Protect AI
Senior Product Security Engineer
Protect AI, Seattle, Washington, us, 98127
About Protect AI
Protect AI is shaping, defining, and innovating a new category within cybersecurity around the risk and security of AI/ML. Our ML Security Platform enables customers to see, know, and manage security risks to defend against unique AI security threats, and embrace MLSecOps for a safer AI-powered world. This includes a broad set of capabilities including AI supply chain security, Auditable Bill of Materials for AI, ML model scanning, signing, attestation and LLM Security.
Join our team to help us solve this critical need of protecting AI!
Role
Protect AI is seeking Product Security Engineer to drive product security. This involves working closely with product engineers to instill security best practices and drive forward secure architecture, design and development. You will get opportunity to work closely with Senior Engineering and Security leaders including CTO and CISO.
Responsibilities: Lead "shift left" security efforts to build security into the software development lifecycle. Conduct secure design and architecture reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities. Perform manual and automated security code reviews of source code changes and advise developers on remediating vulnerabilities and following secure coding practices. Oversee penetration testing including running tests and completing reports on key assets prior to launch, managing 3rd party testing programs, and working with engineering to track and confirm all issues are addressed in a timely manner. Manage Protect AI's vulnerability management program. Triage and prioritize vulnerabilities from scans, audits, and bug bounty submissions. Track remediation and validate fixes. Oversee Protect AI's bug bounty program. Set scope, triage submissions, coordinate disclosure with engineering teams, and reward bounties. Coordinate with our huntr bug bounty platform team and foster positive relationships with the ethical hacker community. Research and recommend security tools and technologies to strengthen defenses against emerging threats. Develop and document secure development policies, standards, and response playbooks. Conduct engineering focused security awareness training for engineers. Qualifications: Have 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments. Have empathy, collaboration skills, and a learning mindset to work cross-functionally with engineers of all levels to build security into the product life cycle. Have hands-on experience with application testing tools (SAST, DAST, IAST) and penetration testing suites. Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS. Can use creative and strategic thinking to reduce risk through secure design and simplicity, not just controls. Possess broad security knowledge to connect the dots across domains and identify holistic ways to lower the overall threat surface. Have the ability to distill complex security concepts into clear actions and drive consensus without direct authority. Have a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education. Have strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes. Have experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses. Are passionate for security fundamentals like least privilege, defense-in-depth, and eliminating complexity. AI/ML knowledge is a big plus.
What We Offer:
An exciting, collaborative work environment in a fast-growing startup. Competitive salary and benefits package. Excellent medical, dental and vision insurance. Opportunities for professional growth and development including attending and presenting technical talks at meetups and conferences. A culture that values innovation, accountability, and teamwork. Opportunities to contribute to our open source projects with thousands of Github stars. Work with a team of talented and well-accomplished peers from AWS, Microsoft and Oracle Cloud. Work with best in class tools - M2 Macbook Pro, 34" Monitor, modern tech stack and high quality collaboration tools. No bureaucracy and legacy systems. You are empowered to innovate and do your best work. Incredible downtown Seattle office with 180 degree views of the Puget Sound and high quality video conference systems. Weekly lunch at the office and weekly delivery credits for food delivery services. Complimentary gym access, secure bike parking on-premise and Orca pass.
Protect AI is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Protect AI is shaping, defining, and innovating a new category within cybersecurity around the risk and security of AI/ML. Our ML Security Platform enables customers to see, know, and manage security risks to defend against unique AI security threats, and embrace MLSecOps for a safer AI-powered world. This includes a broad set of capabilities including AI supply chain security, Auditable Bill of Materials for AI, ML model scanning, signing, attestation and LLM Security.
Join our team to help us solve this critical need of protecting AI!
Role
Protect AI is seeking Product Security Engineer to drive product security. This involves working closely with product engineers to instill security best practices and drive forward secure architecture, design and development. You will get opportunity to work closely with Senior Engineering and Security leaders including CTO and CISO.
Responsibilities: Lead "shift left" security efforts to build security into the software development lifecycle. Conduct secure design and architecture reviews and threat modeling. Identify and prioritize risks, attack surfaces, and vulnerabilities. Perform manual and automated security code reviews of source code changes and advise developers on remediating vulnerabilities and following secure coding practices. Oversee penetration testing including running tests and completing reports on key assets prior to launch, managing 3rd party testing programs, and working with engineering to track and confirm all issues are addressed in a timely manner. Manage Protect AI's vulnerability management program. Triage and prioritize vulnerabilities from scans, audits, and bug bounty submissions. Track remediation and validate fixes. Oversee Protect AI's bug bounty program. Set scope, triage submissions, coordinate disclosure with engineering teams, and reward bounties. Coordinate with our huntr bug bounty platform team and foster positive relationships with the ethical hacker community. Research and recommend security tools and technologies to strengthen defenses against emerging threats. Develop and document secure development policies, standards, and response playbooks. Conduct engineering focused security awareness training for engineers. Qualifications: Have 5+ years of hands-on experience in application and infrastructure security, including securing cloud-based and containerized environments. Have empathy, collaboration skills, and a learning mindset to work cross-functionally with engineers of all levels to build security into the product life cycle. Have hands-on experience with application testing tools (SAST, DAST, IAST) and penetration testing suites. Hands-on technical expertise securing complex cloud environments and microservices architectures leveraging technologies like Kubernetes, Docker, and AWS. Can use creative and strategic thinking to reduce risk through secure design and simplicity, not just controls. Possess broad security knowledge to connect the dots across domains and identify holistic ways to lower the overall threat surface. Have the ability to distill complex security concepts into clear actions and drive consensus without direct authority. Have a proactive mindset to thread security throughout the product lifecycle through activities like threat modeling, secure code review, and education. Have strong grasp of offensive security to anticipate risks from an adversary's perspective, not just check compliance boxes. Have experience with modern application stacks, infrastructure, and security tools to implement pragmatic defenses. Are passionate for security fundamentals like least privilege, defense-in-depth, and eliminating complexity. AI/ML knowledge is a big plus.
What We Offer:
An exciting, collaborative work environment in a fast-growing startup. Competitive salary and benefits package. Excellent medical, dental and vision insurance. Opportunities for professional growth and development including attending and presenting technical talks at meetups and conferences. A culture that values innovation, accountability, and teamwork. Opportunities to contribute to our open source projects with thousands of Github stars. Work with a team of talented and well-accomplished peers from AWS, Microsoft and Oracle Cloud. Work with best in class tools - M2 Macbook Pro, 34" Monitor, modern tech stack and high quality collaboration tools. No bureaucracy and legacy systems. You are empowered to innovate and do your best work. Incredible downtown Seattle office with 180 degree views of the Puget Sound and high quality video conference systems. Weekly lunch at the office and weekly delivery credits for food delivery services. Complimentary gym access, secure bike parking on-premise and Orca pass.
Protect AI is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.