Director of AI Security Engineering

Director of AI Security Engineering responsible for driving technical engineering for operating technical and governance controls to secure enterprise AI systems, vendor products, and supporting infrastructure. The role focuses on speeding the safe adoption of AI, operationalizing and scaling AI security tooling, and executing proofs of concept for new tools, while ensuring continuous improvement in hardening environments and reducing manual effort. Requires strong cloud and security fundamentals, understanding of AI/AI security risks, and hands-on engineering/leadership experience.

What you'd actually do

  1. Lead a small team of dedicated professionals to provide global solutions for protecting MetLife AI functions.
  2. Lead the technical engineering for standardization and keep aware of the latest changes in the AI environment
  3. Harden AI hosting environments, integrating security tooling into AI and application workflows, improving detection and monitoring, validating security configurations, and partnering with regional and response teams to drive risk reduction.
  4. Identify solutions for security gaps in cloud-native and AI-related environments.
  5. Partner with security engineers, cloud/platform teams, developers, and AI engineers, and clearly communicate implementation requirements, risks, and remediation guidance.

Skills

Required

  • cloud security concepts
  • identity and access management
  • network segmentation
  • secrets management
  • encryption
  • logging and monitoring
  • workload isolation
  • secure configuration
  • least privilege
  • generative AI
  • machine learning
  • agentic AI systems
  • prompt injection
  • sensitive data exposure
  • insecure output handling
  • model misuse
  • excessive agency
  • supply chain risk
  • weak access controls
  • MCP and A2A architectures
  • security controls and tools
  • production environments
  • posture management
  • vulnerability management
  • data protection
  • runtime security
  • detection capabilities
  • container security
  • cloud foundation fundamentals
  • images
  • pods
  • namespaces
  • RBAC
  • network policies
  • admission controls
  • data classification
  • privacy considerations
  • retention concerns
  • data loss prevention
  • scripting
  • automation

Nice to have

  • hardening Kubernetes environments
  • securing container supply chains
  • implementing admission or policy controls
  • supporting runtime security in containerized platforms
  • OWASP Top 10 for LLM applications
  • AI risk management frameworks
  • secure AI development practices
  • software development
  • platform engineering
  • DevSecOps
  • Kubernetes administration
  • code deployment pipelines
  • infrastructure configuration
  • cluster operations
  • model deployment pipelines
  • inference services
  • feature or data pipelines
  • vector or retrieval systems
  • prompt orchestration
  • AI gateways
  • building detections
  • tuning alerts
  • investigating suspicious behavior
  • responding to security events
  • cloud-native systems
  • image scanning

What the JD emphasized

  • Minimum 5 years of relevant experience in Technology and leading teams
  • Candidate demonstrates a strong understanding of core cloud security concepts such as identity and access management, network segmentation, secrets management, encryption, logging and monitoring, workload isolation, secure configuration, and least privilege across modern cloud environments.
  • Demonstrates a working understanding of how generative AI, machine learning, and agentic AI systems are built, deployed, and integrated, along with core risks such as prompt injection, sensitive data exposure, insecure output handling, model misuse, excessive agency, supply chain risk, and weak access controls.
  • Experience implementing, tuning, or supporting security controls and tools in production environments, including monitoring, posture management, vulnerability management, data protection, identity, runtime security, or detection capabilities.
  • Experience with container security and cloud foundation fundamentals, including images, pods, namespaces, RBAC, secrets handling, network policies, admission controls, and common misconfiguration risks.
  • Experience with secure handling of sensitive data used by or exposed to AI systems, including data classification, access boundaries, privacy considerations, retention concerns, and data loss prevention concepts.

Other signals

  • Operationalize and globally scale AI Security tooling suite
  • Drive technical engineering for operating technical and governance controls that help secure MetLife enterprise AI systems
  • Ensure we drive continuous improvement by identifying ways to harden environments, improve detection and response, and reduce manual operational effort