AI Security & Compliance Engineer

Title: AI Security & Compliance Engineer

Location: Jersey City, NJ (Hyrbid)

Type: Contract

Primary ownership

• Security architecture and control implementation for AI platforms, LLM applications, RAG pipelines, and agentic systems.
• Threat modeling, AI red teaming, vulnerability assessment, and remediation guidance.
• Security evidence, control documentation, and compliance support for production approvals.
• Key responsibilities
• Design and review secure architectures for AI/ML platforms, LLM applications, RAG pipelines, model-serving environments, and agentic AI workflows.
• Conduct threat modeling for prompt injection, jailbreaks, insecure tool use, model inversion, data leakage, retrieval poisoning, adversarial inputs, and unauthorized access.
• Implement controls for IAM, encryption, secrets management, network segmentation, API security, logging, secure data handling, and data-loss prevention.
• Embed security into MLOps, LLMOps, CI/CD, container security, infrastructure-as-code, and deployment pipelines.
• Review third-party models, APIs, open-source packages, AI tools, and vendor platforms for security, privacy, and compliance risks.
• Build monitoring and alerting for suspicious AI usage, anomalous access, policy violations, unsafe interactions, and potential data leakage.
• Support AI red teaming, penetration testing, vulnerability management, incident response, and remediation planning.
• Maintain audit-ready documentation for controls, testing, risk acceptance, and production-readiness reviews.

Must-have candidate profile:

• Strong background in cybersecurity, cloud security, application security, DevSecOps, or technology risk.
• Experience securing cloud-native platforms, APIs, microservices, containers, Kubernetes, CI/CD pipelines, and infrastructure-as-code.
• Understanding of AI/ML and GenAI-specific risks such as prompt injection, adversarial attacks, data leakage, model misuse, and unsafe tool use.
• Familiarity with threat modeling, vulnerability management, security testing, incident response, and secure SDLC practices.
• Ability to work directly with engineering teams to implement practical, risk-based controls.
• Preferred experience
• Experience securing AI/ML platforms or GenAI applications in production.
• Financial-services security, technology risk, regulatory, or audit experience.
• Familiarity with AI red teaming, model supply-chain risk, secure RAG design, LLM gateways, and privacy-by-design controls.
• Initial screening questions
• How would you threat-model a RAG system that accesses confidential enterprise documents?
• What controls reduce prompt injection and data leakage risks?
• How do you secure an AI model-serving pipeline from source to production?
• What AI-specific red-team tests have you designed or executed?