Key skills
Security engineeringApplication securityCloud securityIdentityaccess managementDetection engineeringAI securityThreat modelingPrompt injection defenseOAuthSecrets managementRBACABACAuditabilitySecurity architectureIncident responseCompliance frameworksNIST AI RMFISO 42001SOC 2GDPRSOXSCASASTDASTSIEMTelemetry pipelinesSecure software deliveryCross-functional communicationBuilder mentalityOutcome orientationAILLMClaudeRAGAgenticAWSBedrockSaaSSalesforceWorkdayJiraConfluenceCommunicationCloud Security
About this role
Cribl is a leading company building telemetry infrastructure for the AI era, partnering with IT and Security teams at major enterprises. The Staff AI Security Engineer will design and implement security and governance frameworks to enable safe AI adoption across Cribl’s systems and workflows.
Responsibilities:
- AI Security Architecture & Governance: Define, threat model, and operationalize the security architecture for Cribl’s internal AI platform, including standards, controls, approval patterns, and secure-by-design guidance for AI use cases before they scale into production
- Shadow AI Discovery & Remediation: Partner with Business Operations to maintain visibility into AI tools, licenses, API tokens, MCP servers, and ad hoc workflows in use across the company, and monitor for ungoverned or high-risk patterns that require remediation
- MCP Security & Registry Management: Own the framework for vetting MCP servers, maintaining an approved registry, defining risk tiers, and enforcing secure connection patterns as MCP adoption expands across teams
- Secrets, Identity & Token Protection: Establish secure patterns for secrets management, non-human identities, scoped credentials, OAuth-based access, and token governance to enforce least-privilege access and reduce credential exposure in AI builds
- Prompt Injection Defense & Safe Execution Controls: Design and deploy guardrails for prompt injection defense, deterministic validation, human-in-the-loop approvals, and additional controls for high-risk workflows that combine sensitive data, untrusted content, and external action
- AI Telemetry, Detection & Incident Response: Partner on building Cribl as the observability backbone for AI systems, including telemetry pipelines, abuse detection, audit trails, threat hunting, and incident response patterns for AI-specific security events
- Compliance & Customer Governance Readiness: Partner with Cribl’s Compliance team to drive documentation and control readiness for AI-related obligations and customer scrutiny, including NIST AI RMF, ISO 42001, EU AI Act readiness, AI acceptable use standards, and customer-facing AI governance materials
- Secure AI-Assisted Corporate Engineering Enablement: Establish the security controls required for AI-assisted internal development, secure coding practices, secrets management, SCA/SAST/DAST expectations, and review patterns for AI-generated code and workflows
- Risk Metrics & Security Effectiveness: Define and track the metrics that matter most for AI security, including shadow AI exposure, control coverage, incident trends, security review turnaround, and reduction of high-risk patterns as the platform scales across the company
Requirements:
- 7+ years of experience in security engineering, application security, cloud security, identity and access management, detection engineering, or related technical security roles, with a track record of building practical controls that scale
- Strong hands-on experience with modern LLM and agentic systems, including threat models for prompt injection, tool use, model access, RAG, AI coding tools, and API-driven integrations
- Proven experience with OAuth, service identities, secrets management, RBAC / ABAC / scoped permissions, auditability, and secure-by-default architecture patterns
- Experience designing risk-tiered controls, approval models, and protective guardrails that balance innovation with real-world compliance and operational needs
- Ability to operationalize telemetry, define actionable detections, investigate security signals, and build pragmatic response paths for new threat surfaces
- Familiarity with frameworks and customer expectations relevant to enterprise AI governance, including NIST AI RMF, ISO 42001, SOC 2, GDPR, SOX, or adjacent control environments
- Strong written and verbal communication skills, with the ability to simplify risk, controls, and tradeoffs for engineers, business stakeholders, and senior leaders alike
- You are comfortable creating the first version of the registry, the standards, the playbooks, and the guardrails. Ambiguity energizes you
- You care about materially reducing risk while enabling useful AI adoption. You understand that security only works if it is practical enough to be used
- Experience with AI development tools like Claude Code, AWS Bedrock, or similar enterprise AI platforms
- Experience with MCP, skills, API security, gateway technologies, or tool-use architectures for AI agents
- Familiarity with multi-agent workflow design, workflow security patterns, and human-in-the-loop orchestration controls
- Experience with SCA / SAST / DAST, secrets management, SIEM / telemetry pipelines, and secure software delivery controls
- Familiarity with enterprise systems such as Salesforce, NetSuite, Workday, Jira, Confluence, Slack, Google Drive, and Glean, especially where AI workflows introduce differentiated risk
- Experience operating in a high-growth, remote-first B2B SaaS environment
- Comfort partnering closely with Security, IT, GTM Ops, Finance, People, Legal, and Support stakeholders
- Good jokes, or maybe better, bad jokes
- A love for goats