Senior security engineer focused on securing AI/agentic infrastructure, LLM/RAG systems, identity for non-human workloads, and cloud/K8s platforms. Requires 9+ years experience and strong scripting skills.
190k – 290k/yr
Remote9+ YOESecurity Engineering
About the role
Responsibilities
Design, deploy, and operate security controls for Dropbox’s AI and agentic infrastructure, including model gateways, inference services, vector stores, retrieval systems, and supporting cloud and Kubernetes platforms.
Implement least-privilege and secure-execution patterns for AI agents, including per-tool authorization, sandboxing, human-in-the-loop approvals for high-impact actions, and separation of policy validation from execution.
Lead security implementation for AI tool and agent connectivity layers, including MCP gateway deployments, with controls for OAuth-based authorization, scope minimization, token audience validation, origin validation, replay protection, and secure isolation between trusted and untrusted tool domains.
Deploy, build, and/or operate security infrastructure solutions to help scale and raise the security bar for Dropbox’s on-prem and cloud infrastructure.
Automate security controls using scripting to eliminate redundant work and minimize need for human involvement.
Collaborate with cross functional teams and lead security initiatives to influence product decisions and enhance security posture.
Requirements
9+ years of Security experience or related industry experience, demonstrating impactful contributions to security strategies.
Bachelor's degree in Computer Science, Information Security, or related field, or equivalent experience, with coding proficiency.
Experience securing LLM, RAG, or agentic AI systems in production, with hands-on implementation of controls for prompt injection, sensitive-data disclosure, excessive agency, data or model poisoning, and AI supply-chain risk.
Experience designing identity and authorization for non-human workloads and agents using technologies such as SPIFFE/SPIRE, OAuth 2.1 or OIDC, AWS IRSA, Google Workload Identity Federation, Azure managed identities, or equivalent patterns.
Integrate adversarial testing and release gates for AI systems into CI/CD, including regression coverage for prompt injection, tool abuse, memory poisoning, approval bypass, and multi-agent escalation scenarios.
Solid knowledge of Linux fundamentals including system administration, security, networking, scripting, and troubleshooting.
Proficiency using one or more scripting or high-level languages to automate tasks, manipulate data, or build small systems e.g. Bash, Python, Go, Rust, Ruby, NodeJS, C/C++, Java.
Preferred Qualifications
Experience securing MCP-based systems or similar AI agent and tool protocols.
Experience with multi-agent security controls such as trust boundaries, signed inter-agent messaging, and circuit breakers.
Familiarity with NIST AI RMF, NIST SP 800-218A, MITRE ATLAS, CSA AICM, and OWASP LLM and agentic security guidance.
Experience with security tools such as Teleport, CrowdStrike, Proofpoint, IPS/IDS, SIEM or SOAR.
Certifications such as CISSP, CISM, or equivalent.
Lead a team of security engineers scaling secure-by-design practices across application, infrastructure, offensive, and product security. Partner with engineering and risk leaders to reduce systemic risk and improve security posture of customer-facing products and cloud-native services.
Lead and mature security engineering programs across enterprise security, security operations, and detection engineering. Manage a team of security professionals while building proactive controls, improving detection/response, and driving cross-functional risk reduction initiatives.
191k – 264k/yr
Remote8+ YOESecurity Engineering
Senior Security Engineer, AI Security
RedditUnited States
Senior Security Engineer responsible for threat modeling and securing Reddit's AI-powered products, LLMs, and agentic workflows. Build reusable security primitives, guardrails, scanners, and platform controls while partnering with AI product teams. Requires 5+ years in application/product security plus familiarity with LLM/agent risks.
191k – 267k/yr
Remote5+ YOESecurity Engineering
Security Engineer - Product
CardlessSan Francisco, CA
Lead product security for a fintech credit card infrastructure platform. Own API security, auth strategy, fraud primitives, secure SDLC, and compliance for partner-facing services. Hands-on engineering role reporting to Head of Engineering.
190k – 260k/yr
On-site7+ YOESecurity Engineering
Senior Application Security Engineer
ApolloUnited States
Senior individual contributor responsible for strengthening Apollo's secure software development lifecycle, performing application security reviews, threat modeling, vulnerability management, and AI security for product, platform, and AI-powered features.