AI Security Engineer
About the role
tms unites technology, marketing, and sourcing to drive transformational change for the world’s leading brands. As an AI Security Engineer, you will play a pivotal role in shaping the security landscape for world-renowned brands within a culture that values innovation, authenticity, and inclusion.
Roles and Responsibilities
- AI Engineering Security
- Evaluate AI tools, models, and platforms for security risk, including prompt injection vulnerabilities, data leakage, model output integrity, and supply chain risks.
- Develop and enforce security standards for AI-assisted development workflows, including LLM-integrated CI/CD pipelines and code generation tools.
- Assess AI API integrations and third-party model usage for data handling compliance, authorization controls, and audit logging.
- Participate in the design and review of AI-powered internal tooling and automation, ensuring security requirements are embedded from inception.
- Stay current on evolving AI security threats including adversarial prompting, model poisoning, and emerging OWASP LLM Top 10 guidance.
- Secure Coding & Application Security
- Conduct secure code reviews across multiple languages and frameworks, with an emphasis on Python, JavaScript/TypeScript, and cloud-native applications.
- Apply OWASP principles and industry-standard secure development lifecycle (SDLC) practices to engineering workflows.
- Perform static and dynamic application security testing (SAST/DAST) and triage findings with development teams through to remediation.
- Collaborate with software engineers to embed security controls into code pipelines, authentication flows, and data handling routines.
- SaaS Application Security Reviews
- Lead third-party SaaS application security assessments, evaluating vendor security posture, data handling practices, access control models, and contractual compliance.
- Maintain a SaaS application inventory and risk register, conducting periodic reviews and ensuring ongoing controls alignment.
- Evaluate browser-based plugins, marketplace extensions, and integrations for privilege scope, data exfiltration risk, and policy adherence.
- Partner with Procurement and Legal during the vendor onboarding process to communicate security requirements and assess residual risk.
- Marketing Technology Security
- Assess the security posture of marketing platforms including CRMs, CDPs, ad tech stacks, campaign automation tools, and analytics platforms.
- Evaluate data flows between marketing systems and core enterprise infrastructure, identifying excessive data sharing, weak authentication, and shadow IT exposure.
- Support the review and governance of marketing API keys, OAuth tokens, and webhook configurations.
- Partner with Marketing and Digital teams to align platform configuration with data privacy requirements (GDPR, CCPA) and organizational policy.
- Architecture & Standards
- Participate in architecture review boards (ARB) to assess new systems and integration patterns for security risk.
- Develop and maintain security reference architectures for SaaS integrations, AI platform connections, and plugin frameworks.
- Contribute to security policies, standards, and playbooks relevant to AI security, SaaS governance, and third-party risk.
- Support threat modeling exercises for new platform deployments and significant system changes.
Skills and Experience
- Minimum of 5 years of hands-on experience in information technology, with a focus on risk management and compliance.
- Comprehensive knowledge of industry market structures and associated regulatory compliance frameworks, such as ISO 27001, SOC 2, NIST, NIS2, and GDPR.
- Demonstrated expertise in identity management standards, as well as cloud-based storage and disaster recovery strategies.
- Proficiency in utilizing security assessment tools, including but not limited to Rapid7.
- Familiarity with Governance, Risk, and Compliance (GRC) platforms and best practices, such as ZenGRC, OneTrust, and Archer.
- Documented success in coordinating and executing multiple risk and compliance initiatives.
- Proven ability to manage third-party audits, including compiling audit evidence and organizing comprehensive audit responses.
- Exceptional attention to detail and accuracy in all aspects of work.
- Strong written and verbal communication skills, with the ability to collaborate effectively across cross-functional teams.
- Well-developed analytical and problem-solving skills, with a track record of driving initiatives that support organizational objectives.
Total Rewards
- Starting salary between $110,000-$140,000
- Generous medical, dental, vision and other great benefits
- Paid parental and medical leave programs
- 401(k) with a company match component and profit sharing
- 15 days of paid time off plus company holidays
- Hybrid work model
- Tuition reimbursement and student loan repayment assistance
- Inclusive employee resource groups
Equal Opportunity Employer
We are an equal opportunity employer, and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
Recruiting Agencies
tms does not accept agency resumes submitted by third-party vendors unless a valid agreement has been signed and the tms Talent Acquisition Team has granted authorization for submissions for a specified position. Please do not submit or forward resumes to our site, tms employees, or any other company location. tms is not responsible for any fees related to unsolicited resumes.