AI Security Engineer

The AI Security and Compliance Engineer is responsible for working with development and compliance teams to ensure secure and compliant AI development throughout the product lifecycle. The engineer applies knowledge of AI and application security risks and threats to design and implement appropriate, cost-effective security controls during development, deployment, and operation of AI based applications. The engineer defines and promotes the implementation guidelines for data classification, segregation, and access controls to AI model inputs and training data to ensure data confidentiality and privacy for different data sources and user groups. The engineer performs audits and vulnerability assessments, penetration testing and supports mitigation of findings.

Key Responsibilities:

• Ensure AI products have security and privacy by design.
• Establish and document policies and guidelines for data classification and data used for training to prevent leaks of sensitive data.
• Work with development and compliance teams to ensure secure and compliant AI development throughout the product lifecycle to meet customer, regulatory, and contractual obligations.
• Monitor and audit AI systems and development processes for compliance with policies, regulations and contractual obligations.
• Monitor and respond to security incidents involving AI systems.
• Create AI-specific incident management procedures to address AI related security incidents.
• Enhance the resilience of AI systems against potential threats by implementing cyber security best practices, controls, and tools to protect AI models from threats such as those in the OWASP AI Top Ten, including supply chain and model poisoning threats and attempts to access, modify, and exfiltrate confidential information via the query interface.
• Establish policies and guidelines for access controls, limitations and guardrails on usage and prompts for AI inputs and API’s.
• Ensure proper access controls on API’s and processing pipelines, and segregation of data.
• Create, update, and maintain threat models for a wide variety of software projects.
• Provide AI security training for internal development teams.
• Maintain current knowledge of AI risks, threats, and AI testing tools and techniques.
• Perform other duties to support the technical and operational security of the organization as required.

Qualifications:

• Bachelor’s degree in an IT related field or equivalent experience and 2-5 years of experience in working in IT security, software development, or AI development.
• Desired certifications – one or more of the following: CISSP (Certified Information Systems Security Professional), Certified Information Security Manager (CISM), SSCP (Systems Security Certified Practitioner), CCSP (Certified Cloud Security Professional) or CompTIA Security+.
• Understanding of Application Security and Data Security for applications and AI, such as the OWASP Top 10 and the OWASP Top 10 for Generative AI.
• Proficiency in and strong working knowledge of AI technologies and models such as Llama and ChatGPT.
• Experience and understanding of threats and risks related to web applications and API’s, particularly with AI based applications.
• General knowledge of security implications of threats and vulnerabilities related to networks, servers, operating systems, applications, and databases.
• Experience with vulnerability management, patching, and mitigation assessment.
• Experience working within and implementing policies for a security framework such as ISO 27001 and NIST.
• Flexibility to work off-hours to support global project teams and maintenance windows.
• Ability to support 24x7 on-call for incident response on a rotating basis.
• Experience developing software, scripting and using SQL queries to automate controls, processes and reporting.

Competencies:

• Strong analytical problem-solving skills and attention to detail.
• Organization, Time Management & Prioritization - Self-starter that focuses on key priorities; plans, organizes, schedules and executes on tasks and projects in an efficient and productive manner.
• Ability to form productive relationships across the organization to accomplish information security objectives.
• Ability and willingness to learn all aspects of the information security field.
• Professional verbal and written communication skills in English.
• Expresses ideas using clear, effective and efficient language. Listens patiently and attentively. Adapts to the purpose of the communication with appropriate style, substance, detail, confidence and channel. Possess the ability to manage multiple channels of communication simultaneously; phone, email, tickets, and chat.
• Able to assess, document, and prioritize identified security flaws and vulnerabilities based on risk.

Total Rewards

Our Total Rewards offerings are designed to allow our employees to take care of themselves and their families so they can be their best, in and out of the office.

Our compensation packages are tailored to each role and candidate's qualifications. We consider a wide range of factors, including skills, experience, training, and certifications, when determining compensation. We aim to offer competitive salaries or wages that reflect the value you bring to our team. Depending on the position, compensation may include base salary and/or hourly wages, incentives, or bonuses.

• Medical 🩺 - Medical insurance coverage is available for employees, their spouse, and up to two dependent children with a limit of 500,000 INR, as well as their parents or in-laws for up to 300,000 INR. This comprehensive coverage ensures that essential healthcare needs are met for the entire family unit, providing peace of mind and security in times of medical necessity.
• Group Term & Group Personal Accident Insurance 💼 - Provides insurance coverage against the risk of death / injury during the policy period sustained due to an accident caused by violent, visible & external means.
  • Coverage Type - Employee Only
  • Sum Insured - 3 times of annual CTC with minimum cap of INR 10,00,000
  • Free Cover Limit - 1.5 Crore
• Work-Life Balance ⚖️ - 15 days of Privilege leaves per calendar year, 6 days of Paid Sick leave per calendar year, 6 days of Casual leave per calendar year. Paid 26 weeks of Maternity leaves, 1 week of Paternity leave, a day off on your Birthday, and paid holidays
• Financial Security💰 - Provident Fund & Gratuity
• Wellness 🤸‍ - Employee Assistance Program and comprehensive wellness initiatives
• Growth 🌱 - Access to ongoing learning and development opportunities and career advancement

At Nextiva, we're committed to supporting our employees' health, well-being, and professional growth. Join us and build a rewarding career! 

Established in 2008 and headquartered in Scottsdale, Arizona, Nextiva secured $200M from Goldman Sachs in late 2021, valuing the company at $2.7B.To check out what’s going on at Nextiva, check us out on Instagram, Instagram (MX), YouTube, LinkedIn, and the Nextiva blog. 

#LI-RQ1 #LI-Hybrid