Lead Security Engineer - Red Team

JPMorgan Chase JPMorgan Chase · Banking · Plano, TX +1 · Corporate Sector

Lead Security Engineer focused on Red Teaming for AI/ML systems at a large financial institution. Responsibilities include designing and deploying secure software solutions, conducting adversarial testing on generative AI, RAG pipelines, and ML systems, and developing AI red teaming methodologies. The role requires experience with cloud-native AI services, threat modeling, and Python scripting, with a focus on identifying and mitigating AI vulnerabilities.

What you'd actually do

  1. Design, develop, and deploy enterprise-scale software applications and services, solving business problems through strong software engineering practices with a focus on secure-by-design, adversarial resilient AI-enabled systems.
  2. Develop and enhance security strategies and red teaming programs—defining AI red teaming methodologies, playbooks, and success metrics—while troubleshooting technical issues and creating scalable solutions.
  3. Conduct discovery, threat modeling, and adversarial testing on generative AI, RAG pipelines, and ML systems to identify vulnerabilities such as prompt injection, jailbreaking, data poisoning, and data leakage.
  4. Reduce AI/LLM vulnerabilities by adhering to industry standards and emerging AI safety research, evolving policies, testing protocols, and controls, and providing guidance on secure design, logging, monitoring, and compensating controls.
  5. Lead evaluation sessions with external vendors, researchers, standards bodies, and internal platform/cloud security teams to probe designs, ensure secure infrastructure configuration, and bring emerging AI threat best practices into the organization.

Skills

Required

  • Formal training or certification in Public Cloud environment concepts and advanced hands-on experience with cloud-native AI services (e.g., Bedrock).
  • Experience with threat modeling, discovery, vulnerability, and penetration testing (e.g., MITRE ATLAS, OWASP Top 10 for LLMs) and foundational cybersecurity concepts such as IAM, Authentication, OIDC, SAML.
  • Practical experience with Infrastructure as Code (IaC) solutions like Terraform and CloudFormation.
  • Proficiency in Python scripting.
  • Strong understanding of AI/ML concepts and trends, with knowledge of AI red teaming foundational concepts to design and implement exercises for complex AI architectures.
  • Ability to conceptualize, design, validate, and communicate creative technical solutions to enterprise-level security problems, including building internal tools, dashboards, and automation for red teaming activities.

Nice to have

  • Expertise in planning, designing, and implementing AI red teaming exercises and enterprise-level security solutions for generative AI, LLMs, and ML systems.
  • Experience with specialized AI security/red teaming tools and frameworks (e.g., PyRIT, Garak, custom LLM evaluation harnesses) and contributions to AI security or open-source security projects

What the JD emphasized

  • secure-by-design
  • adversarial resilient AI-enabled systems
  • secure AI and software architectures
  • AI red teaming methodologies
  • adversarial testing on generative AI, RAG pipelines, and ML systems
  • AI safety research
  • AI red teaming exercises

Other signals

  • AI red teaming methodologies
  • adversarial resilient AI-enabled systems
  • secure AI and software architectures