Software Engineer II – AI Engineer, AI Data Privacy, Security & Governance Specialty

Security EngineerSecurity EngineerFull TimeRemoteSeniorTeam 10,001+Since 1991H1B SponsorCompany SiteLinkedIn

Location

California

Posted

10 days ago

Salary

$85K - $124K / year

Seniority

Senior

Job Description

Software Engineer II – AI Engineer, AI Data Privacy, Security & Governance Specialty

Dyson

• analyze, design, program, debug, test, implement, and support the privacy, security, and governance controls that protect generative AI technologies • safeguard GenAI-enabled applications, including LLM-powered workflows, RAG pipelines, plugins, skills, and autonomous agents • embed data protection, security guardrails, and responsible AI governance across the development lifecycle • support SDLC documentation across all phases, with a focus on data privacy, security guardrails, governance, compliance, and risk management • work with users to define requirements and support applications in production • design and implement data privacy controls, including PII/PHI detection, redaction, and data minimization. • build security guardrails, including prompt-injection defense, jailbreak prevention, and output filtering • establish governance for plugins, skills, and agents, including registration, approval, and lifecycle management • review and vet third-party plugins, skills, and agent tools for security, privacy, and compliance risks • define and enforce access controls, authentication, and least-privilege permissions for AI components • implement guardrails for autonomous agents, including action scoping, tool-use restrictions, and human-in-the-loop approval • apply data classification, retention, and residency policies across GenAI data flows • monitor AI systems for policy violations, data leakage, and anomalous plugin, skill, or agent behavior • maintain audit trails and logging for plugin, skill, and agent activity • support compliance with regulations and frameworks, including GDPR, CCPA, and the EU AI Act • provide Level II production support for security, privacy, and governance incidents • support incident response, including containment, escalation, and remediation.

Job Requirements

  • 4+ years of experience in IT or a related field
  • 2+ years of software engineering experience
  • 1+ year of experience in AI security, data privacy, or governance
  • experience with AI coding agent-augmented development
  • experience with data privacy techniques, including PII detection, redaction, and anonymization
  • experience with Python, Java, C#, JavaScript, or SQL
  • experience building and securing applications
  • knowledge of cloud platforms, containers, and CI/CD practices
  • understanding of SDLC, APIs, and system architecture
  • knowledge of databases and data integration
  • understanding of LLM fundamentals and token behavior
  • knowledge of security guardrails, including prompt-injection and jailbreak defenses
  • experience governing plugins, skills, and agents, including registration and lifecycle management
  • knowledge of identity and access management, including authentication and least-privilege design
  • familiarity with AI risk frameworks, including the NIST AI RMF and OWASP LLM Top 10
  • knowledge of privacy and compliance regulations, including GDPR, CCPA, and the EU AI Act
  • experience with observability practices, including logging, tracing, and audit trails
  • experience with Azure, AWS, or GCP
  • strong communication and requirements-gathering skills.

Benefits

  • group health insurance benefits (medical, vision, dental)
  • FSA and HSA healthcare accounts
  • life and accident insurance
  • adoption and fertility assistance
  • paid parental leave of up to 6 weeks
  • short/long term disability
  • paid time off for vacation, personal needs, and sick time
  • up to 17 days of Choice Time Off (CTO) per calendar year
  • up to 11 paid holidays per calendar year
  • opportunity to contribute to 401(k) savings and investment plan or deferred compensation plan (if eligible)
  • employer match of 100% on the first 3% of your contributions for eligible employees

Related Categories

Related Job Pages

More Security Engineer Jobs

ButterflyMX logo

Senior Security Engineer

ButterflyMX

Video intercoms, access control systems, and security cameras loved by 20,000 multifamily, gated, commercial properties.

Full TimeRemoteTeam 201-500Since 2014H1B Sponsor

• Lead application security reviews, threat modeling sessions, and secure code review for new features and significant product changes. • Operate and continuously improve SAST, DAST, and SCA tooling; triage and prioritize findings in partnership with engineering teams to harden the codebase. • Plan and execute internal penetration tests against web applications, APIs, and mobile clients; coordinate and support third-party assessments. • Own the vulnerability management lifecycle from discovery, prioritization, remediation tracking, through to validation. • Develop and maintain secure coding standards, developer security guidance, and training materials. • Integrate security tooling into CI/CD pipelines and champion shift-left security practices across the SDLC. • Investigate security incidents and bug bounty submissions; provide root cause analysis and remediation recommendations. • Partner with Product and Engineering on security architecture decisions for new product capabilities. • Stay current on emerging threats, CVEs, and attack techniques relevant to our technology stack and support continuous program improvement.

United States
NinjaTrader logo

Staff Security Engineer, Application Security

NinjaTrader

Better Futures Start Now. Grow your FinTech career at NinjaTrader or start your futures trading journey with us.

Full TimeRemoteTeam 201-500Since 2003H1B No Sponsor

Disclaimer: Please be advised that the most accurate and up-to-date information about our open roles—including job descriptions, compensation, and benefits—can only be guaranteed on our official job board. For the latest listings and details, please visit: https://job-boards.greenhouse.io/ninjatrader. JOIN US ON OUR MISSION TO BECOME THE #1 RETAIL TRADING PLATFORM IN THE WORLD Welcome to the dynamic world of NinjaTrader! As an industry-leading trading platform and futures broker, we're empowering traders to take control of their financial destiny. How do we do it? We provide cutting-edge products and services that enhance the trading journey. Whether a seasoned pro or just starting out, NinjaTrader equips traders with award-winning software and brokerage services to navigate the world's leading financial markets with confidence. Our growth story is nothing short of exhilarating. Since 2003, NinjaTrader has been dedicated to understanding and supporting traders on their journey toward trading triumph. Through those efforts, our user base has grown to over 2 million users and we have become the number one rated futures brokerage worldwide. But we're not stopping there. We're constantly evolving, pushing boundaries, and modernizing the futures industry. Our commitment to innovation means users will always have access to dynamic tools, real-time support, and a community of like-minded traders. So, why work at NinjaTrader? Here, you're not just part of a team; you're part of a movement. We empower employees to reach new heights in their careers by providing a dynamic culture focused on social connection, professional development, and employee recognition initiatives. Sounds too good to be true? Take it from our employees. Join us as we redefine what's possible in trading, advocate for our customers, and continue our journey toward becoming the world's top retail-focused trading platform in the world. What you'll do: We're looking for a Staff Security Engineer, Application Security to help scale and mature our security program. You'll own key security domains and initiatives end-to-end, working closely with engineering to ensure systems are secure by design. This role is highly hands-on, with opportunities to drive meaningful impact through automation, secure design, and developer enablement. You'll operate with significant autonomy while partnering with senior engineers and security leadership to scale security across the organization. In this role you will: - Own key security domains such as vulnerability management, application security, API security, and supply chain security - Drive improvements in security coverage, prioritization, and remediation workflows - Partner with engineering teams to integrate security into design reviews, threat modeling, CI/CD pipelines, and developer workflows - Provide actionable, pragmatic guidance that helps teams ship securely - Develop and improve security tooling and automation to reduce manual effort - Implement and tune tools for SAST, SCA, DAST, dependency security, and container security - Leverage AI/LLMs where appropriate to improve triage, detection, and review processes - Triage and prioritize vulnerabilities using risk-based approaches - Partner with teams to ensure timely remediation of critical issues - Help define and improve SLAs, metrics, and reporting - Conduct threat modeling, design reviews, and security assessments - Contribute to incident response and postmortems for security events - Identify and help remediate systemic risks What you'll need: - 7+ years of experience in Application Security, Product Security, or Security Engineering - Strong hands-on experience with threat modeling and secure design - Experience with vulnerability management and application security tooling - Experience working in cloud-native environments such as AWS and GCP - Experience integrating security into CI/CD pipelines and developer workflows - Ability to write code in Python, Go, or similar languages for automation and tooling - Strong ability to work cross-functionally with engineering teams Bonus points for: - Experience scaling security in a high-growth or late-stage startup - Familiarity with AI-driven security workflows or automation - Background in API security, data protection, or multi-tenant systems - Experience with bug bounty programs and penetration testing - Security certifications such as CISSP Compensation: The salary range for this role will be $210,000.00 - $260,000.00 USD. In addition, this position will also receive an annual target bonus of 12%. Bonus pay at NinjaTrader is based on individual performance (50%) as well as company/team performance (50%). Salary and bonus earnings are only two components of the total compensation package offered by NinjaTrader. NinjaTrader offers a 401K plan through ADP under which the company will match up to 3.5% of employee contributions. Annual paid time off allowance accrues at a rate of 23 days per year (some positions may qualify for more) plus seven paid holidays. Location: This role is based in Chicago, IL. *There may be remote flexibility for exceptional candidates in the following states: California, Colorado, Florida, Georgia, Illinois, Indiana, Minnesota, Missouri, Montana, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, South Carolina, Texas, Utah, Vermont, Virginia, Washington, Washington DC, Wisconsin. Hybrid: For Chicago-based employees, we follow a hybrid work schedule: In-office Tuesday through Thursday, with remote work on Mondays and Fridays. In addition to these weekly remote days, we offer: - 20 additional flex remote days annually - 5 Company Wide Office-Optional weeks tied to major holidays Our Core Benefits Include: - Generous PTO - 7 Paid Holidays Annually + 5 Conditional Holidays Annually - 1 Service Day Annually - 401k with 3.5% Company Match - Paid Parental Bonding Leave - Health, Vision, Dental Coverage - Life and Disability Insurance Covered 100% by NinjaTrader We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.

Illinois
$210K - $260K / year

Global Head of Technology and Cybersecurity Internal Audit

CSC - Corporation Service Company

Corporation Service Company (CSC), founded in 1899, is a global leader in business administration, compliance solutions, and digital brand services, operating i

Global Head of Technology & Cybersecurity Internal Audit Remote- Mid-Atlantic Region Monday to Friday 8:00 am to 5:00 pm The Global Head of Technology & Cybersecurity Internal Audit is a leadership role within the Internal Audit function, responsible for providing independent assurance and strategic insight over technology, cybersecurity, and emerging risk domains across a global, highly regulated organization. This role reports to the Global Head of Internal Audit and partners closely with Enterprise Technology, Risk Management, Compliance, and senior business leaders to evaluate the design and effectiveness of governance, risk management, and control frameworks. The role has global coverage and requires deep experience operating in complex international environments, with a particular focus on cybersecurity, cloud, data, and the responsible use of artificial intelligence. What you will be doing: Audit Leadership & Assurance - Design and maintain a risk‑based technology and cyber internal audit plan aligned to enterprise risks, regulatory expectations, and the evolving threat landscape. - Lead and oversee end‑to‑end technology, cybersecurity, IT, and data‑related internal audits across global operations, including audit planning, risk assessment, execution, reporting, and issue validation. - Oversee the execution of IT and cybersecurity audits performed by third-party providers, ensuring work quality, adherence to Internal Audit standards, alignment with CSC’s risk framework, and appropriate coverage of key risks and controls. - Provide independent assurance over information security, cyber resilience, cloud environments, identity and access management, data protection, third‑party risk, and technology resilience. - Evaluate controls supporting compliance with relevant regulations, standards, and frameworks (e.g., GDPR, ISO 27001, DORA, NIST, and other regional supervisory expectations). Cybersecurity, Technology & AI Focus - Assess the maturity and effectiveness of cybersecurity governance, incident response, threat management, and vulnerability management programs from an internal audit perspective. - Lead audits and risk assessments covering cloud infrastructure, SaaS platforms, system development life cycles, and emerging technologies. - Evaluate the design and use of AI and advanced analytics within the organization, including governance, model risk, data quality, ethical use, and cybersecurity implications from an internal audit perspective. - Serve as a trusted advisor on emerging technology risks, including AI adoption, automation, and digital transformation initiatives. Stakeholder Engagement & Advisory - Build strong relationships with senior technology, security, risk, and compliance leadership across regions. - Present audit results, themes, and emerging risks to executive management and the audit committee in a clear and impactful manner. - Provide pragmatic, risk‑based recommendations that improve control effectiveness while enabling business objectives. Team & Function Leadership - Lead, mentor, and develop audit professionals (internally and third-party firms) across multiple geographies. - Contribute to the internal audit roadmap, methodology enhancements, and continuous improvement initiatives. - Support quality assurance and improvement activities in alignment with IIA standards and regulatory expectations. What technical skills, experience and qualifications do you need? - 8+ years of progressive experience in internal audit, technology risk, IT audit, or cybersecurity - Proven experience working within large, international organizations operating in highly regulated environments (e.g., financial services, fintech, global services, or complex multinationals). - Deep expertise in technology and cybersecurity risk management, including cloud, data, infrastructure, and third‑party ecosystems. - Strong understanding of internal control frameworks, regulatory requirements, and supervisory expectations across multiple jurisdictions. Professional Credentials - Bachelor’s degree in Computer Science, Information Security, Engineering or equivalent - Professional certifications such as CIA, CISA, CISSP, CRISC, or equivalent preferred. Key attributes - Executive‑level communication and presentation skills. - Strong judgment with the ability to balance risk, control, and innovation. - Ability to operate effectively across cultures, regions, and time zones. - Willingness to travel to CSC Headquarters in Wilmington, DE on quarterly basis and internationally as required. *This role is not eligible for employment visa sponsorship (e.g., H‑1B, TN, E‑3) now or in the future. At CSC, compensation decisions are dependent on a number of factors including job location and the knowledge and experience of each individual. A reasonable estimate of the current range is $134,376.00 to $170,630.00 #LI-AM1 #LI-Remote #Internalauditopportunities #CSCCareers Responsibilities - Design and maintain a risk-based internal audit plan for technology and cyber domains. - Lead and oversee technology, cybersecurity, and data-related audits across global operations. - Manage third-party IT and cybersecurity audits, ensuring quality and alignment with CSC's risk framework. - Provide independent assurance for information security, cyber resilience, and data protection. - Evaluate compliance with regulations and standards like GDPR, ISO 27001, and NIST. - Assess cybersecurity governance and incident response programs. - Lead audits for cloud infrastructure, SaaS, and emerging technologies. - Evaluate AI and advanced analytics governance and usage. - Serve as an advisor for emerging technology risks and digital initiatives. - Build strong relationships with senior leaders and present audit findings to executive management. Qualifications - 8+ years of experience in internal audit, technology risk, or cybersecurity. - Proven track record in large, international, highly regulated organizations. - Expertise in technology and cybersecurity risk management, including cloud and data ecosystems. - Strong understanding of internal control frameworks and regulatory requirements across jurisdictions. - Bachelor's degree in Computer Science, Information Security, or Engineering. - Professional certifications (CIA, CISA, CISSP, CRISC) are preferred. - Excellent communication and presentation skills for executive-level interactions. - Ability to balance risk, control, and innovation with a strong judgment. - Cultural sensitivity and the ability to work across regions and time zones. - Willingness to travel internationally as needed. About Us CSC is a global business, legal, and financial services company based in Wilmington, Delaware, USA, providing knowledge-based solutions to clients worldwide. We have offices and capabilities in over 140 jurisdictions in the Americas, Europe, Asia Pacific, and the Middle East, and more than 8,000 colleagues. We are the business behind business.® Visit our careers site to learn more about CSC and our commitment to our clients, communities, and each other. CSC is committed to creating a feeling of belonging through a diverse and growth-oriented environment where everyone is valued. CSC colleagues have global career opportunities and excellent benefits, including annual success-sharing bonuses or commission plans based on individual performance. To learn more, visit cscglobal.com/service/careers. We offer a range of support to colleagues with disabilities, ensuring people have the necessary resources to thrive in their roles. We encourage candidates to work closely with our talent acquisition partners to convey their specific needs. Our commitment to accessibility reflects our broader dedication to diversity and belonging, CSC only accepts resumes from employment agencies that are part of our approved supplier program. Resumes submitted from other agencies either to talent acquisition, our hiring leaders, employees, or through any other mechanism other than our supplier process, will not be eligible to claim related fees and the submitted resumes will be considered property of CSC. We encourage candidates to apply directly to our website and not through third-party sources. Disclaimer: The information above describes the general nature and level of work performed by employees in this role. It is not intended to describe all duties, responsibilities, and qualifications. About the Team At CSC®, we’re always looking ahead, finding ways to innovate, challenge the status quo, and anticipate the needs of our clients. We exceed expectations by adapting client ambitions and goals as our own. This Fierce Client Spirit has helped us adapt and create solutions that have enabled businesses to run smoother and smarter for more than 125 years. It’s also the reason we’re the trusted partner of many of the world’s most successful organizations. CSC is committed to attracting, developing, and retaining talented people whose values align with ours. We empower our colleagues to bring the right solutions to market to meet client demand. That’s why we are the leading provider of business administration and compliance solutions. - CSC is a great place to work with smart and dedicated people. - We have won several employer recognition awards, including Top Workplace USA, Great Places to Work India, and Built In’s Best Places to Work. - We offer fulfilling work and career opportunities. Most positions are filled with internal moves and employee referrals. - Employees are eligible for Success Sharing, bonuses, or commission plans based on role and individual performance. - CSC offers a competitive and comprehensive benefits package that includes annual leave, tuition reimbursement, referral bonuses, and more. - As business needs allow, CSC offers hybrid or remote work schedules in alignment with local regulations. Specific details for this position will be discussed during the interview process.

Delaware
$134.4K - $170.6K / year
Full TimeRemoteTeam 10,001+Since 1855H1B Sponsor

• Plan and execute full‑scope red team engagements, including reconnaissance, initial access, lateral movement, privilege escalation, command-and-control, and objective completion • Emulate real-world threat actors using established TTPs (e.g., MITRE ATT&CK) • Conduct phishing and social engineering campaigns within defined legal and ethical constraints • Develop and maintain custom tooling, payloads, and infrastructure to support operations • Collaborate closely with Blue Team, Purple Team, Threat Intelligence, and Incident Response partners • Produce clear, technically accurate engagement reports and executive-ready summaries • Contribute to detection engineering by identifying gaps in controls, telemetry, and response processes • Support continuous improvement of red team methodologies, playbooks, and governance processes • Mentor junior operators and contribute to team knowledge sharing

Canada
$96.9K - $136.8K / year