Product Security Engineer securing embedded products, firmware, and industrial components at Rockwell Automation. Focused on firmware security, secure architecture, and secure development lifecycle practices.
About the role
- AI Security Engineer at Cross River designing secure AI systems to protect customer data and meet regulations. Focusing on scalable guardrails and tools for innovative financial technology.
Responsibilities
- Design enterprise AI guardrails across Azure and AWS (e.g., Azure AI Studio/Azure OpenAI, Amazon Bedrock/SageMaker): content filtering, PII redaction, prompt/response validation, and policy enforcement services.
- Implement data minimization controls for GenAI/RAG workloads: context filtering, least‐privileged retrieval, document-level ACL enforcement, vector store hardening, and secure token/secret handling.
- Threat model AI systems (apps, agents, RAG, fine-tuning pipelines) using frameworks like STRIDE and the OWASP Top 10 for LLM Apps; define misuse scenarios (prompt injection/jailbreaks/data exfiltration) and build mitigations.
- Build monitoring and telemetry: privacy-preserving prompt/response logging, sensitive-data detection, safety/eval dashboards, drift/abuse signals, and incident hooks into our SIEM.
- Integrate AI security into the SDLC: reusable libraries, pre-commit checks, CI/CD gates, policy-as-code, and secure-by-default reference architectures for product teams.
- Evaluate third‑party AI vendors and internal apps: security reviews, data residency and retention requirements, SSO/SCIM integrations, DPA/TPRM inputs, and continuous control testing.
- Partner across Security, Data, Privacy, and Engineering to map AI controls to FFIEC, SOC 2, and PCI DSS; document control evidence for audits.
- Lead/participate in AI red‑teaming: automated jailbreak/prompt‑injection tests, safety benchmarks, purple‑team exercises, and response playbooks for AI incidents.
- Enable the org with concise guidelines, examples, and training on safe AI development and usage.
Requirements
- 5+ years in Security Engineering/AppSec/Cloud Security (or similar), including 1–2+ years securing AI/ML or data‐intensive systems (GenAI preferred).
- Hands‐on experience with AWS and/or Azure and modern app stacks (Python/TypeScript, REST/gRPC, containers/Kubernetes, IaC such as Terraform).
- Practical understanding of LLM attack surfaces (prompt injection, data leakage via tools, training/fine‑tune poisoning, model supply chain) and mitigation patterns.
- Familiarity with identity and access for AI workloads (OAuth2/OIDC, service principals, role tokens, PIM), and secure secret management/KMS.
- Experience implementing observability/telemetry and routing findings to SIEM; comfort balancing privacy with traceability.
- Ability to translate controls into developer-friendly libraries, docs, and CI/CD checks; strong written communication in English and Hebrew.
- Comfort working in a regulated environment and mapping controls to frameworks (FFIEC, SOC 2, PCI DSS).
Benefits
- Flexible hybrid work model: three days a week at our Jerusalem office
- Monthly wellness reimbursement – from therapy to gel manicure, it's up to you
- Full Keren Hishtalmut, private health and dental insurance
- Volunteer days, donation matching, Yoga and Pilates
- A supportive, collaborative culture that puts our people first
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Cybersecurity Consultant leading IT - Security projects for SMBs and key accounts in Germany. Responsibilities include project planning, client advisory, and technical implementation.
Security Content Engineer at Securonix building analytics content and threat detection models for their SIEM platform. Collaborating with the Detection Engineering team to combat advanced cyber threats.
IT Infrastructure and Security Administrator for a dynamic construction company ensuring IT security and infrastructure optimization. Responsibilities include project planning, team collaboration, and monitoring security incidents.
Red Team Security Consultant conducting complex Red - Team operations, including technical attacks and security checks for various clients. Collaborating with clients to enhance security measures and reporting findings effectively.
(Senior) Consultant SAP Security managing security for modern SAP infrastructures and cloud platforms. Collaborating with clients for SAP system security strategies and implementations.
Senior IT Consultant SAP - Security implementing tailored SAP security solutions and compliance measures. Collaborating on enhancing security policies and advising on IT projects.
Senior Cybersecurity Consultant managing IT - Security projects for medium - sized companies and key accounts. Consulting, technical implementation, and acting as a trusted advisor throughout all project phases.
Tech Lead - Information Security role at Ameriprise India, focusing on OWASP vulnerabilities and code remediation. Collaborating with teams to ensure secure and high - quality applications.
Managing Consultant leading the planning and execution of cybersecurity assessments for federal clients. Responsible for managing a team and ensuring compliance with security policies and regulations.