Senior AI Defense Engineer

Job Description

Job Description

The Senior AI Defense Engineer is a technical leader responsible for securing AI in a global law firm environment. This role is responsible for setting technical direction, driving delivery, and mentoring colleagues to raise their awareness and capabilities. The role will translate emerging AI threats into practical defenses, guardrails, policy enforcement layers, monitoring and detections, adversarial test automation, and hardened environments that hold up under real attacker pressure.

The role will support a smart-integration, buy-before-build, security strategy. You will evaluate, select, and operationalize commercial Al security solutions that meet stringent legal-sector expectations, including matter confidentiality, ethical walls, client audit requirements, data residency constraints, and contractual information technology service obligations.

Success looks like: The role also enables progress by enhancing and performing commercial AI tool evaluations and approvals, assessing internally developed AI solutions, and responding to growing audit demands with credible evidence of AI cybersecurity protections. Additionally, success includes secure-by-default adopted by engineering teams; adversarial evaluation and assessments that reliably finds issues before production; telemetry and detections that catch abuse early; and an AI security roadmap that stays current with fast-moving technology shifts.

What You Will Be Doing

• Threat Modeling & Risk Assessment - Guide and conduct technical threat modeling for AI/ML systems (neural networks, expert systems, retrieval-augmented generation, classification models, etc.). Identify and document AI-specific threats with emphasis on how vendor controls (gateways, content filters, policy engines, etc.) mitigate prompt injection, data leakage, jailbreaks, and unsafe autonomy. Provide clear, prioritized mitigation guidance to colleagues via vendor configuration standards, reference patterns, and exception processes.
• AI Defense Engineering – Evaluate and operationalize security controls, guardrails, and enforcement mechanisms for AI services (e.g., input/output filters, policy enforcement layers, content safety checks, rate limiting, abuse detection). Enable detections and monitoring for AI-specific attack patterns using logs, telemetry, and model signals. Work with platform teams to secure the integration and operational use of enterprise AI services, including protection of credentials, data flows, storage, and access controls across Copilot and other commercial LLM platforms.
• Adversarial Testing & Red Teaming – Identify and utilize adversarial test suites for AI applications (prompt libraries, fuzzing harnesses, automated attack campaigns). Simulate realistic attacker behavior targeting AI endpoints and agents, capture and track issues as actionable vulnerabilities. Partner with application and product teams to validate fixes, re-test, and track residual risk.
• Tooling & Automation –Ensure AI capabilities are incorporated into the existing and future security stacks (SIEM, SOAR, EDR, WAF, API gateways, identity platforms).
• Incident Response & Forensics for AI Systems - Serve as technical lead for security incidents that involve AI services (e.g., abuse, data exfiltration via AI systems, compromised API keys, poisoned training data). Analyze logs and model behavior to reconstruct attack paths and define durable fixes. Improve playbooks/runbooks and lead post-incident technical reviews.
• Collaboration - Serve as the AI security technical lead with engineering, product, infrastructure, and security leadership. Communicate tradeoffs clearly, align stakeholders, and unblock delivery. Provide technical input into AI security standards and guidelines, staying grounded in implementation and operational constraints along with emphasizing vendor capability fit, maintainability, and total cost of ownership (TCO).
• Roadmap Leadership - Own the technical strategy and roadmap for AI security engineering. Translate threat intelligence and risk assessments into prioritized engineering work, milestones, and measurable outcomes. Lead technical design reviews, set standards for secure AI architecture, and ensure high-quality implementation, supportability, and operational readiness.
• Contributes to the Firm's Service Matters initiative to consistently improve its image internally and externally. Displays professionalism, quality service and a "can do" attitude to internal members/departments of the Firm as well as external clients and vendors via electronic and print correspondence, over the telephone and in-person.

Required Skills
What You Will Bring to This Position

• Practical understanding of ML/AI pipelines: data collection, feature engineering, training, evaluation, deployment, monitoring.
• Strong understanding of how enterprise AI services (SaaS/PaaS) are deployed and governed, including data handling, routing, and isolation controls.
• Experience with at least one major cloud platform (AWS, Azure, or GCP) and modern infrastructure (containers, Kubernetes, secrets management, CI/CD).
• Experience integrating Microsoft AI security and governance capabilities, including Azure OpenAI / Model Catalog, Azure API Management, Microsoft Entra ID, and related Azure-native AI security controls and gateways.
• Familiarity with AI attack patterns and defenses, such as prompt injection and jailbreaks, data/model poisoning, model inversion and membership inference, overreliance/automation bias, and unsafe autonomy in agents.
• Solid security fundamentals: authentication/authorization, network security, data protection, logging/telemetry, secure software engineering practices, vulnerability management.
• Strong understanding of neural network frameworks (e.g., LangChain, Semantic Kernel, LlamaIndex) or agentic/orchestration platforms.
• Experience doing application security reviews or threat modeling for APIs, microservices, or data platforms.
• Familiarity with NIST AI RMF, ISO 42001, ISO 27001, and key privacy/security regulations and third?party assurance artifacts (SOC 2, ISO certifications, pen?test summaries) to support buy decisions.
• Ability to translate complex risks into concrete technical changes (config updates, new controls, guardrails, playbooks) and operational playbooks.
• Demonstrated team leadership or supervisory role is a plus.
• Strong written and verbal communication skills; able to collaborate with data scientists, software engineers, and security teams.

Required Experience

• Typically, 5–10+ years in security engineering, application security, red teaming, threat research, or ML/ML Ops engineering.

Education

• Bachelor’s degree in computer science, information security, or related field; or equitable work experience.
• Certification: ISC2 Building AI Strategy preferred

#zip