Senior AI Security Engineer

The AI Security Engineer is a hands‑on technical role dedicated to securing the AI systems, models, and pipelines that power Vertex's products. This role partners with product engineering, platform, governance, and information security teams to identify, assess, and mitigate risks that are unique to large language models, retrieval‑augmented generation, agentic workflows, and the broader AI supply chain. As a member of the AI Security organization, this role owns the applied AI security practice building the tooling, threat models, red team exercises, and developer guidance that enable Vertex to ship AI‑powered features safely and responsibly.

The AI Security Engineer operates at the intersection of offensive research, defensive engineering, and policy, translating the rapidly evolving AI threat landscape into concrete, measurable controls.

• Perform threat modeling and security reviews of AI features, including LLM‑enabled applications, RAG systems, inference pipelines, and agentic workflows.
• Analyze AI systems to identify, characterize, and prioritize security vulnerabilities.
• Ensure AI actions are fully traceable using industry‑standard identity, security, and logging frameworks.
• Perform hands‑on testing and develop automated red teaming for AI and agentic features, especially focused on AI specific risks like prompt injection.
• Document reproducible failure modes and partner with engineering teams to implement and verify durable mitigations.
• Build or extend AI security automation and evaluation harnesses.
• Define how AI agents coordinate, delegate, and
  ** escalate
  * * within security workflows.
• Work with engineering to define secure‑by‑default patterns and guidance for AI system design, development, prompts, retrieval, tool use, output handling, deployment, logging, and least‑privilege agents.
• Monitor emerging AI threats, frameworks, and platform changes, and convert relevant risks into prioritized controls and mitigations.
• Drive effective and secure use of AI development tooling.
• Guide developers on security and privacy best practices for agentic coding, using MCP‑enabled tools and hooks to help prevent vulnerabilities.
• Preemptively identify and resolve technical risks and cross‑team dependencies to keep AI security work on track.
• Collaborate proactively with defensive security teams to enhance detection, response, and mitigation capabilities.
• Act as the AI security incident SME, providing rapid triage guidance and root‑cause analysis.

• 5+ years of experience in security engineering, application security, product security, AI/ML engineering, or security architecture, with direct hands‑on experience securing AI/ML or LLM‑based systems.
• Demonstrated ability to independently lead security reviews for complex software or AI systems and drive mitigation plans across engineering teams with limited oversight.
• Practical experience assessing AI‑specific risks such as prompt injection, insecure output handling, sensitive data exposure, excessive agency, model or data supply chain weaknesses, agent/tool abuse, and unsafe retrieval or memory patterns.
• Advanced understanding of AI system behavior, including the ability to reason about model behavior, AI system vulnerabilities, evaluation results, and security‑relevant failure modes.
• Proficiency in Python (or similar) for building security automation, evaluation scripts, test harnesses, prototypes, and evidence‑collection workflows.
• Working knowledge of modern AI technology stacks, model APIs, orchestration frameworks, vector databases, retrieval pipelines, agentic workflows, and at least one major cloud platform (AWS, GCP, or Azure).
• Familiarity with AI security and governance frameworks such as OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and ISO/IEC 42001.
• Excellent written and verbal communication skills, with the ability to explain complex AI security risks to both technical and non‑technical audiences.

• Advanced degree in Computer Science, Engineering, or a related field; equivalent combination of education, training, and relevant professional experience accepted in lieu of a formal degree.
• Experience…