Roles and Responsibilities AI Engineering Security- Evaluate AI tools, models, and platforms for security risk, including prompt injection vulnerabilities, data leakage, model output integrity, and supply chain risks.
- Develop and enforce security standards for AI-assisted development workflows, including LLM-integrated CI/CD pipelines and code generation tools.
- Assess AI API integrations and third-party model usage for data handling compliance, authorization controls, and audit logging.
- Participate in the design and review of AI-powered internal tooling and automation, ensuring security requirements are embedded from inception.
- Stay current on evolving AI security threats including adversarial prompting, model poisoning, and emerging OWASP LLM Top 10 guidance.
Secure Coding & Application Security- Conduct secure code reviews across multiple languages and frameworks, with an emphasis on Python, JavaScript/TypeScript, and cloud-native applications.
- Apply OWASP principles and industry-standard secure development lifecycle (SDLC) practices to engineering workflows.
- Perform static and dynamic application security testing (SAST/DAST) and triage findings with development teams through to remediation.
- Collaborate with software engineers to embed security controls into code pipelines, authentication flows, and data handling routines.
SaaS Application Security Reviews- Lead third-party SaaS application security assessments, evaluating vendor security posture, data handling practices, access control models, and contractual compliance.
- Maintain a SaaS application inventory and risk register, conducting periodic reviews and ensuring ongoing controls alignment.
- Evaluate browser-based plugins, marketplace extensions, and integrations for privilege scope, data exfiltration risk, and policy adherence.
- Partner with Procurement and Legal during the vendor onboarding process to communicate security requirements and assess residual risk.
Marketing Technology Security- Assess the security posture of marketing platforms including CRMs, CDPs, ad tech stacks, campaign automation tools, and analytics platforms.
- Evaluate data flows between marketing systems and core enterprise infrastructure, identifying excessive data sharing, weak authentication, and shadow IT exposure.
- Support the review and governance of marketing API keys, OAuth tokens, and webhook configurations.
- Partner with Marketing and Digital teams to align platform configuration with data privacy requirements (GDPR, CCPA) and organizational policy.
Architecture & Standards- Participate in architecture review boards (ARB) to assess new systems and integration patterns for security risk.
- Develop and maintain security reference architectures for SaaS integrations, AI platform connections, and plugin frameworks.
- Contribute to security policies, standards, and playbooks relevant to AI security, SaaS governance, and third-party risk.
- Support threat modeling exercises for new platform deployments and significant system changes.
SKILLS AND EXPERIENCE WE WOULD LIKE YOU TO HAVE
Required Experience- Minimum of 5 years of hands-on experience in information technology, with a focus on risk management and compliance.
- Comprehensive knowledge of industry market structures and associated regulatory compliance frameworks, such as ISO 27001, SOC 2, NIST, NIS2, and GDPR.
- Demonstrated expertise in identity management standards, as well as cloud-based storage and disaster recovery strategies.
- Proficiency in utilizing security assessment tools, including but not limited to Rapid7.
- Familiarity with Governance, Risk, and Compliance (GRC) platforms and best practices, such as ZenGRC, OneTrust, and Archer.
- Documented success in coordinating and executing multiple risk and compliance initiatives.
- Proven ability to manage third-party audits, including compiling audit evidence and organizing comprehensive audit responses.
- Exceptional attention to detail and accuracy in all aspects of work.
- Strong written and verbal communication skills, with the ability to collaborate effectively across cross-functional teams.
- Well-developed analytical and problem-solving skills, with a track record of driving initiatives that support organizational objectives.
Preferred QualificationsRequired- 3-5 years of progressive experience in security engineering, application security, or a closely related role.
- Hands-on experience with secure coding practices in one or more languages (Python, JavaScript/TypeScript, Go, or similar).
- Demonstrated knowledge of OWASP Top 10, OWASP LLM Top 10, and common application security vulnerabilities.
- Experience conducting SaaS application security reviews or third-party vendor security assessments.
- Familiarity with AI/ML platforms, LLM integrations, or AI-assisted development tooling from a security perspective.
- Understanding of OAuth 2.0, SAML, API security patterns, and modern identity and access management concepts.
- Experience with SAST, DAST, or SCA tooling (e.g., Semgrep, Checkmarx, Snyk, Burp Suite).
- Strong written and verbal communication skills, with the ability to convey technical risk to non-technical stakeholders.
Preferred- Experience securing marketing technology platforms such as Salesforce, HubSpot, Adobe Experience Cloud, or similar.
- Familiarity with browser extension security, plugin frameworks, and marketplace governance.
- Exposure to cloud security principles on AWS, Azure, or GCP relevant to SaaS and AI workloads.
- Relevant certifications such as CSSLP, CEH, GWAPT, AWS Security Specialty, or equivalent.
- Experience contributing to security architecture review processes or developing reference security patterns.
- Knowledge of data privacy regulations (GDPR, CCPA, HIPAA) as they apply to marketing and analytics platforms.
Starting salary between $110,000-$140,000
TOTAL REWARDSOur total rewards philosophy integrates programs for compensation, benefits, recognition, learning and development, corporate culture, corporate citizenship and work-life balance. While individual program components may differ by country, some things remain constant:
- Our commitment to rewarding results
- Opportunities to work with talented and driven individuals at every level of our company who respect each other, treat each other fairly and hold one another accountable for our customers'-and our company's-success
There's more ...
Generous medical, dental, vision and other great benefits
Paid parental and medical leave programs
401(k) with a company match component and profit sharing
15 days of paid time off plus company holidays
Hybrid work model
Tuition reimbursement and student loan repayment assistance
Inclusive employee resource groups
