[Remote] Staff Information Security Engineer - AI First
Note: The job is a remote job and is open to candidates in USA. Rithum is the world’s most trusted commerce network, accelerating how brands, suppliers, and retailers work together to deliver seamless e-commerce experiences. As a Staff AI-First Information Security Engineer, you will design guardrails for AI-powered products, build automated security tooling, and ensure security controls are in place for an AI-First workforce. This role involves balancing research with fast-paced delivery while collaborating closely with various teams.
Responsibilities
- Act as the bridge between architectural intent and operational reality; mediate conflicts between security requirements and feasible implementation, propose compensating controls where gaps exist and help register, track and remediate residual risks
- Implement preventive, default-on security controls across cloud and enterprise environments, codified as policy- and infrastructure-as-code so security is enforced by design, including controls that govern how AI tools and models may be used
- Implement and enforce identity and access controls to an agreed standard, including access boundaries for AI systems and non-human/agent identities by partnering with Platform Engineering and IT to align tooling and policy to the architecture
- Assist in maintaining the InfoSec risk register; track emerging threats and translate them into actionable guidance for engineering teams
- Support third-party and vendor risk assessments, with a focus on vendors who process data through AI pipelines
- Automate repetitive security workflows (evidence collection, access reviews, alert enrichment) and build or operate AI-assisted security agents — with human-in-the-loop approval gates, least-privilege credentials, and explicit attention to each agent's own blast radius
- Integrate security tooling (SIEM, CSPM, DAST/SAST, vulnerability scanners) with LLM layers to surface actionable insight and automated responses
- Define and enforce security requirements for AI-powered features: model access controls, prompt-injection mitigations, output validation, and data-handling boundaries
- Conduct threat modelling on agentic and LLM-based systems, accounting for novel attack surfaces such as tool misuse, indirect prompt injection, and supply chain risk
Skills
- 5+ years of security engineering experience with demonstrated AI/ML security depth (prompt injection, model supply chain, adversarial inputs, RAG)
- Experience using AI tools (ChatGPT, Copilot, Claude, etc.) and LLM frameworks and APIs (OpenAI, Anthropic, LangChain, or similar) to accelerate and elevate your work
- Hands-on identity and access expertise across modern enterprise and cloud identity stacks, including access models for AI systems and non-human identities
- Infrastructure and policy-as-code (e.g. Terraform, OPA/Rego) and proficiency in a scripting language for automation (Python preferred)
- Cloud security expertise: AWS Solutions Architect / Security Specialty or equivalent demonstrated expertise, including multi-account governance, preventive guardrails, and policy-as-code
- Application security (OWASP Top 10 and the OWASP LLM/GenAI Top 10, secure SDLC) and threat-modelling methodologies (STRIDE, PASTA, or equivalent). Practical experience building or operating AI agents, and integrating security tooling (SIEM, CSPM, SAST/DAST/SCA) so it surfaces action rather than raw alerts
- Working knowledge of SOC 2 and/or ISO 27001 control frameworks
- Experience building or operating AI agents in a production environment
- Awareness of privacy regulation (GDPR/CCPA) as it touches AI including privacy-by-design and DPIAs
- Red teaming or adversarial ML research backgrounds
- Experience implementing privileged-access, key-management, posture-management, or data-protection programs
- Experience with EDR, CASB, DLP, Security automation and SAST, DAST, IAST and SCA tools
- Cloud Architecture or Security certifications (CCSK, TAISE, AWS)
Benefits
- Medical, dental and vision benefits: Affordable health care plans and company HSA contributions, starting on Day 1
- A 6% 401(k) match
- Competitive time off package with 20 days of Paid Time Off, 9 Company-Paid holidays, 2 paid floating holidays, 7 paid sick days, 2 Wellness days, and 1 Paid Volunteer Day; at 3 years of service PTO increases to 22 days, and at 5 years it increases to 25 days
- 12 weeks primary caregiver leave & 4 weeks secondary caregiver leave
- Accident, critical illness, and hospital indemnity insurance
- Pet insurance
- Legal assistance and identity theft insurance plans
- Life insurance 2x salary
- Access to the Calm app and the Employee Assistance Program
- $65/month Remote work stipend for internet
- Culture and team-building activities
- Tuition assistance
- Career development opportunities
- Charitable contribution match up to $250 per year
- Discretionary bonus for non-sales roles
- For this position, the expected discretionary bonus is 12% of the annual base salary.
Company Overview
Company H1B Sponsorship