Jobs · Information Technology · Texas

AI Cybersecurity Engineer

Upbound Group · Plano, TX · 1 wk ago
Information TechnologyFull-time

Role Summary

We are seeking a forward-thinking AI Cybersecurity Engineer to join our Security team. This role sits at the convergence of Zero Trust architecture, Generative AI, agentic systems, and modern security engineering. The AI Cybersecurity Engineer will design, build, and operationalize next-generation AI-driven security capabilities - including autonomous security agents, Retrieval-Augmented Generation (RAG) pipelines, and Model Context Protocol (MCP) integrated toolchains - to protect our infrastructure, data, and users against an ever-evolving threat landscape. This role is critical to enabling safe, responsible AI adoption across our brands while maintaining the trust of the consumers we serve.

Key Responsibilities

  • Apply Zero Trust principles to AI agents, ensuring agents operate under strict least-privilege policies with scoped, time-limited credentials.

  • Secure GenAI deployments including LLM APIs, fine-tuned models, and foundation model integrations against threats such as prompt injection, jailbreaking, training data poisoning, and model inversion attacks.

  • Build and maintain guardrails, content moderation layers, and output validation pipelines for GenAI systems and LLMs used in security and business workflows.

  • Conduct adversarial red-teaming of GenAI systems, agent platforms, and LLMs to identify exploitable behaviors, unsafe outputs, and data exfiltration risks; develop remediation playbooks.

  • Secure multi-agent systems (MAS) that autonomously perform security tasks such as threat hunting, incident triage, vulnerability scanning, and policy enforcement.

  • Define agent trust boundaries, inter-agent communication security, and human-in-the-loop (HITL) checkpoints to prevent runaway or adversarially hijacked agent behavior.

  • Implement agent observability frameworks - logging, tracing, and auditing all agent decisions, tool calls, and external API interactions for forensic and compliance purposes.

  • Assess and mitigate agentic-specific attack surfaces including goal hijacking, tool misuse, privilege escalation via chained tool calls, and unintended data exfiltration.

  • Implement Model Context Protocol (MCP) security controls in enterprise environments, including mTLS for server communication, secrets management for server credentials, and rate limiting for tool invocations.

  • Evaluate, harden, and govern the use of MCP servers that expose enterprise tools and data to AI agents - treating each MCP server as a security boundary requiring authentication, authorization, and audit logging.

  • Design RAG pipeline monitoring and anomaly detection to identify unusual retrieval patterns, high-entropy queries indicative of extraction attacks, and drift in retrieved context quality.

  • Develop ML models for real-time threat detection, behavioral anomaly detection, and user/entity behavior analytics (UEBA) across network, endpoint, and cloud telemetry.

  • Create LLM-powered SOAR integrations that automate alert triage, root cause analysis, runbook execution, and stakeholder communication using natural language generation.

  • Create GenAI-assisted threat hunting workflows that allow analysts to query security data in natural language, with results grounded in live telemetry via RAG.

  • Embed AI security controls (input validation, output filtering, adversarial testing) into CI/CD pipelines for AI systems alongside traditional DevSecOps practices.

  • Contribute to AI Bill of Materials (AI-BOM) tracking - a comprehensive inventory of all deployed models, dependencies, training data sources, agents, MCP servers, and RAG pipelines - to support supply chain security and compliance audits.

  • Produce threat models, security architecture reviews, and risk assessments for AI-enabled products; maintain living documentation as systems evolve.

  • Integrate AI-driven tools into daily engineering work to enhance decision-making quality and accelerate innovation across deliverables.

Required Qualifications

  • 5+ years of experience in cybersecurity engineering, with at least 2 years of hands-on experience in AI/ML security, GenAI systems, agentic platforms, and LLM application development.

  • Deep understanding of Zero Trust architecture principles (NIST SP 800-207) and hands-on experience implementing controls in cloud-native or hybrid environments.

  • Hands-on experience with cloud security in at least one major cloud platform (AWS, Azure, or GCP), including cloud-native IAM, Cloud Security Posture Management (CSPM), and cloud AI service security controls.

  • Experience implementing Data Loss Prevention (DLP) controls within AI pipelines, including mechanisms to detect and block sensitive consumer data - such as PII, SSNs, and payment card information from being transmitted to external LLMs or stored in AI system logs; familiarity with data residency requirements and privacy-preserving techniques (e.g., tokenization, redaction) as applied to GenAI workflows.

  • Demonstrated experience securing LLM-based applications, including prompt injection defenses, output validation, and responsible AI guardrails.

  • Familiarity with agentic AI frameworks (LangChain, LangGraph, AutoGen, CrewAI, or equivalent) and the security risks associated with autonomous multi-agent systems.

  • Strong Python proficiency; experience with ML frameworks (PyTorch, TensorFlow, Hugging Face transformers) and security data pipelines.

  • Experience with SIEM/SOAR platforms (Rapid7, Microsoft Sentinel) and integrating AI capabilities into security operations workflows.

  • Working knowledge of identity and access management (IAM), OAuth 2.0 / OIDC, and secrets management (HashiCorp Vault, AWS Secrets Manager, Secret Server) in the context of AI system authentication.

  • Familiarity with MITRE ATT&CK, MITRE ATLAS (adversarial threats to AI/ML systems), and OWASP LLM Top 10.

  • Excellent communication skills; able to translate complex AI security risks for executive, legal, and non-technical audiences.

  • Experience developing and executing incident response procedures specific to AI systems, including response plans for model compromise, agent misbehavior events, and data exfiltration through LLM outputs.

  • Demonstrated ability to author enforceable security policies and standards, including acceptable use frameworks, data classification guidelines, and AI security control baselines applicable across engineering and business teams.

Preferred Qualifications

  • Hands-on experience with Model Context Protocol (MCP) security controls in enterprise environments.

  • Direct experience deploying or securing Claude Enterprise or a comparable enterprise AI assistant platform, including API security hardening, usage policy governance, role-based access controls, and audit logging configuration.

  • Experience conducting structured AI red-teaming exercises against LLMs, RAG systems, or autonomous agents, including goal hijacking and tool misuse scenarios.

  • Knowledge of adversarial ML (evasion, poisoning, model extraction) and model interpretability techniques (SHAP, LIME, attention visualization).

  • Experience with AI governance, AI auditing, and compliance frameworks including NIST AI RMF, ISO 42001, or SOC 2 Type II for AI systems.

  • Relevant certifications: CISSP, CISM, CEH, AWS/Azure/GCP Security Specialty, or emerging AI security credentials.

Similar jobs

AI Cybersecurity Engineer

InvenergyChicago, IL· 2 wk ago
Information Technology$137k–$160k/yrapply on invenergyllc.wd1.myworkdayjobs.com

AI Cyber Engineer

Ampcus IncChantilly, VA· 3 wk ago
Information Technologyapply on www1.jobdiva.com