Senior AI & Securi

NFA is purpose-driven. We safeguard the integrity of the derivatives markets, protect investors and ensure that our Members meet their regulatory obligations. We take pride in our work; maintain a conviction to do the right thing; empower each other; and support our community. Envision your career in a place where performing critical regulatory work within the financial industry is as significant as the passionate and talented individuals with whom you work.

When you join NFA as a Senior AI & Application Security Engineer, you will play a critical role in advancing secure‑by‑design practices across our applications, APIs, cloud platforms, and emerging AI solutions.

You will be a hands‑on technical leader and subject‑matter expert developing, designing, and automating secure applications while partnering closely with developers, architects, data, and governance teams. Your expertise will help protect business‑critical systems while enabling innovation through secure development practices and modern security architecture.

• Lead secure design and implementation of both traditional enterprise and AI‑powered applications by integrating security throughout the SDLC, performing architecture reviews, threat modeling, and application security testing across cloud and AI environments.
• Lead application security architecture reviews, threat modeling exercises, vulnerability assessments, and secure design assessments for web applications, APIs, cloud native platforms, and AI‑enabled solutions.
• Develop the vision, roadmap, and operating model for securing applications, illustrating how applications, integrations, cloud services, infrastructure, and network architecture work together as a cohesive ecosystem.
• Partner across technology and business teams to define security standards, identify emerging risk, implement proactive controls, and develop meaningful metrics that demonstrate risk reduction and program effectiveness.
• Perform secure code reviews and implement remediation of application vulnerabilities.
• Assess and mitigate risks associated with Large Language Models (LLMs), Generative AI, AI agents, and AI assisted development tools.
• Develop, maintain, and adapt application security standards aligned with OWASP Top 10 and industry best practices.
• Utilize security testing tools, including BURP, to identify vulnerabilities, validate security controls, and follow through with remediation.
• Design, implement, and optimize Cloudflare security services including WAF, API security, DDoS protection, and Zero Trust capabilities.
• Integrate security controls, automated testing, and policy validation into CI/CD pipelines and Dev Sec Ops  workflows.
• Collaborate with engineering teams to secure cloud environments and applications hosted in diverse cloud platforms.
• Serve as an SME on application security, AI security, cloud security, and secure software‑development practices.
• Present security assessments, risk findings, and strategic recommendations to senior leadership and key stakeholders, translating complex technical concepts into actionable outputs.

• Hands‑on experience reviewing and writing code in one or more modern programming languages.
• Strong knowledge of secure coding practices, threat modeling, vulnerability management, and Secure SDLC methodologies.
• Expertise with OWASP Top 10, API security, authentication, authorization, and application‑layer security controls.
• Experience securing and assessing cloud‑native applications and architectures across various cloud platforms, and designing secure AI/LLM technologies.
• Experience architecting, implementing, and maintaining Cloudflare‑based security protections, including WAF, API security, DDoS defenses, and other web application security controls.
• Strong communication skills with the ability to influence technical teams and drive security initiatives across the organization.
• Demonstrated experience guiding secure applications through the full lifecycle from requirements gathering and architecture reviews to design, development, deployment, remediation, and ongoing optimization.
• Deep knowledge of how applications reside and interact across the cloud, network, and infrastructure environments, enabling the development of comprehensive security strategies and roadmaps.
• Experience interpreting and implementing enterprise security architecture principles and governance frameworks, with practical application of NIST SP 800‑53, NIST Cybersecurity Framework (CSF) 2.0, NIST AI Risk Management Framework (AI RMF), NIST SP 800‑218 (SSDF), and NIST SP 800‑207 within application security programs.

The salary range for this position is $152,950 to $272,000.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

Nearest Major Market:
Chicago.