hiddenjobs
Back to search

On Running · consumer_tech

Staff Engineer - AI Security

Verified·1 day ago
Zurich staff
Apply on greenhouse

In short

As our Staff Engineer (AI Security), your mission is to define and implement the security strategy for AI agents, chatbots, LLM models, and agentic workflows developed internally or deployed through cloud-based platforms. You will secure AI from idea to production: covering development standards, model security, pre-deployment security checks, identity and access controls, logging, monitoring, alerting, and continuous testing. You will help the organization adopt AI safely by ensuring that every AI agent, chatbot, and LLM-based solution has clear ownership, a defined identity, appropriate permissions, proper monitoring, and security controls that match its risk.

Your mission

A key part of your mission will be to protect the business from emerging AI-specific threats such as prompt injection, model misuse, model manipulation, excessive permissions, data leakage, insecure tool use, unauthorised agent actions, and misuse of externally facing AI services:

  • You will establish the practical security controls needed to govern AI agents, chatbots, LLM models, and agentic workflows. This includes defining ownership, risk classification, approval processes, minimum security requirements, and maintaining visibility over agents, models, data access, identities, permissions, integrations, and exposure levels.
  • You will partner with engineering, data, cloud, and product teams to embed security into AI delivery. This includes security reviews before deployment, threat modeling, model and prompt security checks, access reviews, data leakage testing, secure architecture guidance, and validation of high-risk components such as APIs, tools, memory, RAG, vector databases, and model-serving environments.
  • You will build the operational security layer for AI systems already in production. This includes logging requirements, clear separation of human and agent activity, SOC/SIEM integration, alerting for elevated permissions or suspicious behavior, monitoring for model abuse and access drift, and continuous testing of externally facing agents against prompt injection, jailbreaks, data leakage, and other AI-specific attacks.

Your story

  • You bring solid hands-on experience in AI security, with a strong understanding of how to secure AI agents, chatbots, LLM-based applications, model-serving environments, and agentic workflows in production. You have practical experience assessing AI-specific risks such as prompt injection, jailbreaks, data leakage, insecure tool use, excessive agency, model misuse, model extraction, insecure output handling, and abuse of externally facing AI systems.
  • You are a senior individual contributor who can operate independently, set direction, and turn emerging AI security risks into practical controls, patterns, and engineering requirements. You have strong experience across application security, cloud security, identity and access management, secure software delivery, APIs, secrets management, logging, monitoring, and security testing.
  • You are comfortable partnering directly with engineering, data, ML, cloud, IAM, SOC, and product teams to embed security into the AI lifecycle from design through production. Experience with AI red teaming, adversarial testing, SIEM detection use cases, incident response, MLOps/DevSecOps, OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, or similar AI security frameworks would be a strong advantage.