS handling sensitive data
• Familiarity with Google Cloud appsec services and container security
• Knowledge of enterprise compliance like SOC 2, ISO 27001, GDPR from appsec perspective
• Experience with tools like Semgrep, CodeQL, Cursor Bug Bot, XBOW

Culture & Benefits

• In-office company with values: Just Get It Done, Invent What Customers Want, Winner’s Mindset, The Polymath Principle
• Take what you need vacation policy
• Medical, Dental, Vision, Life Insurance, Disability, 401K, Parental Leave, Fertility benefits
• Daily lunches and snacks in the office