AI Security Engineer

Job Description

Job Description

About InvoiceCloud :

InvoiceCloud is a fast-growing fintech leader recognized with 20 major awards in 2025, including USA TODAY and Boston Globe Top Workplaces, multiple SaaS Awards wins for Best Solution for Finance and FinTech, and national customer service honors from Stevie and the Business Intelligence Group. Judges also highlighted our mission to reduce digital exclusion and restore simplicity and dignity to how people pay for essential services, as well as our leadership in AI maturity and responsible innovation. It's an award-winning, purpose-driven environment where top talent thrives. To learn more, visit InvoiceCloud.com.

Job Details:

We are seeking a highly skilled and results-oriented AI Security Engineer to support the Cybersecurity, Engineering, and Data Science organizations. This role plays a critical part in advancing InvoiceCloud's AI-first strategy by ensuring that AI/ML and generative AI systems are secure, resilient, compliant, and aligned with business objectives.

This is role operates as a subject matter expert in AI security. The ideal candidate brings deep expertise in application security, AI/ML risk, and cloud-native security engineering, and serves as a trusted partner to Engineering, Product, DevSecOps, Legal/Privacy, and Security Operations. Success requires strong ownership, structured problem solving, cross-functional collaboration, and the ability to balance risk reduction with business velocity.

Success Profile:

This role is anchored in our company's core competencies—These competencies reflect the mindsets and behaviors that define success in this role. We outline how each competency translates into real-world actions and outcomes specific to this role.

Results Driven

• Leads AI Security Architecture & Secure Design initiatives by designing and implementing lifecycle security controls across data ingestion, training, evaluation, deployment, and monitoring environments to measurably reduce AI-specific risk while maintaining product velocity.
• Conducts structured Threat Modeling & Risk Assessment exercises for generative AI, RAG, and agent-based systems, evaluating risks such as prompt injection, data poisoning, model extraction, model inversion, abuse/misuse, and data leakage, and mapping findings to OWASP Top 10 for LLM Applications, MITRE ATLAS, and NIST AI RMF to drive remediation through engineering teams.
• Defines and operationalizes Monitoring, Detection & Incident Response capabilities for AI systems by implementing prompt and output telemetry, tool-call logging, anomaly detection, and AI-specific incident response playbooks integrated into SIEM/SOC workflows.
• Delivers measurable outcomes aligned to 30-, 150-, and 210-day milestones, including secure reference architectures, hardened AI environments, integrated security controls, and executive-ready reporting on AI risk reduction and posture maturity.

Takes Ownership

• Establishes and formalizes AI Governance, Privacy & Third-Party Risk requirements by defining security expectations for AI use cases, third-party models, vendor integrations, and sensitive data usage, embedding controls into SDLC, procurement, and engineering standards.
• Drives Cross-Functional Collaboration & Enablement by partnering with Engineering, Data Science, DevSecOps, Product, Legal/Privacy, and SOC teams to align on risk appetite, escalation paths, and secure design guardrails while raising AI security maturity across the organization.
• Inventories current and planned AI/ML initiatives, documents system architectures and sensitive-data touchpoints, and implements a structured AI security intake and risk-rating process that ensures accountability and transparency.
• Develops and communicates forward-looking 6- and 12-month AI security maturation plans that align technical priorities with business goals and clearly articulate risk trends, metrics, and investment needs to Security leadership and the CISO.

Drives Efficiency

• Integrates Secure MLOps / MLSecOps controls into AI delivery pipelines, including secure model registries, artifact signing and provenance validation, dependency scanning, secrets management, CI/CD guardrails, and hardened training and inference environments across AWS and Azure.
• Builds and scales AI Security Testing & Red Teaming workflows by creating repeatable adversarial evaluation plans for jailbreaks, model evasion, prompt injection, and data exfiltration scenarios, ensuring security controls remain effective over time.
• Develops automated regression test harnesses to continuously validate AI security protections as models, prompts, and dependencies evolve, reducing manual effort and improving coverage.
• Establishes a sustainable AI security operating rhythm that includes intake reviews, threat modeling checkpoints, remediation tracking, and structured monitoring ownership to bring consistency and order to AI risk management

Innovative

• Advances AI Security Testing & Red Teaming capabilities through adversarial experimentation and multi-dimensional analysis, proactively identifying emerging AI threat patterns before production impact.
• Leverages AI and automation to strengthen testing coverage, automate regression validation, enhance anomaly detection logic, and improve the scalability of AI security monitoring and response.
• Continuously evaluates emerging AI security research, tooling advancements, and regulatory developments, translating insights into adaptive defensive controls that support InvoiceCloud's AI-first strategy while enabling responsible innovation.

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, Engineering, Data Science, or related field (or equivalent practical experience).
• 5+ years of experience in security engineering, application/product security, cloud security, or DevSecOps.
• 2+ years of experience building or securing AI/ML systems (including LLM-based applications) in production environments.
• Strong understanding of AI/ML threats and defenses, including prompt injection, data poisoning, model extraction, model inversion, adversarial inputs, data leakage, and abuse/misuse scenarios.
• Experience integrating security into CI/CD and MLOps pipelines.
• Proficiency with cloud platforms (AWS and Azure), container security, IAM, network segmentation, key management, and secrets management.
• Familiarity with industry guidance such as OWASP GenAI/Top 10 for LLM Applications, MITRE ATLAS, and/or NIST AI RMF preferred.
• Relevant certifications such as CISSP, CSSLP, CCSP, Azure Security certifications, or GIAC certifications preferred.

Base salary is one component of total compensation. Employees may also be eligible for an annual bonus or commission. Some roles may also be eligible for overtime pay. The above represents the expected base compensation range for this job requisition. Ultimately, in determining your pay, we'll consider many factors including, but not limited to, skills, experience, qualifications, geographic location, and other job-related factors.

Base Compensation Range

$160,000—$180,000 USD

InvoiceCloud is committed to providing equal employment opportunities to all employees and applicants. We do not tolerate discrimination or harassment of any kind based on race, color, religion, age, sex, nationality, disability, genetic information, veteran or military status, sexual orientation, gender identity or expression, or any other characteristic protected under applicable laws.

This commitment applies to all aspects of employment, including recruitment, hiring, placement, promotion, termination, layoff, recall, transfer, leave, compensation, and training.

If you require a disability-related or religious accommodation during the application or recruitment process, and wish to discuss possible adjustments, please contact [email protected].

Click here to review InvoiceCloud's Job Applicant Privacy Policy.

For recruitment agencies: InvoiceCloud does not accept unsolicited resumes from agencies. Please do not forward resumes to our job aliases, employees, or any other company location. InvoiceCloud is not responsible for any fees associated with unsolicited submissions.