• Leads structured IAM assessment engagements for small and medium-sized businesses across multiple industries, delivering comprehensive current state analysis, future state recommendations, maturity enhancements, and strategic roadmaps • Facilitates discovery sessions to evaluate client environments across IGA, AM, PAM, and Identity Verification (IdV) domains • Develops polished, executive-ready deliverables that address people, process, and technology recommendations • Serves as a trusted advisor during the presales process, identifying and aligning the right IAM services to client needs • Supports clients through vendor selection and helps define a clear path forward for IAM program improvements • Collaborates with internal teams to continuously develop and refine assessment methodology and service offerings • Contributes to thought leadership through development of reusable frameworks, templates, and best practice content • Embraces emerging technologies, including AI tools, to work smarter, solve problems, and drive better business outcomes

• Deliver these offerings to clients across various industries • Join GuidePoint’s elite team to perform engagements, communicate with clients, deliver comprehensive reports, and provide remediation guidance • Contribute to evolving our service offerings in response to emerging threats and client needs

Role Description Establish and operationalize security controls for emerging Artificial Intelligence and Machine Learning capabilities across the enterprise. This role is responsible for embedding security into AI solution design, protecting AI models and data pipelines, and enabling secure adoption of AI use cases across business and technology functions. The role works closely with Digital, Data, AI, Security Architecture, Engineering, and Cyber Defense Operations teams to define secure AI architecture patterns, implement guardrails, and ensure AI platforms operate within client’s cybersecurity, risk, and governance standards. The ideal candidate combines strong cybersecurity engineering capability with practical knowledge of AI platforms, model risks, and enterprise technology integration. What you will do: - AI Security Architecture & Engineering - Define secure architecture patterns for AI and machine learning solutions, ensuring protection of models, training pipelines, inference environments, and supporting data flows. - Establish secure integration patterns for AI services across enterprise applications, APIs, cloud platforms, and data environments. - Review AI solution designs to ensure alignment with enterprise security architecture standards and secure-by-design principles. - Support implementation of secure controls across AI development, testing, deployment, and production environments. - AI Risk Management & Security Controls - Identify, assess, and mitigate AI-specific threats including model poisoning, prompt injection, adversarial attacks, unauthorized model access, data leakage, and misuse of AI outputs. - Define and implement security guardrails for AI model access, API usage, prompt controls, and secure interaction with enterprise data sources. - Establish controls to protect sensitive training data, embeddings, prompts, and inference outputs across AI workflows. - Support validation of third-party AI services and external model integrations from a cybersecurity risk perspective. - Governance, Standards & Responsible AI Enablement - Establish AI security standards, engineering guardrails, and governance practices aligned with regulatory requirements, enterprise risk expectations, and responsible AI principles. - Partner with Digital and AI teams to enable secure AI use cases where security accelerates responsible business adoption rather than acts as a blocker. - Support creation of AI security review checkpoints for new AI initiatives, pilots, and production deployments. - Contribute to enterprise AI security policies, reference architectures, and operational standards. - Operational Security & Monitoring - Collaborate with Cyber Defense Operations to operationalize AI-related detection, monitoring, and response capabilities. - Support development of monitoring use cases for AI misuse, abnormal model behavior, unauthorized access, and suspicious data movement. - Define logging and telemetry requirements for AI platforms to improve visibility and incident readiness. - Support integration of AI platform telemetry into enterprise detection and monitoring tools where applicable. - Cross-Functional Collaboration - Work closely with Security Architecture, Cloud Engineering, Data teams, Application teams, and AI program owners to ensure consistent security adoption. - Support security reviews for AI vendors, AI-enabled SaaS platforms, and internally developed AI capabilities. - Provide technical guidance to project teams on secure AI implementation and operational controls. Qualifications - 5–8 years of cybersecurity engineering or security architecture experience, with exposure to cloud security, data protection, or application security. - Experience working with enterprise AI, machine learning, analytics platforms, or data-driven technology environments. - Practical understanding of AI/ML deployment patterns, APIs, model lifecycle, and enterprise data integration. - Experience with Microsoft Azure AI services, OpenAI integrations, Databricks, or enterprise AI platforms preferred. - Familiarity with emerging AI governance frameworks and responsible AI standards. - Experience with Secure AI controls embedded into enterprise AI initiatives without slowing adoption. - Clear visibility into AI-related cyber risks and mitigation actions and ability to translate emerging AI risks into practical engineering controls. - Practical AI guardrails established for data, model access, and operational use. - Strong alignment between AI innovation, enterprise security, and regulatory expectations. - Security certifications such as CISSP, CCSP, or cloud security certifications preferred. Security Engineering Skills - Strong understanding of cybersecurity controls across cloud, applications, APIs, identity, and data protection. - Familiarity with AI/ML risks including prompt injection, model abuse, data leakage, and adversarial techniques. - Knowledge of secure architecture principles for modern digital and AI platforms. Equal Opportunity Employer AspenView is proud to be an equal opportunity employer. We believe in creating an environment where all employees feel welcome, valued, and empowered to succeed. We celebrate diversity and strive to build a culture of inclusion where all individuals, regardless of their race, color, gender, gender identity or expression, sexual orientation, disability, age, or any other characteristic, can thrive. We encourage applicants from all walks of life to join our team and make a lasting impact.

Role Description We're hiring a Sr Product Security Engineer to do deep, hands-on security testing across BeyondTrust's product portfolio using AI as a force multiplier. You'll use Claude, Codex, and LLM-driven workflows to build threat hunting skills, develop fuzz factory plugins, and perform context-rich penetration testing that goes beyond what scanners and checklists catch. This is a technical role. You'll discover vulnerabilities, build proof-of-concept exploits, validate findings, and work with engineering to remediate them. You'll also partner closely with Security Architects and Cyber Defense to turn offensive findings into defensive mechanisms: detection signatures, monitoring rules, and hardening guidance informed by real exploitation paths you've validated firsthand. Our Product Security organization operates AI-first. You'll leverage Claude and Codex daily to automate repetitive testing workflows, generate targeted fuzz inputs, build custom security tooling, analyze code paths at scale, and produce exploit PoCs faster than manual methods allow. You'll also contribute back to the team by building reusable skills, prompts, and plugins that make everyone's testing more effective. What You’ll Do - AI-Driven Security Testing & Vulnerability Discovery: - Perform deep, context-aware penetration testing of web applications, APIs, endpoint agents, thick clients, identity systems, and cloud-native services. - Use Claude and Codex to analyze code paths, trace data flows, identify attack surfaces, and generate targeted test cases. - Threat Hunting Skills & Fuzz Factory Plugins: - Build AI-powered threat hunting skills and fuzz factory plugins using Claude and Codex. - Develop custom fuzzers that understand product-specific protocols, input formats, and business logic. - Create reusable skills and agent workflows that automate discovery of vulnerability classes. - Proof-of-Concept Exploit Development: - Develop working proof-of-concept exploits for discovered vulnerabilities. - Use Claude and Codex to accelerate exploit development, generate payloads, and validate exploitation chains. - Vulnerability Validation & Remediation Partnership: - Validate vulnerabilities from all sources and confirm exploitability. - Deliver specific fix recommendations to engineering teams. - Cyber Defense & Architect Partnership: - Partner with Cyber Defense and Security Architects to translate offensive findings into defensive capabilities. - Work with Security Architects to identify emerging attack techniques. - Security Tooling & Automation: - Build and maintain AI-driven security testing tooling integrated into CI/CD pipelines. - Develop custom SAST rules and automated validation workflows using Claude and Codex. - Threat Modeling & Secure Design: - Participate in threat modeling exercises alongside Product Security Architects. - Identify abuse cases and map exploitation paths. Qualifications - 5+ years in Product Security, or Penetration Testing with direct hands-on testing and exploit development. - Strong expertise in web application and API security. - Proficiency with penetration testing tools and methodologies. - Hands-on experience using LLM platforms (Claude, Codex, or similar). - Experience building custom security tooling. - Strong understanding of common vulnerability classes. - Experience collaborating with defensive security teams. - Understanding of cloud security fundamentals (preferably AWS) and CI/CD pipeline security. - Strong communication skills. Preferred - Experience building AI-native security workflows. - Background in securing endpoint technologies. - Experience with mobile application security testing. - Familiarity with container security and infrastructure-as-code scanning. - Experience working with bug bounty programs. - Professional certifications such as OSWE, OSCP, GWAPT, GPEN, or equivalent. - Contributions to security research or open-source security tooling. How We'll Measure Success - Consistent discovery of meaningful vulnerabilities with validated PoC exploits. - AI-powered threat hunting skills and fuzz factory plugins actively finding vulnerability classes. - Validated findings include specific, implementable fix recommendations. - Offensive findings translate into measurable defensive improvements. - Reusable skills, prompts, and plugins you build are adopted by the broader Product Security team. - Engineering and security leadership trust your severity assessments. About Us BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organizations with the most effective solution to manage the entire identity attack surface and neutralize threats, whether from external attacks or insiders. BeyondTrust is leading the charge in transforming identity security to prevent breaches and limit the blast radius of attacks, while creating a superior customer experience and operational efficiencies. We are trusted by 20,000 customers, including 75 of the Fortune 100, and our global ecosystem of partners. Learn more at www.beyondtrust.com .