Sr. Security Engineer (AI)
Hi Marley · Boston, MA · 1 wk ago
HybridInformation Technology$121k–$226k/yrFull-time
What You’ll Do
- AI Security Engineering & Threat Modeling
- Apply Hi Marley’s AI security design patterns and reference architectures to LLM integrations, agent frameworks, MCP connectors, and data pipelines across the internal environment.
- Lead threat modeling for new AI capabilities before they ship, identifying architectural risks and driving mitigations into the design phase.
- Implement and enforce controls for agent isolation, least-privilege execution, credential scoping, and data-boundary enforcement in agentic environments.
- Maintain a current inventory of AI tools and integrations in use across the organization, tracking data flows, permission scopes, and access controls.
- Track emerging AI security research, attack techniques, and defensive tooling, and bring relevant findings into our practices.
- AI Security Program Execution
- Run the risk assessment process for internal AI tools, integrations, and third-party model providers against the established methodology.
- Execute the AI red-teaming cadence (e.g., adversarial testing for prompt injection, data exfiltration, model manipulation, and jailbreaking) and drive remediation.
- Operate the agent and MCP connector lifecycle, from proposal through approval, deployment, monitoring, and retirement.
- Own the security evaluation of new AI tool requests, including vendor risk assessments, data-handling reviews, and baseline configuration; surface unapproved tools and bring them under governance.
- Maintain AI security incident response runbooks and help respond when something goes wrong.
- Track and report AI security metrics that demonstrate program health.
Trust, Compliance & Collaboration
- Produce compliance evidence and documentation for AI systems supporting SOC 2 Type II examinations and ISO 42001 certification.
- Translate technical decisions into clear, auditor-ready explanations of what we do, how it works, and why it is safe.
- Partner with AI Operations and Corporate IT to embed security into the internal AI platform: access controls for inference APIs, isolation for cloud-hosted agentic workloads, and endpoint/DLP configuration.
- Contribute employee-facing guidance on safe AI use.
Required
- 5+ years in security engineering, application security, or infrastructure security, with hands-on exposure to AI/ML systems.
- Experience securing or building LLM-based systems, agentic frameworks, or ML pipelines in cloud environments.
- Strong proficiency in Python and experience building security tooling, automation, and testing.
- Strong working knowledge of AWS security: IAM, networking, container isolation, encryption, and monitoring.
- Familiarity with compliance frameworks (SOC 2, ISO 27001, ISO 42001, NIST AI RMF) and mapping technical controls to audit requirements.
- Ability to communicate technical risk clearly to engineers, auditors, and stakeholders.
PREFERRED
- Experience running or contributing to AI red-teaming or adversarial testing.
- Experience with MCPs, agent orchestration frameworks, or similar agentic infrastructure.
- Background in DLP, monitoring, or observability for AI or cloud workloads.
- Experience at a growth-stage B2B SaaS company.