Gen AI Security Engineer

Role Summary

We are looking for a GenAI Security Engineer to implement and operationalize security controls across the Generative AI lifecycle. This role is hands-on and execution focused. While architecture defines the strategy, you will work directly with GenAI engineers to embed security into agentic workflows, RAG pipelines, and LLMOps without slowing teams down.

You will harden AI systems against prompt injection, data leakage, and unauthorized access, while enforcing data residency, compliance, and cloud security best practices across AWS and GCP.

Key Responsibilitie

sGenAI & Agent Securit

• yImplement governance and security controls for agentic frameworks (LangGraph, LangChain
• )Enforce Human-in-the-Loop (HITL) checkpoints and tool/function-call validatio
• nConstrain agent permissions to prevent unintended execution or destructive action

sGuardrails & AI Safet

• yBuild and operate prompt firewalls, content moderation, and grounding control
• sImplement PII detection, redaction, and DLP safeguard
• sMitigate prompt injection, jailbreaks, and data exfiltration risk

sLLMOps & CI/CD Securit

• yEmbed security checks into CI/CD pipelines for prompts, chains, and model
• sIntegrate AI security telemetry into cloud-native monitoring stack
• sGoogle SCC, AWS Security Hub, SIEM platform

sRAG & Data Pipeline Hardenin

• gSecure document ingestion, chunking, embedding, and retrieval workflow
• sEnforce least-privilege access for vector stores and retrieval layer
• sPrevent cross-tenant or cross-sensitivity data leakag

eCloud & API Securit

• ySecure managed and self-hosted LLM endpoint
• sImplement authenticated gateways, rate limiting, caching, and access control
• sEnforce regional data residency across GCP and AW

SVulnerability Remediatio

• nPartner with GenAI engineers to remediate findings from security reviews and red-teamin
• gTranslate risks into concrete technical fixes, not just findings

.

Must-Have Skil

lsExperien

• ce5+ years in Cloud Security / Security Engineeri
• ng2+ years hands-on with AI/ML or GenAI implementatio

nsCloud Securi

• tyG
• CPVertex AI security configurati
• onShared VPCs, VPC-SC, Access Approv
• alA
• WSBedrock security contro
• lsIAM (service-linked roles), PrivateLink, API Gatew

ayAI Securi

• tyStrong understanding of OWASP Top 10 for LL
• MsProven mitigation o
• f:Prompt injecti
• onSensitive data leaka
• geOver-permissive tool acce
• ssHands-on experience securing RAG pipelin

esInfrastructure as Co

• deAdvanced Terraform skil
• lsAbility to enforce security baselines via cod
• e:No public I
• PsMandatory loggi
• ngNetwork isolati
• onPolicy guardrai

lsAutomation & Scripti

• ngProficiency in Pyth
• onExperience building custom security hooks, validators, or pipeline integratio

nsGood-to-Have Skil

• lsSecurity-as-Code tools (OPA, Sentinel, policy engine
• s)Experience with LLMOps frameworks and prompt lifecycle manageme
• ntKnowledge of vector databases (Pinecone, FAISS, Weaviate, OpenSearc
• h)Exposure to AI red-teaming or adversarial testi
• ngExperience securing multi-agent syste
• msFamiliarity with CI/CD platforms (GitHub Actions, GitLab CI, Cloud Buil

d)

Ski

llsSoftware Engineering, Generative ai, Vertex ai or AWS Bedro

ck.