Key skills
AWSAzureCloudGoogle Cloud PlatformSDLCTerraformAILLMAgenticGCPGoogle CloudCI/CDOWASP
About this role
Role Overview
- Threat-model agentic and LLM-powered features end-to-end: data ingress/egress, agent identity, tool-use boundaries, and the unique risks that come with frontier AI work
- Build the secure SDLC paved road — secure SDLC guardrails, prompt/agent identity patterns, secrets management, PHI/PII redaction patterns
- Embed SAST, DAST, SCA, and infrastructure scanning into CI/CD so security gates are part of the pipeline, not an afterthought
- Identify and pilot an AI monitoring tool to fill the gap our current tooling (Zscaler) doesn't cover
- Translate existing security policy into safe tool-use patterns for the Artera Primitives team, Systems Engineers, and other AI Builder squads
- Partner cross-functionally with DevOps, Systems Engineering, and the AI builder teams — meeting AI Builders and engineers in the middle and finding the secure path forward, not the 'no' path
- Own AWS identity and access management patterns, secrets management, and security tooling decisions in our AWS environment. Collaborate with System Engineers / DevOps on implementation.
- Apply frameworks like MITRE ATT&CK, MITRE ATLAS, OWASP Top 10, and OWASP LLM Top 10 to architectural decisions.
Requirements
- 6–10 years in Application Security, with a hands-on engineering orientation
- Demonstrable experience with LLM and agent security — OWASP LLM Top 10, MITRE ATLAS, prompt/output filtering, agent identity, and tool-use risk
- You’ve built end-to-end threat models for production platforms and translated them into corrective controls
- SAST, DAST, and infrastructure scanning tools in production CI/CD environments
- Taking policy, codifying it as infrastructure-as-code (Terraform), and gating CI/CD pipelines on security findings
- Significant AWS experience (GCP or Azure background acceptable; AWS is learnable, but cloud depth is required)
- Background in regulated environments — healthcare (HIPAA/HITRUST), federal (FedRAMP), or fintech (PCI)
- Strong cross-functional communicator;able to partner with engineers and AI builders, find the secure path together.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- SDLC
- Terraform
Benefits
- Full health benefits (medical, dental, and vision)
- Flexible spending accounts
- Company paid life insurance
- Company paid short-term & long-term disability
- Company equity
- Voluntary benefits
- 401(k)
- Generous time off (company holidays, Winter & Summer break, and flexible time off)
- Employee Resource Groups (ERGs)