Ekman Associates, Inc.Remote
Sr. Product Security Engineer
United States of America
Full Time
1 hour ago
Visa Sponsor
Key skills
Product SecurityApplication SecurityDevSecOpsSecurity of LLMs and AI AgentsSecurity AutomationSASTSCADASTCI/CD PipelinesSTRIDE Threat ModelingKubernetesContainersCloud Service ProvidersAI GatewaysModel OrchestrationAIArtificial IntelligenceMLLangChainLlamaIndexAgenticDatabricksK8sKongSDLCCI/CDLeadershipCollaboration
About this role
Ekman Associates is a management consulting firm that specializes in developing business, digital, and technology strategy. They are seeking a Sr. Product Security Engineer to lead the protection and defense of digital applications and product ecosystems, focusing on securing artificial intelligence technology against cyber threats.
Responsibilities:
- Help the team establish, lead, and execute multi-year roadmaps to mature AI security, drawing upon cross-functional partnerships to deliver security posture reviews on a repeatable basis and review new AI systems as they're developed
- Conduct application and product security evaluations and lead AI security assessments in a cross-functional environment, driving finding remediations
- Secure AI Development Lifecycle: Procure and/or build technical solutions to embed automated security checks into the AI SDLC and ML-Ops
- AI Threat Modeling: Threat model complex Agentic and AI systems and design security requirements collaboratively with developers, architects, and business stakeholders
- Code Analysis: Review code for security bugs in the context of AI-driven systems
- GRC: Provide leadership for AI Security policies and standards in collaboration with technology risk
- AI/Agent SME: Provide AI/Agent subject matter expertise for AI Incidents and Security Reviews, and help develop incident response playbooks for AI-related security incidents; and
- Assist in the formation of an AI Center of Excellence (ACE)
Requirements:
- 10+ years experience in product security, application security, and/or DevSecOps
- You have strong knowledge of security of safety risks of LLMs and AI Agents
- You have 5+ Years of experience automating security checks, including SAST, SCA, and DAST, directly into CI/CD pipelines
- Extensive experience with STRIDE or other threat modeling frameworks
- You have knowledge and experience with technologies including K8s, Containers, CI/CD, and CSPs
- Familiarity with function and purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (Examples LangChain, LlamaIndex, etc.)