Vertex Inc. logo
Vertex Inc.

Vertex is a global biotechnology company that invests in scientific innovation.

Senior Product Security Engineer

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 1,001-5,000

Location

United States

Posted

13 days ago

Salary

0

Seniority

Senior

Job Description

Senior Product Security Engineer

Vertex Inc.

Role Description This role requires practical, hands-on AI fluency. The ideal candidate is comfortable operating directly within the product development lifecycle—understanding how modern AI systems and agents behave, improve over time, and fail—and applying that understanding to product security decisions, acceptance criteria, and release readiness while owning and evolving broader product security strategy, governance, and risk management practices across the organization. - Own and evolve major components of the Product Security strategy, translating product and business risk into actionable, measurable security programs with clear success metrics. - Lead Secure-by-Design initiatives across product teams, embedding security requirements early in product and feature design, and defining secure design patterns, reference architectures, and guardrails that scale. - Lead security architecture reviews, secure code reviews, threat modeling, and application penetration testing, with a focus on systemic risk reduction across a broad range of products. - Establish and own security best practices for AI-enabled product features, model integration, and AI service architectures, including data handling, model access, and inference workflows. - Lead AI-specific threat modeling addressing misuse, data leakage, supply-chain exposure, and abuse scenarios; define security controls and governance requirements specific to AI features and services. - Evaluate the security implications of new AI technologies, tools, and models prior to adoption; embed responsible AI principles—traceability, privacy, bias awareness, transparency, and auditability—into product security decisions. - Drive consistency in how product and AI risks are assessed, documented, tracked, and accepted across the organization. - Serve as advisor to product and engineering on security risk, architectural trade-offs, and risk acceptance decisions. - Mentor and provide technical leadership to other Product Security engineers and serve as an escalation point for complex security decisions. Qualifications - 5+ years of experience in the security domain, including applying security controls to cloud-based technologies and implementing Product Security frameworks such as OWASP, CIS Benchmarks, and Cloud Security Alliance (CSA). - Proven track record of establishing security controls and governance requirements for AI-enabled features, including data handling, model access, and inference workflows. - Hands-on experience with AI product development security, including partnering with engineering and subject matter experts on model evaluation, tuning, and training. - Ability to define evaluation criteria for AI systems and interpret results to inform security requirements and release readiness decisions. - Experience with cloud governance principles and Product Security tooling, including SAST and DAST. - Demonstrated ability to lead threat modeling, secure code reviews, and application penetration testing for complex, cross-cutting security issues. - Demonstrated expertise in defining and scaling secure design patterns, reference architectures, and security guardrails across multiple product teams. - Technical acumen to experiment directly with AI tools and prototypes in support of faster product security validation. Requirements - Bachelor's degree in computer science or a related field; equivalent combination of education, training, and relevant professional experience accepted in lieu of a formal degree. - Experience with DevSecOps practices, zero trust design principles, and cloud incident response. - Experience contributing to the automation of security analysis and testing activities. - Track record of mentoring and providing technical leadership to security engineering teams. Other Qualifications - Communicate with Clarity - Be clear, concise and actionable. Be relentlessly constructive. Seek and provide meaningful feedback. - Act with Urgency - Adopt an agile mentality - frequent iterations, improved speed, resilience. 80/20 rule – better is the enemy of done. Don’t spend hours when minutes are enough. - Work with Purpose - Exhibit a “We Can” mindset. Results outweigh effort. Everyone understands how their role contributes. Set aside personal objectives for team results. - Drive to Decision - Cut the swirl with defined deadlines and decision points. Be clear on individual accountability and decision authority. Guided by a commitment to and accountability for customer outcomes. - Own the Outcome - Defined milestones, commitments and intended results. Assess your work in context, if you’re unsure, ask. Demonstrate unwavering support for decisions. Pay Transparency Statement Base pay offered to new hires may vary based upon factors including relevant industry and job-related skills and experience, geographic location, and business needs. The range displayed does not encompass the full potential of the role, which allows for further growth and career progression. In addition, as a part of our total compensation package, this role may be eligible for the Vertex Bonus Plan (VOB), a role-specific sales commission/bonus, and/or equity grants. Learn more about Life at Vertex and connect with your recruiter for more details regarding Vertex's compensation and benefit programs. In no case will your pay fall below applicable local minimum wage requirements.

Related Categories

Related Job Pages

More Security Engineer Jobs

Cyber Security Engineer

LTS

LTS, a multi-ISO/CMMI Level 3 award-winning company, delivers first-class secure software lifecycle development, IT systems integration, program management, and

• Support cybersecurity engineering for the pilot, including cloud security, RMF/ATO support, compliance documentation, and continuous monitoring. • Secure AWS-based environments through identity and access management, encryption, logging, monitoring, network security, vulnerability management, and configuration hardening. • Configure, monitor, and support AWS security services such as AWS Network Firewall, Security Hub, GuardDuty, CloudWatch, CloudTrail, Inspector, and related capabilities. • Support security planning for an AWS Commercial Cloud environment with consideration for future migration to AWS GovCloud or another VA-approved hosting environment. • Assist with ATO planning, control implementation, evidence collection, compliance reporting, and approval workflows. • Work within eMASS, ServiceNow GRC, or similar risk management systems to support ATO artifacts, information assurance tasking, POA&M tracking, and security documentation. • Develop and maintain SSPs, POA&Ms, SOPs, risk assessments, control narratives, security diagrams, and remediation plans. • Support vulnerability assessments, DISA STIG hardening, configuration compliance reviews, remediation tracking, and audit readiness activities. • Integrate security requirements into architecture, sprint planning, CI/CD processes, testing, and deployment readiness. • Support security reviews for VIA platform capabilities, including data handling, access control, auditability, secure integration, and AI-enabled modernization workflows. • Collaborate with technical and non-technical stakeholders to translate security requirements into practical engineering, documentation, and compliance actions.

United States
9th Way Insignia logo

Cyber Security SME

9th Way Insignia

Serving the federal government with courage, integrity, and excellence.

Full TimeRemoteTeam 51-200Since 2018H1B No Sponsor

• Provide expert cybersecurity guidance across enterprise systems, cloud environments, applications, networks, and mission platforms. • Lead the development and implementation of innovative cyber defense strategies that improve detection, prevention, response, and recovery capabilities. • Assess current cyber defense posture and recommend practical, scalable improvements aligned with mission, business, and regulatory requirements. • Design and support implementation of layered defense models, including Zero Trust, endpoint protection, identity-based security, network segmentation, encryption, threat monitoring, and secure cloud controls. • Evaluate emerging cybersecurity technologies, tools, and methodologies to determine applicability, maturity, risk, and operational value. • Support development of cybersecurity roadmaps, implementation plans, maturity models, and modernization strategies. • Advise leadership on cyber risk, threat trends, security gaps, mitigation strategies, and investment priorities. • Collaborate with technical teams, program managers, architects, engineers, system owners, and business stakeholders to integrate security into planning, development, operations, and sustainment activities. • Support security assessments, risk assessments, authorization activities, audits, and compliance reviews. • Provide expertise in federal cybersecurity frameworks and standards, including NIST, RMF, FISMA, FedRAMP, CMMC, CIS Controls, and Zero Trust guidance. • Recommend automation, analytics, artificial intelligence, machine learning, and security orchestration approaches to improve cyber defense effectiveness. • Support incident response planning, tabletop exercises, root cause analysis, and lessons-learned activities. • Develop cybersecurity policies, procedures, playbooks, technical guidance, briefings, and executive-level decision materials. • Mentor junior and mid-level cybersecurity staff and promote knowledge sharing across technical teams. • Identify opportunities to reduce risk, improve efficiency, strengthen resilience, and advance the organization’s cyber maturity. • This position may perform other duties as assigned. The responsibilities listed above are representative and not intended to be all-inclusive.

United States
$96.4K - $162.5K / year
Vantage Data Centers logo

Cybersecurity Engineer – AI Risk and Governance

Vantage Data Centers

Experience | Scalability | Efficiency By Design

Full TimeRemoteTeam 1,001-5,000Since 2010H1B Sponsor

• Perform technical security testing and reviews of AI‑enabled applications, agents, and workflows • Implement approved security architecture patterns for AI, ML, and LLM systems across cloud, hybrid, on‑prem, and OT‑adjacent environments • Engineer secure inference paths, APIs, service identities, authentication flows, and segmentation boundaries aligned with least privilege and zero trust principles • Implement technical safeguards to mitigate prompt injection, unauthorized context expansion, data leakage, hallucination risk, and unsafe output handling • Configure and maintain controls for limiting, monitoring, logging, and managing AI usage across platforms, models, and agents • Implement and validate technical controls supporting model explainability, traceability, and output validation where AI impacts operational, workforce, safety, or compliance decisions • Review and validate LLM usage patterns, including prompt design, retrieval‑augmented generation (RAG), context window constraints, and output handling mechanisms • Implement controls preventing unauthorized external model training, reuse, or retention of enterprise data by third‑party AI platforms • Validate encryption, access logging, retention, and deletion controls for data ingested, processed, or generated by AI systems • Execute AI‑specific threat modeling activities and contribute findings to enterprise and OT cybersecurity risk assessments • Ensure AI systems produce security telemetry, logs, and audit trails sufficient to detect misuse, drift, policy violations, or anomalous behavior • Integrate AI security signals into SOC, SIEM, and incident response tooling and workflows • Support investigation and response to AI‑related incidents, including data exposure, model failure, unsafe outputs, or control breakdowns • Conduct technical security reviews of vendor‑provided and embedded AI capabilities, assessing model behavior, data handling, and control alignment • Enforce approved security requirements for AI vendors and prevent activation of AI features without required security validation and governance approval • Drive alignment with ISO 42001 and related AI governance standards across applicable teams

Florida
$115K - $120K / year
Full TimeRemoteTeam 1,001-5,000Since 2005H1B Sponsor

• Triage, investigate, and respond to alerts across the SOC queue, hitting SLAs and following playbooks • Lead incident investigations, gather evidence, correlate events, and coordinate containment and recovery • Build and tune AI-assisted and agentic workflows across SIEM, SOAR, and EDR, including Claude via API • Engineer detection content: rules, queries, and alert tuning mapped to MITRE ATT&CK • Write and maintain SOAR playbooks and automation scripts that cut manual toil and accelerate response • Hunt for threats proactively, forming and testing hypotheses against current adversary TTPs • Maintain the SOC technology stack: integrations, health, and content engineering across all platforms • Keep SOX and SOC 2 Type 2 audit-ready evidence: logging coverage, incident records, and procedures • Partner with IT, Cloud, Risk, and Compliance to embed telemetry and surface findings clearly

Illinois
$97.9K - $142.3K / year
Job Closed