Key skills
Generative AI SecurityGenAI solutionsMachine Learning fundamentalsAI architectureMCPA2ALarge Language Models (LLMs)GenAI GovernanceGenAI threat taxonomyOWASP GenAI Top 10Threat ModelingPenetration TestingCode ReviewThird-Party Risk Management (TPRM)ScriptingCorporate security toolingEndpoint securityIdentity securityData securityVendor securityAIMachine LearningGenerative AIGenAIOpenAIAnthropicRAGAgenticOAuthRisk ManagementPrototypingCollaborationOWASP
About this role
Netflix is a company dedicated to entertaining the world, and they are seeking a talented L5 Security Engineer specializing in Generative AI Security. This role is critical for identifying and managing risks posed by GenAI threats, focusing on developing scalable security controls and supporting workforce-related GenAI initiatives.
Responsibilities:
- Identifying and mitigating GenAI threats, educating stakeholders, and providing direct security support to internal partners
- Evaluating the security posture of third-party GenAI products and their integration with internal/external systems (via MCP, OAuth, etc.)
- Conducting risk-based security assessments, developing hardening guides and remediation strategies, and performing technical validation via threat modeling, penetration testing, code review (when possible), and control-based attestation using classical Third Party Risk Management (TPRM) techniques
- Scaling our team’s security capabilities by prototyping new tooling, leveraging GenAI for security automation, and performing build-vs-buy evaluations
- Standard business-hours support for the Workforce Security Operations and infrequent 24/7 Incident Response participation
Requirements:
- Ability to learn and spin up rapidly on quickly evolving GenAI solutions and security concerns
- Some exposure to commercially available GenAI solutions related to search (RAG) and low-code/no-code agentic solutions from major AI 3rd party vendors. Any of: Anthropic, OpenAI, Google, Microsoft
- High-level understanding of Machine Learning/AI fundamentals and architecture, including MCP, A2A, and LLMs
- High-level understanding of GenAI Governance
- GenAI threat taxonomy knowledge - OWASP GenAI Top 10
- Threat Modeling/Penetration Testing/Code Review/Code Comprehension Skills
- Familiarity with modern GenAI development tools and techniques
- Familiarity with Third-Party Risk Management (TPRM) methodologies
- Scripting (must be able to script, not to production level, and use of GenAI is sufficient)
- Autonomously drives work delivery (bias to action)
- Cross-functional collaboration skills
- High-level familiarity with the functionality of commercially available corporate security tooling in the areas of endpoint, identity, data, and vendor security
- Ability to navigate ambiguity by taking strategic goals and decomposing them into actionable project plans
- Using measurement and metrics to drive decision-making and outcomes