Security Engineer, Detection and Response (us)

at Writer · AI Frontier · San Francisco, CA · Engineering, product & design

Security engineer focused on detection and response for AI infrastructure, including AI-specific threats like prompt injection and data poisoning. The role involves building automated response systems, leading incident response for AI infrastructure, proactive threat hunting across GPU clusters and training environments, and developing detection-as-code frameworks. It requires collaboration with AI Security research, Cloud Infrastructure, and AI researchers to protect the AI platform.

What you'd actually do

  1. Design and implement detection strategies that identify AI-specific threats including prompt injection, model extraction, data poisoning, adversarial examples, and unauthorized access to training datasets or model weights across our distributed infrastructure
  2. Build automated response playbooks and orchestration workflows that contain threats without human intervention, creating self-healing security systems that reduce mean time to response from hours to minutes while automatically remediating compromised inference endpoints
  3. Lead security incident response coordination across all teams (Cloud, AppSec, Enterprise, AI Security) when AI infrastructure or models are compromised, conducting forensic investigations on training pipeline attacks and model manipulation attempts while drafting clear incident communications for engineering and executive leadership
  4. Hunt proactively for sophisticated threats across GPU clusters and training infrastructure by analyzing model outputs for signs of compromise, reproducing AI-specific vulnerabilities from security research, and identifying visibility gaps in distributed training environments before adversaries exploit them
  5. Build detection-as-code frameworks with version control and automated deployment, onboard telemetry from AI training infrastructure and inference endpoints, and create dashboards that track model security metrics, GPU utilization patterns, and access to sensitive research data

Skills

Required

  • 3-5+ years in security operations, detection engineering, or incident response
  • Proven track record of identifying and stopping sophisticated attacks in production environments
  • Securing AI/ML infrastructure, high-performance computing environments, or other distributed systems at scale
  • Strong programming skills in Python, KQL, SPL, or similar languages
  • Build custom detection logic
  • Automate response workflows
  • Create tools that operationalize security at scale across cloud-native and distributed computing environments
  • Experience with SIEM platforms, detection technologies, and forensic investigation techniques
  • Demonstrated ability to build detection for novel attack techniques
  • Conduct forensics in complex distributed environments
  • Self-directed execution mindset
  • Track record of securing high-value intellectual property
  • Automating incident response in complex environments
  • Identifying critical security gaps through proactive threat hunting

Nice to have

  • AI Security research collaboration
  • Cloud Infrastructure collaboration
  • Software Security Engineering collaboration
  • AI researchers collaboration
  • Threat intelligence translation
  • Incident response coordination
  • Forensic investigations on training pipeline attacks
  • Model manipulation attempts
  • Incident communications
  • Analyzing model outputs for signs of compromise
  • Reproducing AI-specific vulnerabilities
  • Detection-as-code frameworks
  • Version control
  • Automated deployment
  • Onboard telemetry from AI training infrastructure
  • Onboard telemetry from inference endpoints
  • Dashboards for model security metrics
  • Dashboards for GPU utilization patterns
  • Dashboards for access to sensitive research data
  • Operational security partner
  • Monitoring Cloud Infrastructure's GPU clusters for threats
  • Detecting customer-impacting incidents
  • Enabling responsible AI development through security guardrails
  • 24/7 on-call rotation
  • Responding to real-time threats
  • Continuously improving detection coverage
  • Continuously improving automation capabilities

What the JD emphasized

  • AI-specific threats
  • automated response capabilities
  • defending cutting-edge AI/AGI systems
  • securing systems that are fundamentally different
  • AI security engineering at scale
  • novel threats that don't exist in textbooks yet
  • sophisticated attacks across GPU clusters and distributed training environments
  • AI infrastructure or models are compromised
  • model outputs for signs of compromise
  • visibility gaps in distributed training environments
  • customer-impacting incidents
  • critical AI security incidents
  • securing AI/ML infrastructure
  • high-performance computing environments
  • complex distributed environments
  • securing high-value intellectual property
  • automating incident response in complex environments
  • identifying critical security gaps
  • unwavering accountability

Other signals

  • AI-specific threats
  • automated response capabilities
  • defending cutting-edge AI/AGI systems
  • securing systems that are fundamentally different
  • AI security engineering at scale
Read full job description

📐 About the role

Join WRITER's security team as a staff detection and response engineer and help protect the AI infrastructure that's transforming how the world works. You'll build sophisticated detection systems that identify attacks targeting our AI platform, training data, and model deployments while creating automated response capabilities that scale with our explosive growth. This isn't just traditional security work – you're defending cutting-edge AI/AGI systems against adversaries who are evolving their tactics as fast as AI itself advances.

This role combines hands-on security engineering with strategic thinking to stay ahead of novel threats that don't exist in textbooks yet. You'll be the operational arm of our security function, translating threat intelligence into real-time detections, coordinating incident response across multiple teams, and hunting for sophisticated attacks across GPU clusters and distributed training environments. If you're excited by the challenge of securing systems that are fundamentally different from anything you've protected before, this is your opportunity to define what AI security engineering looks like at scale.

You'll work closely with our AI Security research team, Cloud Infrastructure, Software Security Engineering, and AI researchers to build a defense-in-depth strategy that protects one of the most valuable AI platforms in the industry. The threats are real, the stakes are high, and the problems are intellectually fascinating.

This role can be based out of our San Francisco office, reporting to our head of security operations.

🦸🏻‍♀️ What you’ll do

  • Design and implement detection strategies that identify AI-specific threats including prompt injection, model extraction, data poisoning, adversarial examples, and unauthorized access to training datasets or model weights across our distributed infrastructure
  • Build automated response playbooks and orchestration workflows that contain threats without human intervention, creating self-healing security systems that reduce mean time to response from hours to minutes while automatically remediating compromised inference endpoints
  • Lead security incident response coordination across all teams (Cloud, AppSec, Enterprise, AI Security) when AI infrastructure or models are compromised, conducting forensic investigations on training pipeline attacks and model manipulation attempts while drafting clear incident communications for engineering and executive leadership
  • Hunt proactively for sophisticated threats across GPU clusters and training infrastructure by analyzing model outputs for signs of compromise, reproducing AI-specific vulnerabilities from security research, and identifying visibility gaps in distributed training environments before adversaries exploit them
  • Build detection-as-code frameworks with version control and automated deployment, onboard telemetry from AI training infrastructure and inference endpoints, and create dashboards that track model security metrics, GPU utilization patterns, and access to sensitive research data
  • Collaborate cross-functionally as the operational security partner for all teams – translating AI Security's threat research into production detections, monitoring Cloud Infrastructure's GPU clusters for threats, detecting customer-impacting incidents for Software Security Engineering, and enabling responsible AI development through security guardrails
  • Maintain 24/7 on-call rotation for critical AI security incidents, responding to real-time threats targeting our platform while continuously improving detection coverage and automation capabilities as our AI systems evolve

⭐️ What you need

  • 3-5+ years in security operations, detection engineering, or incident response with a proven track record of identifying and stopping sophisticated attacks in production environments, specifically securing AI/ML infrastructure, high-performance computing environments, or other distributed systems at scale
  • Strong programming skills in Python, KQL, SPL, or similar languages that allow you to build custom detection logic, automate response workflows, and create tools that operationalize security at scale across cloud-native and distributed computing environments
  • Experience with SIEM platforms, detection technologies, and forensic investigation techniques with demonstrated ability to build detection for novel attack techniques that don't have established patterns yet and to conduct forensics in complex distributed environments
  • Self-directed execution mindset with a track record of securing high-value intellectual property, automating incident response in complex environments, and identifying critical security gaps through proactive threat hunting before they become incidents
  • Deep alignment with WRITER's values – you naturally Connect across security, infrastructure, and AI research teams to build comprehensive defenses, you Challenge assumptions about what's possible in AI security engineering, and you Own the protection of our AI platform with unwavering accountability and a commitment to staying ahead of evolving threats

🍩 Benefits & perks (US Full-time employees)

  • Generous PTO, plus company holidays

  • Medical, dental, and vision coverage for you and your family

  • Paid parental leave for all parents (16 weeks)

  • Fertility and family planning support

  • Early-detection cancer testing through Galleri

  • Flexible spending account and dependent FSA options

  • Health savings account for eligible plans with company contribution

  • Annual work-life stipends for:

    • Wellness stipend for gym, massage/chiropractor, personal training, etc.
    • Learning and development stipend

  • Company-wide off-sites and team off-sites

  • Competitive compensation, company stock options and 401k

WRITER is an equal-opportunity employer and is committed to diversity. We don't make hiring or employment decisions based on race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Under the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

By submitting your application on the application page, you acknowledge and agree to WRITER's Global Candidate Privacy Notice.