Torre
Website:
torre.ai
Job details:
I’m helping Araways Tech Services Pvt Ltd find a top candidate to join their team part-time for the role of Senior GenAI Security Engineer (AWS Stack).
You will secure enterprise GenAI platforms on AWS, safeguarding innovation and ensuring rigorous compliance.
Compensation:
Hidden
Location:
Remote: India
Mission of Araways Tech Services Pvt Ltd:
"To deliver accurate, timely, and insightful business and financial news that empowers readers, professionals, and leaders to understand economic trends, make informed decisions, and stay ahead in a rapidly evolving global economy."
What makes you a strong candidate:
- You have +5 years experience in Cloud security, Application security.
- You are proficient in Security testing, Security monitoring, Role-based access control (RBAC), Incident response, General Data Protection Regulation (GDPR), DevSecOps, Data masking.
- English - Conversational
Responsibilities and more:
Senior GenAI Security Engineer (AWS Stack).
Experience: 8+ years.
Job Type: Contract / Remote.
Brief Job Description:
We are looking for a lead/senior Security Engineer given the depth and breadth of experience needed.
RAG-Specific Security Testing:
- Enforce metadata-based retrieval filtering and tenant isolation within vector databases.
- Validate retrieval-layer access controls before context injection into LLM prompts.
- Design and test protections against corpus poisoning and malicious document injection.
- Secure embedding pipelines and knowledge ingestion workflows.
Continuous AI Security Validation:
- Implement automated adversarial testing pipelines.
- Maintain prompt injection regression corpus.
- Track injection resistance metrics over time.
- Implement canary tokens to detect data leakage.
About the Role:
We are looking for a GenAI Security Engineer to own the security, compliance, and governance posture of an enterprise-grade Generative AI platform deployed on AWS. This role sits at the intersection of cloud security, AI/ML systems, and regulatory compliance, requiring someone who understands the technical depth of modern GenAI architectures and the rigorous governance standards expected in an enterprise environment.
You will be responsible for securing AI agent frameworks, knowledge pipelines, and data layers from design through production, embedding security at every layer of the stack.
Key Responsibilities:
Securing AI Systems and Models (AI Security):
Threat Modeling and Risk Assessment for AI:
- Identify potential vulnerabilities and attack vectors specific to AI/ML models (e.g., adversarial attacks, model poisoning, data manipulation, prompt injection, data leakage, intellectual property theft).
- Conduct risk assessments to understand the potential impact of these threats.
- Develop mitigation strategies to address identified risks.
AI Model Protection and Hardening:
- Design and implement security measures to protect AI models during training, deployment, and operation. This includes techniques to make models resilient against adversarial inputs.
- Ensure data integrity and privacy of training data and inputs.
- Implement secure coding practices for AI-related projects.
AI Security Testing and Validation:
- Perform security assessments, code reviews, and penetration testing specifically tailored for AI applications.
- Develop and implement adversarial testing techniques to identify weaknesses in AI models.
- Conduct safety testing and evaluate AI models against industry standards and regulatory requirements.
Secure AI Development and Deployment:
- Integrate security best practices into the AI development lifecycle (DevSecOps for AI).
- Design and architect AI implementations with appropriate security controls.
- Provide technical guidance to AI developers on secure coding practices.
Responsible AI and Ethical Considerations:
- Address ethical implications of AI systems from a security perspective.
- Develop and implement AI content and responsible AI filtering mechanisms.
- Ensure compliance with industry regulations and security standards for AI governance.
AI Guardrails & Safety:
- Design, implement, and maintain a centralized guardrail framework governing all AI agent interactions, covering input validation, output filtering, content moderation, and PII detection.
- Define and enforce prompt safety policies across all user-facing and internal AI agents.
- Implement output review and masking mechanisms to prevent sensitive or restricted content from reaching end users.
- Ensure fail-safe behavior across all AI components. The system must default to safe mode upon any security component failure.
Cloud & Application Security:
- Architect and enforce security controls across the full AWS stack including Bedrock, Lambda, API Gateway, OpenSearch, Redshift, S3, and KMS.
- Implement federated authentication, role-based access control (RBAC), and secure token management across varied user personas.
- Ensure all data in transit and at rest is encrypted using managed key services.
- Manage secrets, API keys, and credential rotation through a dedicated secrets management service.
- Enforce strict session isolation to prevent cross-session data exposure.
Compliance & Regulatory:
- Lead compliance implementation for applicable regulations including ITAR, GDPR, and relevant US and international AI governance frameworks.
- Implement automatic PII detection and masking across logs, analytics pipelines, and feedback datasets.
- Define and enforce data retention policies for conversation logs, feedback records, audit trails, and model training datasets.
- Work closely with Legal and Compliance teams to ensure export control boundaries are technically enforced within the system.
- Monitor the evolving regulatory landscape, particularly AI-specific legislation, and update the compliance framework accordingly.
Audit, Monitoring & Incident Response:
- Maintain detailed audit logs of all model invocations, blocked prompts, guardrail triggers, and security events.
- Ensure all security events are traceable via unique request identifiers and exportable to centralized audit systems.
- Build and manage security monitoring dashboards and alerting pipelines.
- Lead incident response for AI-related security events including prompt injection attacks, data leakage, and unauthorized access.
- Configure anomaly detection for repetitive abuse patterns and integrate with operational alerting workflows.
DevSecOps Integration:
- Embed security throughout the CI/CD pipeline, including SAST, secret detection, container image vulnerability scanning, and dependency analysis.
- Enforce security quality gates across Dev, UAT, and Production deployment environments.
- Conduct regular security reviews of agent configurations, model connectors, and knowledge base integrations.
- Perform threat modeling for new features and integrations prior to development.
Governance & Policy:
- Develop and maintain an AI security governance framework covering model retraining data approval, feedback pipeline governance, and guardrail change management.
- Ensure only validated, reviewer-approved feedback is eligible for use in model retraining pipelines.
- Govern the change management process for guardrail and AI behavior policy updates, ensuring appropriate approvals are in place.
- Collaborate across Engineering, Legal, Compliance, and Business stakeholders to align AI behavior policies with organizational and regulatory requirements.
Required Qualifications:
- 5+ years of experience in cloud security, application security, or information security engineering.
- 2+ years of hands-on experience securing AI/ML or GenAI platforms in a production environment.
- Deep expertise with AWS security services: IAM, KMS, Secrets Manager, CloudWatch, GuardDuty, Security Hub, and Macie.
- Proven experience with AWS Bedrock or equivalent LLM platforms (Azure OpenAI, GCP Vertex AI).
- Strong understanding of RAG architectures, LLM agent frameworks, and associated security risks including prompt injection, data poisoning, and model inversion.
- Experience implementing guardrail frameworks for LLM-based systems in enterprise or regulated environments.
- Solid knowledge of GDPR, ITAR, EAR, and AI governance frameworks such as NIST AI RMF and awareness of the EU AI Act.
- Hands-on experience with DevSecOps tooling: CI/CD pipelines, SAST tools, and container scanning solutions.
- Experience with federated identity, RBAC, and token-based authentication systems.
Preferred Qualifications:
- AWS certifications: AWS Certified Security – Specialty, or AWS Certified Solutions Architect.
- Familiarity with OWASP Top 10 for LLMs and AI-specific threat modeling methodologies.
- Exposure to PII detection and data masking tooling such as AWS Macie or equivalent open-source solutions.
- Experience collaborating with legal and compliance teams on cross-jurisdictional data privacy requirements.
Click on Apply to know more.