Staff Product Security Engineer (AI/ML)

207 000 - 280 000$

Формат работы

onsite

Тип работы

fulltime

Грейд

lead

Английский

Страна

Вакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:

TL;DR

Staff Product Security Engineer (AI/ML): Leading the design and deployment of security capabilities for traditional application security and AI/ML systems with an accent on secure development lifecycles and AI-specific risk mitigation. Focus on building secure-by-default automation, operationalizing continuous assurance for agentic workflows, and hardening cloud-native infrastructure.

Location: Charlotte, North Carolina or Oakland, California

Salary: $207,000 – $280,000

Company

hirify.global is a global financial technology platform powering prosperity for approximately 100 million customers worldwide through products like TurboTax, Credit Karma, and QuickBooks.

What you will do

Lead security architecture reviews and threat modeling for cloud-native apps, APIs, and AI/ML systems including agents and MCP servers.
Implement and mature security controls across the SDLC and AI lifecycle, covering SAST, DAST, and SCA.
Develop "secure-by-default" automation, policy-as-code, and CI/CD gates to reduce vulnerabilities.
Evaluate and integrate open-source and vendor AppSec and AI security tooling for prompt safety and runtime monitoring.
Define enterprise security standards and communicate risks and roadmaps to leadership.

Requirements

6+ years of experience in product or application security for large-scale systems.
Proven track record of operationalizing security tooling and automation within CI/CD pipelines.
Practical understanding of AI/ML workflows, including model registries, RAG, and agent frameworks.
Deep knowledge of OWASP Top 10 and modern cloud-native threats.
Proficiency in one or more: Python, Go, Java, TypeScript/Node, Rust, or Scala.

Nice to have

Experience securing agentic workflows, tool calling, and MCP servers.
Familiarity with LLM platforms (GPT, Gemini, Claude) and prompt injection mitigations.
Knowledge of provenance controls, SBOMs, and SLSA build practices.
Experience with GCP, AWS, Azure, Kubernetes, and Vault.
Strong cryptography fundamentals and real-world usage (TLS, HMAC, key management).

Culture & Benefits

Competitive compensation package with a strong pay-for-performance rewards approach.
Eligibility for cash bonuses and equity rewards.
Comprehensive corporate benefits for full-time employees.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →