Making the software supply chain secure by default.
Senior Security Engineer – AI Platform
Location
Canada
Posted
4 days ago
Salary
0
Seniority
Senior
Job Description
Senior Security Engineer – AI Platform
Chainguard
• Continuously monitor Claude and ChatGPT product roadmaps, release notes, and vendor communications to anticipate platform changes before they land • Translate upcoming features into proactive configuration, policy, and enablement decisions not reactive scrambles • Maintain active relationships with Anthropic and OpenAI account teams; flag ToS updates, data processing agreement changes, and acceptable use policy shifts before they become surprises • Provide expert-level administration of AI console environments across both platforms • Manage Claude and ChatGPT organizational settings files using Git, version-controlled, reviewed, and deployed like the infrastructure they are • Own API key lifecycle management and secrets hygiene for all AI integrations • Manage SSO/SCIM provisioning for AI platforms; ensure access is tight, auditable, and clean • Develop token tracking and financial dashboards so leadership actually knows what AI costs us by team, by use case, by month • Build anomaly detection on AI spend; if something spikes, you catch it before accounting does • Produce regular usage trend reports and ROI framing for leadership that goes beyond "we use AI a lot" • Build and maintain internal MCP servers that extend AI capabilities into our workflows securely • Be the in-house subject matter expert on agentic AI builds such as architecture, risk, failure modes, and the parts that go sideways in ways no one anticipated • Write code. Python and/or TypeScript. AI-augmented is fine (encouraged, even), but you need to own what ships • Identify and mitigate prompt injection risks in internal AI-powered tools • Ensure no sensitive or regulated data (PII, PCI, PHI) flows into AI prompts. Architect the guardrails, not just the policy • Maintain awareness of AI-specific incident response options; when something goes wrong with an AI integration, you're in the room • Serve as IT Engineering's primary liaison to the AI Adoption Committee bringing operational grounding to adoption decisions • Participate actively in the AI Working Group; connect platform capabilities to how the company actually uses them • Partner closely with the Governance & Trust team, who leads AI policy and governance. Your job is to be their technical counterpart by implementing, informing, and flagging issues, not owning the policy itself
Job Requirements
- Outstanding interpersonal skills and team-first mentality
- 5+ years in security engineering, IT engineering, or a DevOps role with meaningful security responsibility throughout
- Hands-on DevOps background: Git-based config management, CI/CD, infrastructure-as-code mindset applied to platform administration
- Direct, hands-on experience administering Claude (Anthropic) and/or ChatGPT (OpenAI) at an organizational level. This isn't a "I use it every day" checkbox; we mean console administration, managed settings, and enterprise controls
- Working knowledge of AI risk factors: prompt injection, data leakage, agentic failure modes, and incident response options when AI systems behave unexpectedly
- Comfortable writing production-quality code in Python and/or TypeScript especially for dashboards, automation, and MCP server development
- Experience with GCP and Cloud native environments
- Familiarity with SSO/SCIM provisioning in SaaS-heavy environments (Okta or similar)
- Strong written communication; you'll be translating technical AI platform changes into clear guidance for non-technical stakeholders regularly
Benefits
- Flexible & Remote-First Culture: Work remotely with team meetup opportunities, bi-annual destination summits, and a monthly stipend for coworking spaces, phone and internet costs.
- Our Approach to Equity: Receive stock options upon hire and promotion. Plus, you can participate in secondary offerings and have 10 years to exercise your options (yes, you read that correctly: 10 years!).
- 100% Covered Health Insurance: We cover 100% of your health, vision and dental insurance premiums for you and your dependents. Nothing comes out of your paycheck.
- ∞ Flexible Time Off: Take the time you need – to do our best work, we need to recharge and reset.
- 18 Weeks Paid Parental Leave: We offer 18 weeks for birthing parents and 12 weeks for non-birthing parents, with the option to use it all at once or throughout your child's first year.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Serve as a trusted vCISO advisor to client organizations, providing strategic cybersecurity leadership and program guidance. • Lead cybersecurity maturity, gap, and risk assessments against frameworks including CMMC, NIST CSF, CIS Controls, HIPAA, ISO/IEC 27001, and related standards. • Develop and enhance client security programs, policies, procedures, governance processes, and risk management practices. • Conduct CMMC readiness assessments, scoping activities, SSP reviews, POA&M development, and remediation planning. • Present findings and recommendations to executive leadership, boards, and technical teams. • Support clients through compliance initiatives and continuous security improvement efforts.
• Design, build, and maintain secure CI/CD pipelines with security gates that catch issues before they reach production. • Systematically, consistently and automatically capture the risk exposure of Chainguards products. • Implement and enforce software supply chain security controls: signed artifacts, SBOMs, provenance attestation (SLSA, Sigstore / Cosign). • Proactively identify emerging customer security needs, and build solutions to meet these. • Lead security architecture reviews and threat models for Kubernetes-based workloads running on GCP and AWS. • Harden container images, Kubernetes cluster configurations, and cloud IAM postures — minimise attack surface across our product stack. • Define and drive adoption of baseline security standards: pod security standards, network policies, workload identity, secrets management. • Evaluate and operationalise CNAPP / CSPM tooling to maintain continuous visibility into cloud-native risk.
• Support security design and installation projects throughout North America • Manage all aspects of the project from initial engagement through project completion, including multiple projects and scopes of work • Identify project schedule, scope parameters, and oversee security design and implementation per client design requirements and standards • Manage early project initiation activities and develop project security scope, schedule, critical deliverables, and requirements • Manage scheduling, status, and tracking of critical project tasks, issues, and deliverables • Prepare, issue, and manage Request for Proposal (RFP) documents for security systems installation scope • Evaluate RFP responses and prepare evaluation reports, to include evaluation criteria, scoring, and recommendation details • Perform security site evaluations of potential client properties and review proposed design concepts • Collaborate with client owner and user group stakeholders to define use cases and verify functional requirements, and produce a security functional specification for the project
• Conduct security control assessments for commercial and government customers to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within a system boundary. • Develop, document and review System Rules of Engagement (ROE), Security Assessment Plans (SAPs) and Security Assessment Reports (SARs). • Conduct kick-off meetings, develop associated schedules and resource plans to complete the assessments. • Responsible for quality control on the assessment and associated deliverables. • Develop practical and risk-based approaches for security control implementation and vulnerability remediation. • Review and provide feedback system boundaries, common controls, the security categorization of information systems, applicable security control baseline based on system categorization. • Review cyber/system/network security body of evidence and documentation for accuracy and completeness. • Lead Post Assessment Meetings with the customer. • Provide Plan of Action and Milestones (POA&M) support to ensure mitigations are completed or the teams are working to mitigate all vulnerabilities in a timely fashion and within customer policy timelines. • Perform continuous monitoring to ensure implemented security controls remain functional throughout the lifecycle of the information system. • Perform other duties as assigned.
