Key skills
AIMachine LearningGenerative AIGenAIOpenAIAnthropicRAGAgenticRisk ManagementPrototypingCollaborationOWASPPenetration Testing
About this role
Netflix is a company dedicated to entertaining the world through innovative storytelling and technology. They are seeking a talented L5 Security Engineer specializing in Generative AI Security to enhance their workforce security by identifying and managing risks associated with GenAI threats, while developing scalable security controls and collaborating with internal partners.
Responsibilities:
- Identifying and mitigating GenAI threats
- Educating stakeholders
- Providing direct security support to internal partners
- Evaluating the security posture of third-party GenAI products and their integration with internal/external systems
- Conducting risk-based security assessments
- Developing hardening guides and remediation strategies
- Performing technical validation via threat modeling, penetration testing, code review, and control-based attestation using Third Party Risk Management techniques
- Scaling the team’s security capabilities by prototyping new tooling
- Leveraging GenAI for security automation
- Performing build-vs-buy evaluations
- Translating complex technical risks into clear business risks for stakeholders
- Informing trade-off decisions
- Standard business-hours support for the Workforce Security Operations
- Infrequent 24/7 Incident Response participation
Requirements:
- Ability to learn and spin up rapidly on quickly evolving GenAI solutions and security concerns
- Some exposure to commercially available GenAI solutions related to search (RAG) and low-code/no-code agentic solutions from major AI 3rd party vendors. Any of: Anthropic, OpenAI, Google, Microsoft
- High-level understanding of Machine Learning/AI fundamentals and architecture, including MCP, A2A, and LLMs
- High-level understanding of GenAI Governance
- GenAI threat taxonomy knowledge - OWASP GenAI Top 10
- Threat Modeling/Penetration Testing/Code Review/Code Comprehension Skills
- Familiarity with modern GenAI development tools and techniques
- Familiarity with Third-Party Risk Management (TPRM) methodologies
- Scripting (must be able to script, not to production level, and use of GenAI is sufficient)
- Autonomously drives work delivery (bias to action)
- Cross-functional collaboration skills
- High-level familiarity with the functionality of commercially available corporate security tooling in the areas of endpoint, identity, data, and vendor security
- Ability to navigate ambiguity by taking strategic goals and decomposing them into actionable project plans
- Using measurement and metrics to drive decision-making and outcomes