Key skills
Agentic AI & RL SecurityProduct Security ExperiencePython ProgrammingCloud Security (GCP)MLOps SecuritySafety Engineering MindsetAI PartnershipKubernetesIncident ResponsePythonGoAIMLLangChainAgenticMLOpsMLflowKubeflowGCPZero Trust
About this role
Phaidra is building the future of industrial automation with AI-powered control systems for the industrial sector. They are seeking a Senior Product Security Engineer to ensure the security of autonomous agents that optimize the operational fabric of AI factories, tackling unique security challenges associated with deploying these agents.
Responsibilities:
- Champion Secure Agentic AI Development: Drive the adoption of Phaidra's Secure AI/ML Development Lifecycle (SAIDL) within the Agentic AI team. Adapt security practices to fit the iterative and experimental nature of Reinforcement Learning and agent development
- Agentic Threat Modeling: Partner with researchers to model threats specific to autonomous agents. Beyond standard AI risks, you will analyze risks unique to agents, such as goal misalignment, reward hacking, infinite looping, and insecure tool execution (e.g., an agent executing a command that exceeds safety limits)
- Secure Agent Architecture & Safety Boundaries: Design secure-by-default architectures for autonomous agents. Crucially, this involves defining deterministic safety guardrails that sit between the probabilistic AI model and the physical hardware controls. Ensure "Zero Trust" applies to the agent—it should only have the minimum permissions needed to adjust specific parameters
- Secure Agent Tools & Memory: Architect security controls for the "tools" the agent uses (APIs to read sensors or change settings) and the agent's long-term memory. Ensure the agent cannot be manipulated into using a tool to perform unauthorized actions or "poisoned" via its memory context
- MLSecOps for RL Pipelines: Secure the training and simulation pipelines used for Reinforcement Learning. Ensure the integrity of the simulation environments (Digital Twins) used to train agents, preventing attackers from influencing agent behavior during the training phase
- Adversarial Testing & Red Teaming: Lead AI Red Teaming exercises focused on behavioral manipulation. Can you trick the agent into making a suboptimal decision? Can you manipulate the observations the agent receives?
- Incident Preparedness: Develop incident response playbooks tailored for autonomous systems, focusing on "Kill Switches" and rapid rollback capabilities in the event of rogue agent behavior
- Cross-Functional Partnership: Build strong relationships with the Agentic AI researchers, SREs, and Data Scientists. Act as an enabler who helps them deploy powerful agents safely, rather than a blocker
Requirements:
- Proven understanding of the security risks associated with Reinforcement Learning, Autonomous Agents, or automated decision-making systems
- Demonstrated experience working embedded with AI system developers and researchers
- 5+ years of work experience in product security, application security, or a closely related security engineering role
- You understand that in physical systems, 'Availability' and 'Safety' often outrank 'Confidentiality.'
- Strong programming experience, ideally with Python (essential for ML/AI ecosystems) or Go
- Familiarity with agent frameworks (e.g., LangChain, AutoGPT) or RL libraries (e.g., Ray RLLib)
- Proven experience securing Cloud infrastructure (GCP) and Kubernetes
- Deep understanding of Authentication & Authorization (specifically non-human identities/workload identity)
- Direct, hands-on experience securing MLOps tooling (e.g., Kubeflow, MLflow) and deep understanding of securing complex data and model-training pipelines
- Experience working with systems that interface with the physical world (IoT, Robotics, ICS/OT)
- Experience using mathematical methods to prove that an AI model or agent will not violate specific safety constraints
- Experience securing simulation environments (Digital Twins) and managing the security risks of transferring policies from simulation to the real world
- Ability to test industrial protocols (e.g., Modbus, BACnet) for robustness against automated or adversarial inputs
- Familiarity with emerging standards like the NIST AI RMF or ISO 42001
- Experience securing 'closed loops' or control systems where latency and reliability are critical
- Relevant advanced certifications, such as GICSP (Global Industrial Cyber Security Professional), ISA/IEC 62443 Cybersecurity Expert, NVIDIA Agentic AI, OSEP (Offensive Security Experienced Penetration Tester), CISSP, or OSCP