Information Security Engineer - AI First

Staff Information Security Engineer - AI First

Rithum™ is the world’s most trusted commerce network, accelerating how brands, suppliers, and retailers work together to deliver seamless e‑commerce experiences. We provide an unmatched platform for brands and retailers, enabling them to accelerate growth, optimize operations across channels, scale product offerings and enhance margins.

Today, more than 40,000 companies trust Rithum to grow their business across hundreds of channels, representing over $50 billion in annual GMV. Using our commerce, marketing, and delivery solutions, our customers create optimized consumer shopping journeys from beginning to end.

As an AI‑first organization, Rithum expects employees across all roles to leverage AI and technology to improve efficiency, streamline workflows, and create scalable ways of working. Rithum is embedding AI into every corner of how it operates — and security is no exception.

As a Staff AI‑First Information Security Engineer, you own the intersection of AI adoption and information security: designing guardrails for AI‑powered products, building automated security tooling, designing security controls and monitoring for an AI‑First workforce, and helping every team at Rithum move fast without creating risks they cannot see. This is not a typical security role. You spend as much time building and automating as you do reviewing, turning a repeating control into infrastructure‑as‑code, a manual review into a workflow, and a vague AI risk into a concrete, enforced guardrail.

You work autonomously, balancing research with fast‑paced delivery, and collaborate closely with Platform Engineering, IT, Security Champions, and external auditors.

• Act as the bridge between architectural intent and operational reality; mediate conflicts between security requirements and feasible implementation, propose compensating controls where gaps exist and help register, track and remediate residual risks.
• Implement preventive, default‑on security controls across cloud and enterprise environments, codified as policy‑ and infrastructure‑as‑code so security is enforced by design, including controls that govern how AI tools and models may be used.
• Implement and enforce identity and access controls to an agreed standard, including access boundaries for AI systems and non‑human/agent identities by partnering with Platform Engineering and IT to align tooling and policy to the architecture.
• Assist in maintaining the Info Sec risk register; track emerging threats and translate them into actionable guidance for engineering teams.
• Support third‑party and vendor risk assessments, with a focus on vendors who process data through AI pipelines.
• Automate repetitive security workflows (evidence collection, access reviews, alert enrichment) and build or operate AI‑assisted security agents — with human‑in‑the‑loop approval gates, least‑privilege credentials, and explicit attention to each agent's own blast radius.
• Integrate security tooling (SIEM, CSPM, DAST/SAST, vulnerability scanners) with LLM layers to surface actionable insight and automated responses.
• Define and enforce security requirements for AI‑powered features: model access controls, prompt‑injection mitigations, output validation, and data‑handling boundaries.
• Conduct threat modelling on agentic and LLM‑based systems, accounting for novel attack surfaces such as tool misuse, indirect prompt injection, and supply chain risk.

• 5+ years of security engineering experience with demonstrated AI/ML security depth (prompt injection, model supply chain, adversarial inputs, RAG).
• Experience using AI tools (ChatGPT, Copilot, Claude, etc.) and LLM frameworks and APIs (OpenAI, Anthropic, Lang Chain, or similar) to accelerate and elevate your work.
• Hands‑on identity and access expertise across modern enterprise and cloud identity stacks, including access models for AI systems and non‑human identities.
• Infrastructure and policy‑as‑code (e.g. Terraform, OPA/Rego) and proficiency in a scripting language for automation (Python preferred).
• Cloud security expertise: AWS Solutions Architect /…