Corporate Vice President -AI​/ML Security Operations Engineer

Location: New York

Job Description

Requisition ID94174

Department Tech Data AI Ventures Job Function Tech Data AI Ventures Location New  York,New York,United States Role Location Designation Hybrid - 3 days per week Location Designation:
Hybrid - 3 days per week

The AI / ML Security Operations Engineer is a hands-on senior engineering role embedded within the Application Security organization, responsible for securing New York Life's machine learning and AI pipelines as they evolve from isolated experimentation into production, agentic, and automated decisioning systems. This role sits at the intersection of ML engineering, platform engineering, and security, and is accountable for establishing the controls, guardrails, and reference patterns that scale as AI adoption accelerates across the enterprise.

The engineer will be responsible for securing the full ML lifecycle, from data ingestion and feature pipelines through model training, registry, deployment, and execution, with a primary focus on Google Cloud Vertex AI as the enterprise ML platform. Day-to-day work includes building guardrails for agentic and tool-invoking AI use cases, protecting ML supply chain integrity, integrating ML security controls into existing App Sec CI/CD and SSDLC processes, contributing security requirements to ML platform and identity decisions owned by partner teams, and partnering directly with data scientists, ML engineers, and platform owners to operationalize secure-by-default patterns.

This is a senior individual contributor role with strong cross-functional influence expectations.

The right candidate has done this work hands-on in a regulated environment and can also define enterprise standards, mentor peers, and engage credibly with risk, audit, and model risk management stakeholders.

What You'll Do:

The engineer will be responsible for securing the full ML lifecycle, from data ingestion and feature pipelines through model training, registry, deployment, and execution, with a primary focus on Google Cloud Vertex AI as the enterprise ML platform. Day-to-day work includes building guardrails for agentic and tool-invoking AI use cases, protecting ML supply chain integrity, integrating ML security controls into existing App Sec CI/CD and SSDLC processes, contributing security requirements to ML platform and identity decisions owned by partner teams, and partnering directly with data scientists, ML engineers, and platform owners to operationalize secure-by-default patterns.

This is a senior individual contributor role with strong cross-functional influence expectations.

The right candidate has done this work hands-on in a regulated environment and can also define enterprise standards, mentor peers, and engage credibly with risk, audit, and model risk management stakeholders.

What You'll Bring:

Bachelor's degree in Computer Science, Engineering, or equivalent practical experience, with 5+ years in application security, cloud security, or security engineering

Hands-on production experience securing at least one major ML platform. Vertex AI strongly preferred, with Sage Maker or Azure ML acceptable as transferable experience that will be cross-validated against GCPStrong working knowledge of the end-to-end ML lifecycle and MLOps workflows: data ingestion, feature pipelines, training jobs, model registry, deployment patterns, and online/offline serving

Practical understanding of how ML environments should be separated across dev, training, staging, and production, and the ability to partner with platform teams to ensure those boundaries hold from a security standpoint

Working knowledge of non-human identities, service accounts, workload identity federation, and automated CI/CD or pipeline-driven workflows, with the ability to evaluate whether identity patterns proposed by partner teams meet security requirements

Fluency with AI/ML-specific threat scenarios including data poisoning, model theft, training data exfiltration, inference abuse, prompt injection, indirect prompt injection, unsafe tool invocation, and agentic misuse, and the ability to translate them into concrete controls

Hands-on experience integrating security controls into CI/CD pipelines and infrastructure-as-code environments (Terraform, Git Hub Actions, Git Lab CI, Cloud Build, or equivalent)
Working understanding of cloud IAM principles and least-privilege design, sufficient to review and provide security input on identity patterns owned by platform and cloud teams

Application security fundamentals: authentication/authorization patterns, supply chain security (SLSA, SBOMs, signed artifacts), secure API design, and secrets management

Proficiency in Python for automation, security tooling, and detection logic. Candidates should be able to walk through code they have personally written, not just reviewed

Ability to operate as both a hands-on engineer and a pattern-setter, comfortable building the first instance of a control and then turning it into a reusable enterprise standard

Preferred…