Jobs · Information Technology · Massachusetts

Associate Director, AI & Application Security - HYBRID ROLE

Vertex Pharmaceuticals · Boston, MA · 1 mo ago
HybridInformation Technology$172k–$258k/yrFull-time

About the role

This is a hybrid position that requires 3 days a week in our Boston office. Vertex is seeking an Associate Director, AI & Application Security, to lead security for AI-enabled applications, platforms, and services across the enterprise.

Responsibilities

  • Lead AI and application security across the full lifecycle of AI-enabled systems, from design and development through deployment and operations.
  • Define and evolve security standards, guardrails, and control expectations for AI systems used across Vertex.
  • Apply and operationalize industry-recognized security frameworks and control models, including:
    • NIST AI Risk Management Framework (AI RMF)
    • NIST Cybersecurity Framework (CSF)
    • OWASP Top 10
    • OWASP Top 10 for LLM and Generative AI Applications
  • Secure AI workloads and AI-enabled applications across cloud and SaaS environments, with emphasis on:
    • policy enforcement
    • data protection
    • logging and telemetry
    • monitoring and operational visibility
  • Lead threat modeling and misuse-case analysis for AI systems, including risks such as:
    • prompt injection and prompt abuses
    • sensitive data leaks
    • tool or action abuse
    • unsafe outputs
    • model misuse
  • Define and mature AI guardrails, including monitoring, detection, logging, and misuse or negative testing practices.
  • Establish secure development expectations for AI-enabled applications and services, including secure coding practices and appropriate separation of development and production environments.
  • Build and lead application security testing practices for AI-enabled applications and supporting services, including SAST, DAST, automated scanning, and retesting processes.
  • Partner with Cloud Security, Security Operations, Privacy, Legal, Data Science, and Engineering teams to align security controls with business, technical, and regulatory requirements.
  • Influence architecture and platform decisions through practical, risk-based guidance that can scale with AI adoption.
  • Communicate risks, tradeoffs, and recommendations clearly to both technical teams and senior leadership.

Requirements

  • Cloud security architecture and controls across Azure and AWS
  • Familiarity with GCP security concepts and services
  • Secure software development lifecycle (SDLC) practices
  • Secure coding standards and code review practices
  • SAST, DAST, automated security scanning, and remediation workflows
  • OWASP Top 10 and common application and API security risks
  • Familiarity with OWASP guidance for LLM/GenAI applications
  • API security, identity and access management, secrets management, and service-to-service trust
  • Logging, telemetry, monitoring, and detection for cloud-native environments
  • Threat modeling and misuse-case analysis
  • Familiarity with AI security risks, including:
    • prompt injection
    • sensitive data leaks
    • model misuse
    • tool or action abuse
    • unsafe outputs
    • policy enforcement
  • Familiarity with AI platforms and providers such as:
    • Microsoft Copilot / Azure OpenAI
    • Anthropic
    • Google Gemini
    • AWS Bedrock
  • Emerging AI platforms and services

Qualifications

  • Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field or equivalent experience
  • Significant experience in application security, product security, cloud security, or a related cybersecurity discipline
  • Strong experience securing cloud environments, particularly Azure and AWS; familiarity with GCP is a plus
  • Deep knowledge of application security fundamentals and secure software development practices
  • Experience securing APIs, platforms, and complex distributed systems
  • Experience leading threat modeling, architecture reviews, and risk-based security assessments
  • Experience applying security and risk frameworks in engineering environments, including familiarity with NIST AI RMF, NIST CSF, and common application security standards
  • Demonstrated ability to partner effectively with engineering and platform teams to embed security into design and delivery processes
  • Experience securing generative AI applications, agentic workflows, or machine learning-enabled services
  • Experience defining AI guardrails and monitoring strategies at scale
  • Excellent communication and influence skills, with the ability to engage both technical teams and senior leaders

Preferred Qualifications

  • Experience working in biopharmaceutical or other GxP-regulated environments with strong privacy and data protection requirements

Similar jobs