Jobs · Engineering · New York

Sr Security Engineer, AI Model and Application - Dunkirk / Buffalo NY

ImmunityBio, Inc. · Dunkirk, NY · 5 days ago
Engineering$135k/yrFull-time

Position Summary

The Senior Security Engineer AI Model and Application is a hands-on, systems-level role at the intersection of security engineering and artificial intelligence, involving close interaction with ML engineering, product, platform, and SOC/security operations teams. The Senior Security Engineer will serve as the subject matter expert (SME) in AI and LLM security across the organization, owning end-to-end security of AI systems — from data and training pipelines to inference endpoints and user-facing features. This role will support security leadership in driving threat modeling, adversarial testing, red teaming, and the implementation of secure-by-design AI features in alignment with applicable regulatory frameworks including NIST AI RMF, NIST CSF, and SOC 2 Type 2.

Essential Functions

  • Design, implementation, and maintenance of security controls across the full AI/ML lifecycle, including training data validation, model registry policies, deployment guardrails, and production monitoring for anomalous model behavior.

  • Develop and maintain comprehensive threat models for AI/ML systems, covering prompt injection, data leakage, model evasion and extraction, data poisoning, and agent hijacking scenarios.

  • Lead red teaming and adversarial testing of LLMs and agentic workflows — including jailbreak attempts, prompt injection, output manipulation, and business logic abuse — and drive remediation with engineering teams.

  • Partner with ML engineers to embed security into model development pipelines, including secure training, evaluation, and deployment processes, as well as secure use of RAG architecture, tooling integrations, and multi-agent workflows.

  • Implement and define policies for safe prompt and response handling, including PII and sensitive content detection, output filtering, and usage logging to support investigations and compliance requirements.

  • Work with security engineering to integrate AI telemetry into SIEM, EDR, and SOC workflows; define and maintain runbooks for AI-related security incidents and forensic investigations.

  • Create, edit, and adhere to Standard Operating Procedures (SOPs), security playbooks, and standardized documentation templates.

  • Perform ad-hoc and cross-functional projects assigned to support business needs and provide developmental opportunities.

Education & Experience

  • Bachelor's degree in Computer Science, Information Security, Engineering, or a related field with 7+ years of relevant experience is required.

  • 5+ years of experience in application security, product security, or offensive security, including hands-on threat modeling and secure design for complex systems, is required.

  • Practical, demonstrated experience assessing or attacking AI/ML or LLM systems (e.g., prompt injection, model abuse, data exfiltration via LLMs, or adversarial examples) is required.

  • Experience working within or alongside regulated industries with compliance obligations (e.g., NIST AI RMF, SOC 2, ISO 27001) is preferred.

  • Experience with RAG pipelines, vector databases, or agent frameworks and their associated security risks is preferred.

Knowledge, Skills & Abilities

  • Excellent interpersonal skills and ability to work effectively in a cross-functional team environment spanning security, ML, and product disciplines.

  • Excellent technical writing, communication, and organizational skills, with the ability to translate complex security risks into clear trade-offs and actionable requirements for non-security stakeholders.

  • Strong proficiency in Python and familiarity with modern ML/LLM frameworks (e.g., LangChain, LlamaIndex, Hugging Face, OpenAI API).

  • Solid understanding of common web and API security vulnerabilities (OWASP, authentication and authorization, rate limiting, abuse prevention) and how they manifest in AI-powered applications and agents.

  • Strong knowledge of AI-specific threat frameworks including NIST AI RMF, OWASP LLM Top 10, and MITRE ATLAS.

  • Strong data analytics skills with experience integrating AI telemetry into security monitoring and detection workflows.

  • Strong leadership skills with the ability to drive security initiatives independently and mentor junior team members.

Similar jobs