What you'd actually do

help drive the development of scalable technical security controls that enhance business agility and reduce risk

focus on GenAI Security for workforce-related business scenarios

focus on securing Netflix's workforce-facing GenAI initiatives, particularly third-party solutions for business productivity scenarios such as low-code/no-code agents and RAG enterprise search

identifying and mitigating GenAI threats, educating stakeholders, and providing direct security support to internal partners

evaluating the security posture of third-party GenAI products and their integration with internal/external systems (via MCP, OAuth, etc.)

Skills

Required

Ability to learn and spin up rapidly on quickly evolving GenAI solutions and security concerns
Some exposure to commercially available GenAI solutions related to search (RAG) and low-code/no-code agentic solutions from major AI 3rd party vendors.
High-level understanding of Machine Learning/AI fundamentals and architecture, including MCP, A2A, and LLMs
High-level understanding of GenAI Governance
GenAI threat taxonomy knowledge - OWASP GenAI Top 10.
Threat Modeling/Penetration Testing/Code Review/Code Comprehension Skills
Familiarity with modern GenAI development tools and techniques
Familiarity with Third-Party Risk Management (TPRM) methodologies
Scripting (must be able to script, not to production level, and use of GenAI is sufficient)
Autonomously drives work delivery (bias to action)
Cross-functional collaboration skills
High-level familiarity with the functionality of commercially available corporate security tooling in the areas of endpoint, identity, data, and vendor security.
Ability to navigate ambiguity by taking strategic goals and decomposing them into actionable project plans
Using measurement and metrics to drive decision-making and outcomes

Nice to have

Value a deeply collaborative team.
Use data to inform your judgment, and to support and communicate your decisions.
Effectively communicate complex subjects to our internal customers and partners.
Enjoy taking full ownership of open-ended problems, from concept to product, and effectively managing your own time.
Care about improving the systems around you and leaving things better than you found them.
Believe a diverse and inclusive team is a critical aspect of a sustainable and effective work environment.
Empathize with your customers, and have an interest in the overall product lifecycle.
Challenge the status quo and seek to find novel and customer-centric ways to solve problems.

At Netflix, our mission is to entertain the world. Together, we are writing the next episode - pushing the boundaries of storytelling, global fandom and making the unimaginable a reality. We are a dream team obsessed with the uncomfortable excitement of discovering what happens when you merge creativity, intuition and cutting-edge technology. Come be a part of what’s next.

About the Team

Netflix's Workforce Security team protects its employees, endpoints, and vendors by implementing controls for secure user access, SaaS and vendor usage, and endpoint security. The goal is to address security risks while pragmatically enabling business agility, leveraging risk-based approaches rather than policy mandates, and building strong cross-functional partnerships across the company.

About the Role

We seek a talented L5 Security Engineer specializing in Generative AI (GenAI) Security to join our team. This role is critical to identifying and managing the risks posed by existing and emerging GenAI threats within Netflix.

You will help drive the development of scalable technical security controls that enhance business agility and reduce risk. In this role, your primary focus will be on GenAI Security for workforce-related business scenarios.

This Workforce Security Engineer role primarily focuses on securing Netflix's workforce-facing GenAI initiatives, particularly third-party solutions for business productivity scenarios such as low-code/no-code agents and RAG enterprise search. Key responsibilities include identifying and mitigating GenAI threats, educating stakeholders, and providing direct security support to internal partners. The engineer will focus on evaluating the security posture of third-party GenAI products and their integration with internal/external systems (via MCP, OAuth, etc.). This will be done by conducting risk-based security assessments, developing hardening guides and remediation strategies, and performing technical validation via threat modeling, penetration testing, code review (when possible), and control-based attestation using classical Third Party Risk Management (TPRM) techniques.

The role also involves scaling our team’s security capabilities by prototyping new tooling, leveraging GenAI for security automation, and performing build-vs-buy evaluations.

Finally, the role requires strong business acumen to translate complex technical risks into clear business risks for stakeholders, informing trade-off decisions. Operational duties include standard business-hours support for the Workforce Security Operations and infrequent 24/7 Incident Response participation.

You should have:

Ability to learn and spin up rapidly on quickly evolving GenAI solutions and security concerns
Some exposure to commercially available GenAI solutions related to search (RAG) and low-code/no-code agentic solutions from major AI 3rd party vendors. Any of: Anthropic, OpenAI, Google, Microsoft
High-level understanding of Machine Learning/AI fundamentals and architecture, including MCP, A2A, and LLMs
High-level understanding of GenAI Governance
GenAI threat taxonomy knowledge - OWASP GenAI Top 10.
Threat Modeling/Penetration Testing/Code Review/Code Comprehension Skills
Familiarity with modern GenAI development tools and techniques
Familiarity with Third-Party Risk Management (TPRM) methodologies
Scripting (must be able to script, not to production level, and use of GenAI is sufficient)
Autonomously drives work delivery (bias to action)
Cross-functional collaboration skills
High-level familiarity with the functionality of commercially available corporate security tooling in the areas of endpoint, identity, data, and vendor security.
Ability to navigate ambiguity by taking strategic goals and decomposing them into actionable project plans
Using measurement and metrics to drive decision-making and outcomes

You will succeed in this role if you:

Value a deeply collaborative team.
Use data to inform your judgment, and to support and communicate your decisions.
Effectively communicate complex subjects to our internal customers and partners.
Enjoy taking full ownership of open-ended problems, from concept to product, and effectively managing your own time.
Care about improving the systems around you and leaving things better than you found them.
Believe a diverse and inclusive team is a critical aspect of a sustainable and effective work environment.
Empathize with your customers, and have an interest in the overall product lifecycle.
Challenge the status quo and seek to find novel and customer-centric ways to solve problems.

Generally, our compensation structure consists solely of an annual salary; we do not have bonuses. You choose each year how much of your compensation you want in salary versus stock options. To determine your personal top of market compensation, we rely on market indicators and consider your specific job family, background, skills, and experience to determine your compensation in the market range. The range for this role is $400,000.00 - $680,000.00. This compensation range will vary based on location.

Netflix provides comprehensive benefits including Health Plans, Mental Health support, a 401(k) Retirement Plan with employer match, Stock Option Program, Disability Programs, Health Savings and Flexible Spending Accounts, Family-forming benefits, and Life and Serious Injury Benefits. We also offer paid leave of absence programs. Full-time hourly employees accrue 35 days annually for paid time off to be used for vacation, holidays, and sick paid time off. Full-time salaried employees are immediately entitled to flexible time off. See more details about our Benefits here.

Netflix is a unique culture and environment. Learn more here.

Inclusion is a Netflix value and we strive to host a meaningful interview experience for all candidates. If you want an accommodation/adjustment for a disability or any other reason during the hiring process, please send a request to your recruiting partner.

We are an equal-opportunity employer and celebrate diversity, recognizing that diversity builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.

Job is open for no less than 7 days and will be removed when the position is filled.