Security Architect - AI & Cloud Security

Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Application Security Architecture and Design
Good to have skills : NA
Minimum 7.5 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary:
The AI Security Engineer is a hands on technical role dedicated to securing the AI systems, models, and pipelines that power products. This role partners with product engineering, platform, governance, and information security teams to identify, assess, and mitigate risks that are unique to large language models, retrieval augmented generation, agentic workflows, and the broader AI supply chain.
As a member of the AI Security organization, this role owns the applied AI security practice building the tooling, threat models, red team exercises, and developer guidance that enable to ship AI powered features safely and responsibly. The AI Security Engineer operates at the intersection of offensive research, defensive engineering, and policy, translating the rapidly evolving AI threat landscape into concrete, measurable controls.

Roles & Responsibilities:
- Perform threat modeling and security reviews of AI features, including LLM enabled applications, RAG systems, inference pipelines, and agentic workflows.
- Identify AI specific attack surfaces, prompt injection, insecure output handling, sensitive data exposure, excessive agency, and supply chain risk and drive mitigations to closure.
- Assess the security and privacy risk of third party AI vendors, foundation models, configurations, and ML libraries in partnership with the governance team.
- Design and execute red team exercises against internal AI systems, covering prompt injection, jailbreaks, model extraction, data poisoning, and tool/agent abuse scenarios.
- Document findings, reproduce failure modes, and collaborate with engineering teams to implement durable fixes.
- Continuously evolve adversarial test cases as models, prompts, and deployment architectures change.
- Define and evolve secure by default patterns for prompt construction, tool use, retrieval, output handling, and model deployment.
- Mitigate risks specific to agentic systems where LLM outputs may be piped directly into shell commands, database queries, or MCP parameters, establishing trust boundaries, input/output validation, and least privilege tool access.
- Publish and maintain reference implementations and guardrail libraries that engineering teams can adopt with minimal friction.
- Build automated AI security tooling evaluation harnesses, guardrail testing, model scanning, and prompt scanning and integrate it into the release harness.
- Instrument CI/CD pipelines to detect insecure prompt patterns, over permissioned tool configurations, and policy violations before production deployment.
- Evaluate and adopt open source and commercial AI security tooling where appropriate (e.g., Garak, PyRIT, Promptfoo).
- Partner with the broader product and information security team on detection, containment, and post incident review for AI related security events.
- Serve as a subject matter expert during AI security incidents, providing rapid triage guidance and root cause analysis.
- Contribute to internal AI usage policies and secure development guidance, ensuring they reflect current threat intelligence and are actionable for engineering teams.
- Coach product and ML engineers on safe AI development practices through design reviews, office hours, and training materials.
- Track the evolving AI threat landscape OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF and translate new findings into prioritized, actionable controls

Professional & Technical Skills:
-Exp in in security engineering or application security, with demonstrated hands on focus on AI/ML systems.
- Direct experience assessing LLM based applications for prompt injection, insecure output handling, sensitive data exposure, and excessive agency.
- Proficiency in Python and ability to build security automation, evaluation scripts, and prototype tooling.
- Working knowledge of modern AI/ML stacks (e.g., OpenAI/Anthropic APIs, LangChain/LlamaIndex, vector databases) and at least one major cloud platform.
- Familiarity with AI security frameworks including OWASP LLM Top 10, MITRE ATLAS, or NIST AI RMF.


Additional Information:
- The candidate should have minimum 7.5 years of experience in Application Security Architecture and Design.
- This position is based at our Hyderabad office.
- A 15 years full time education is required.