Senior Security Engineer, AI/ML - Remote Eligible

Senior Security Engineer, AI/ML

Founded in 2012 by three expert hackers with no investment capital, Trail of Bits is the premier place for security experts to boldly advance security and address technology's newest and most challenging risks. It has helped secure some of the world's most targeted organizations and devices. Our combination of novel research with practical solutions reduces the security risks that our clients face from emerging technologies. Our work helps drive the security industry and the public understanding of the technology underlying our world.

Cybersecurity preparedness is a moving target. Companies like ours are the tip of the spear in the fight against attackers. Our research-based and custom-engineering approach ensures that our client's capabilities are at the forefront of what's available. For companies and technologies that live and die by their security, a proactive, tailored approach is required to keep one step ahead of attackers. Democratizing security information is essential. As part of our business, we provide ongoing informational support through blogs, whitepapers, newsletters, meetups, and open-source tools. The more the community understands security, the more they'll understand why a company like ours is so unique and valuable.

Role

Trail of Bits seeks a Senior Security Engineer, AI/ML within our growing Software Assurance team. You will conduct comprehensive security assessments of machine learning and large language model systems, examining everything from examining software across the AI/ML supply chain and stack, such as LLM web applications, training data pipelines, neural network architectures, AI/ML frameworks, and CUDA-based libraries. You will identify and analyze novel attack vectors and vulnerabilities specific to MLops environments, focusing on potential failure modes, vectors for model performance degradation, and unauthorized access to sensitive data and model parameters. In addition to performing technical assessments, you will contribute to threat modeling, evaluating AI adoption risk frameworks, and delivering specialized training to clients on AI security concepts, including AI/ML-specific attacks, AI safety, and pipeline threats.

What You'll Achieve

• AI/ML Security Assessment: Conduct comprehensive security assessments of AI/ML pipelines, tools, and frameworks. Examine vulnerabilities in model architectures, training processes, and deployment infrastructure while developing mitigation strategies.
• AI/ML Security Controls: Design and develop security frameworks and tools specifically for AI/ML systems, including model robustness testing, data poisoning detection, and protection against adversarial attacks.
• Application Security Assessment: Conduct security assessments of client code bases using a combination of static analysis, dynamic testing, and manual code review, identifying vulnerabilities and developing mitigation strategies, with a focus on findings at the intersection of application security and AI/ML security.
• AI/ML Threat Modeling: Conduct threat modeling and risk assessments to proactively identify potential risks for clients and develop mitigation strategies for future prevention.
• Client Engagement: Work with leading industry teams to review system code and architecture, and help assure their products through system analysis and modeling.
• AI Policy & Compliance Initiatives: Develop and contribute to AI/ML regulatory frameworks, establishing assurance methods and auditing processes for mission-critical AI applications while ensuring alignment with emerging industry standards and safety requirements.

What You'll Bring

• AI/ML Security Expertise: Extensive experience in AI/ML security, with demonstrated ability to identify and mitigate ML-specific vulnerabilities across complex systems.
• Technical AI/ML Knowledge: Deep understanding of AI/ML architectures, frameworks (PyTorch, Jax, LangChain, RAG systems, etc.), and MLOps practices, combined with robust security engineering expertise.
• Assessment Experience: Have conducted technical security assessments of AI/ML systems and implemented effective security measures.
• Tool Proficiency: Strong background in AI/ML development languages (Python, C, C++, Typescript, JacvaScript, Rust) and security testing frameworks, with experience in developing and applying ML-specific security tools.
• Communication Skills: Ability to effectively communicate complex AI/ML security concepts to diverse stakeholders and deliver clear, actionable recommendations.

Reporting Manager: Cliff Smith (Principal Security Engineer, AI/ML)

The base salary for this full-time position ranges from $175,000 to $225,000, excluding benefits and potential bonuses. Various factors influence our salary ranges, including the specific role, level of seniority, geographic location, and the nature of the employment contract. An individual's specific work location, unique skills, experience, and relevant educational background will determine the final offer within this range. The presented salary range encompasses the starting salaries for all U.S. locations. For a precise salary estimate tailored to your preferred location, please discuss it with your recruiter during the hiring process.

Trail of Bits, Inc. participates in E-Verify, the US federal electronic employment eligibility verification program. Learn more.

When you apply, you'll be added to our newsletter so you can stay updated on company news and opportunities. You can opt out anytime.