Principal AI Security Engineer

Role Overview

• Partner with Product and Engineering teams to design, build, and ship AI features across BetterUp's customer-facing platform, with a focus on Ruby on Rails and modern web technologies and ensure security is embedded early in the product lifecycle.
• Drive engineering excellence through code reviews, technical documentation, and establishing best practices for AI feature development and AI security.
• Contribute to and help evolve GitHub workflows, including code releases, release notes automation, feature flag management, and deployment pipelines.
• Lead application-level security architecture roadmap reviews and define secure patterns for authentication, authorization, data protection, and API security.
• Evaluate new technologies and services for security risks and support secure vendor selection and integration.
• Contribute to and help evolve BetterUp’s secure development lifecycle and product security engineering standards.
• Partner with AI/ML teams to assess, mitigate, and monitor risks unique to GenAI and AI/ML model integration, including prompt injection, data leakage, and model manipulation.
• Provide deep expertise in secure coding practices, threat modeling, design reviews, and static/dynamic analysis to Engineering teams delivering core user-facing functionality.
• Serve as a security SME for AI-centric features, helping teams align with AI governance, security, and ethical use frameworks (e.g. ISO 42001).
• Serve as a technical advisor and thought partner to Product Managers and Engineering Leads on product security strategy and implementation approaches.
• Mentor engineers on AI/ML best practices, secure coding patterns, and modern software development techniques.
• Participate actively in design reviews, sprint planning, and architecture discussions to influence product direction.

Requirements

• 8+ years of experience in software engineering, with 4-5 years experience with a strong emphasis in the AI/ML space
• 5+ years Ruby on Rails; experience with modern web frameworks, APIs, and cloud-native architectures.
• Hands-on experience with SAST/DAST tooling, threat modeling, secure code review, and vulnerability management pipelines.
• Experience collaborating with internal stakeholders (including the product, engineering and go-to-market teams) as well as external partners to ensure alignment of security goals with product roadmaps.
• Demonstrated ability to influence engineering teams and drive secure design decisions without formal authority.
• Security awareness and experience implementing secure coding practices, conducting threat modeling, or building features with data protection requirements.
• Bonus: experience supporting or operating bug bounty or coordinated vulnerability disclosure programs.

Tech Stack

• Cloud
• Ruby
• Ruby on Rails

Benefits

• Access to BetterUp coaching; one for you and one for a friend or family member
• A competitive compensation plan with opportunity for advancement
• Medical, dental, and vision insurance
• Flexible paid time off
• All federal/statutory holidays observed
• 4 BetterUp Inner Workdays
• 5 Volunteer Days to give back
• Learning and Development stipend
• Company wide Summer & Winter breaks
• Year-round charitable contribution of your choice on behalf of BetterUp
• 401(k) self contribution