# Staff Security Software Engineer, AI Security

**Company:** [Databricks](https://hotfix.jobs/companies/databricks)
**Location:** Remote
**Role:** Security Engineering
**Experience:** 7+ years
**Skills:** Offensive Security, Ai Security, Prompt Injection, Jailbreaking, Threat Modeling, Python, AWS, Azure, GCP, Llm Security, Adversarial Ml, Red Teaming
**Posted:** 2026-07-08

> Staff Security Software Engineer leading AI red teaming, adversarial testing, architecture reviews, and security tooling development for Databricks' AI/ML platform (Genie, Model Serving, RAG, agents). Requires 7+ years in offensive/AI security, expertise in 2+ AI security domains, Python proficiency, and cloud security knowledge.

## Job Description

## AI Red Team & Adversarial Testing
- Lead AI red team engagements against Databricks' production AI systems, including Foundation Model APIs, Genie and natural language query systems, Model Serving infrastructure, MCP-connected agents, and RAG pipelines.
- Design and execute adversarial attack scenarios: prompt injection, jailbreaking, memory poisoning, cross-tenant data leakage in multi-tenant serving, and sandbox bypasses.
- Develop proof-of-concept exploits for AI-specific vulnerability classes and perform variant analysis to identify the full scope of exposure across the AI platform.
- Contribute to the evolution of the Databricks AI Security Framework (DASF), maintaining and extending the risk taxonomy, control library, and testing methodology as AI capabilities evolve.

## AI Product Security & Architecture Reviews
- Lead comprehensive security architecture reviews for complex AI features: threat modeling agentic workflows, RAG pipelines, multi-model serving chains, and MCP-based tool integrations.
- Partner directly with AI and ML engineering teams to identify security risks early in the design process and define practical, scalable controls.
- Assess and drive resolution of cross-cutting AI security risks: Unity Catalog permission enforcement in AI contexts, inference data isolation, model artifact integrity, fine-tuning pipeline security, and external model API governance via AI Gateway.
- Identify recurring security patterns across AI features; advocate for class-level architectural fixes rather than feature-by-feature point solutions.

## AI Security Tooling & Automation
- Design and build automated AI security testing tooling, including adversarial prompt libraries, agent behavior analysis frameworks, and continuous testing harnesses.
- Build AI-assisted automation that scales security reviews, threat modeling, and vulnerability triage for AI features.
- Develop and maintain security guardrails and enforcement mechanisms: LLM-as-judge review, prompt delimiting, output validation, rate limiting, and audit logging.

## Cross-Team Remediation & Standards
- Set technical standards for how AI security risks are assessed, prioritized, and remediated across the engineering organization.
- Drive cross-team remediation for significant AI security findings, defining fix requirements, validating patches, and ensuring regression coverage in CI/CD pipelines.
- Produce high-quality threat models, security advisories, and post-mortems that inform organizational risk decisions for AI products.

## Mentorship & Community
- Mentor engineers on the AI Security team in adversarial ML techniques, AI threat modeling, and security tooling development.
- Contribute to internal knowledge assets, including training materials, design patterns, and threat model templates, that raise AI security fluency across the engineering organization.
- Represent Databricks in the external AI security community through publications, conference talks, or open-source contributions.

## Requirements
- 7–10 years of combined experience in offensive security, AI/ML security research, or product security engineering, with demonstrated leadership in securing complex systems.
- Subject matter expert in at least two of the following AI security domains: LLM and generative AI security (prompt injection, jailbreaking, training data extraction); AI agent and orchestration security (MCP, memory sharing, multi-agent systems); ML infrastructure and serving security (model serving multi-tenancy risks, training infrastructure security); AI data governance and privacy (fine-grained access control, data residency, inference data isolation).
- Demonstrated ability to design and execute adversarial attacks against production AI systems.
- Deep understanding of AI/ML platform architecture—how models are trained, served, and integrated, and where the trust boundaries between components lie.
- Expert in at least one major cloud platform (AWS, Azure, GCP) and its AI/ML security model.
- Proficient in Python; able to read and analyze ML model code, training scripts, and API serving code; working knowledge of at least one additional language (Go, Java, Scala, Rust).
- Track record of driving cross-team AI security improvements and influencing product architecture decisions.
- Experience building automated security tooling for AI systems.
- Strong communicator—translates AI security risks into actionable guidance for engineers, product managers, and leadership.
- Pragmatic approach to risk—distinguishes real-world exploitable AI risk from theoretical concerns.

## Nice to Have
- Published research on AI/ML security topics or experience presenting at AI security venues (DEF CON AI Village, NeurIPS workshops, Black Hat).
- Experience with OWASP Top 10 for LLMs, MITRE ATLAS, or similar AI security frameworks.
- Familiarity with MLflow, Unity Catalog, Delta Lake, or Databricks platform internals.
- OSCP or equivalent offensive security certification.
- Academic or research background in machine learning, adversarial ML, or AI safety.

## Similar roles

- [Senior Staff Security Engineer, Vulnerability Management](https://hotfix.jobs/jobs/48bab836-a257-4a63-898d-d884ea8db229) - Zocdoc - Remote - $200k – $290k/yr
- [Staff Software Engineer](https://hotfix.jobs/jobs/bda1fbe8-25da-4d58-8699-ce547f7bdf6e) - Plaid - New York, NY - $222k – $328k/yr
- [Staff+ Application Security Engineer](https://hotfix.jobs/jobs/176eddbe-ab46-4c6b-b459-b97404661b42) - Anthropic - San Francisco, CA - $320k – $485k/yr
- [Staff Security Risk & Compliance Program Manager](https://hotfix.jobs/jobs/69a879b7-e372-4ca2-a954-f0c78526aa69) - Confluent - Remote - $222k – $261k/yr
- [Senior/Staff Infrastructure Security Engineer](https://hotfix.jobs/jobs/b10a4e47-d210-46ca-8e32-a9d8992f41f8) - Abridge - Remote - $214k – $252k/yr

**Apply:** https://hotfix.jobs/jobs/1178f57d-2540-464a-9940-c7f9a782bcb7
**Canonical:** https://hotfix.jobs/jobs/1178f57d-2540-464a-9940-c7f9a782bcb7