About the job
Define and lead product security strategy across web, mobile, API, cloud, infrastructure, and container security — conducting threat modeling, risk assessments, and security reviews throughout the development lifecycle with a strong shift-left focus. Embed secure development practices by designing and implementing secure coding standards, encryption, and security testing methodologies in close collaboration with development and ML teams, ensuring products are secure, resilient, and trustworthy.
Responsibilities
Own Enterprise AI Security end-to-end — from securing LLM integrations, agentic pipelines, and ML model ingestion to defending against AI-specific threats (prompt injection, data poisoning, model extraction, RAG poisoning, ), building AI incident response playbooks, and red-teaming AI systems across Recursion's product surfaces.
Qualifications
Minimum
Bachelor's or Master's degree in Computer Science, Information Security, or a related field, with 10+ years of experience in product security or application security and a proven track record securing complex products.
Deep understanding of security principles, threats, and countermeasures as they relate to product design and development, with familiarity across standards and frameworks including OWASP, NIST, ISO/IEC 27001, and CVSS-based vulnerability prioritization.
Hands-on proficiency with penetration testing frameworks and tools (Metasploit, Burp Suite, Nmap, Wireshark), web application attack techniques (SQL injection, XSS, CSRF, OWASP Top Ten), and the ability to simulate real-world attacks and assess their impact.
Expertise in one or more programming languages (e.g., Python, Java, C++) with strong command of secure coding practices, encryption standards, and integrating security tooling into CI/CD and development workflows.
Demonstrated experience securing AI/ML systems and LLM-powered or agentic products in production — including familiarity with AI attack surfaces (prompt injection, data poisoning, model extraction, membership inference, RAG poisoning) and hands-on red-teaming of AI pipelines and agentic workflows.
Working knowledge of AI security frameworks (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, EU AI Act) and experience vetting third-party foundation models, open-source weights, and AI APIs as part of a structured supply chain security program.
Familiarity with securing ML infrastructure — including training pipelines, experiment tracking, model registries, and inference endpoints — and designing least-privilege access controls for AI agents with external system or tool access.
Excellent communication and influencing skills, with the ability to drive security initiatives across engineering, legal, privacy, and executive stakeholders and mentor teams on security best practices.
Preferred
CISSP, OSCP, or GWAPT for core security credentialing, plus AI-focused certifications such as GAISC, Offensive ML (OffSec), or cloud provider AI security tracks (AWS/GCP).