Senior Security Engineer, AI Security

Reddit Reddit · Consumer · San Francisco, CA · Privacy and Assurance

Senior Security Engineer focused on securing AI-powered products at Reddit. The role involves threat modeling LLM and agentic workflows, building security primitives like guardrails and scanners, and designing security tooling for inference, retrieval, and execution paths. The ideal candidate combines product security judgment with engineering skills to identify and mitigate AI security risks.

What you'd actually do

  1. Review and threat model AI-powered product features, LLM integrations, agentic workflows, MCP servers, tools, plugins, retrieval systems, model outputs, and internal AI tools before launch.
  2. Build reusable AI security primitives such as guardrails, scanners, policy checks, tool-use controls, registries, sandboxes, libraries, and workflow-native enforcement points.
  3. Design security tooling that can sit in the inference, retrieval, or execution path to detect and prevent prompt injection, jailbreaks, tool misuse, data leakage, unsafe code generation, and suspicious agent behavior.
  4. Partner with teams building products and platforms with AI to define practical security controls that fit how they design, build, and ship.
  5. Proactively find, fix, and prevent AI security issues, while making any required product or engineering changes clear and low-friction for partner teams.

Skills

Required

  • 5+ years of experience in product security, application security, software security, security engineering, backend engineering, or security platform engineering.
  • Strong application security fundamentals, including secure design review, threat modeling, code review, vulnerability prioritization, and practical remediation.
  • Experience in building reliable backend services.
  • Hands-on experience building security automation, developer tooling, libraries, infrastructure, or platform controls.
  • Familiarity with AI, LLM, or agentic system risks such as prompt injection, jailbreaks, insecure tool use, tool poisoning, data leakage, unsafe model outputs, and abuse of AI-assisted workflows.
  • Ability to reason across trust boundaries, including user input, model context, retrieval systems, backend services, tool calls, MCP servers, third-party integrations, sandboxed execution, logs, and frontend rendering.
  • Practical understanding of infrastructure security concepts such as identity, authorization, network boundaries, secrets, cloud environments, containers, isolation, runtime policy enforcement, and least privilege.
  • Strong engineering judgment about when to block launch, when to accept risk, and how to sequence practical remediations.
  • Clear communication skills with the ability to explain technical security risk and business impact to engineers, product managers, and leadership.

Nice to have

  • Experience securing AI/LLM products, AI-assisted development tooling, agent frameworks, MCP-style tool ecosystems, retrieval-augmented generation systems, or model-integrated workflows.
  • Experience building guardrails, policy engines, secure frameworks, scanners, linters, CI/CD checks, registries, gateways, or other developer-facing security platforms.
  • Familiarity with agent sandboxing, workload identity, network policy, tool permissioning, AI red teaming, or LLM evaluation.
  • Experience scanning or governing AI agent components such as skills, prompts, MCP servers, tool manifests, generated code, dependencies, or model-connected workflows.
  • Familiarity with machine learning systems, model evaluation, AI data flows, or data governance for AI products.
  • Experience with Go, Python, JavaScript, or TypeScript.
  • Experience partnering with privacy, trust and safety, infrastructure, platform, or machine learning teams.
  • Hands-on experience securing distributed systems or cloud-native applications, including Kubernetes, APIs, and microservices.
  • Track record of mentoring engineers or raising the security bar through guidance, tooling, or reusable patterns.

What the JD emphasized

  • AI Security
  • AI-powered product designs
  • threat model LLM and agentic workflows
  • secure AI development
  • AI security risks
  • prompt injection
  • jailbreaks
  • tool misuse
  • data leakage
  • unsafe code generation
  • suspicious agent behavior
  • AI/LLM products
  • agent frameworks
  • retrieval-augmented generation systems
  • model-integrated workflows

Other signals

  • AI Security
  • Threat Modeling LLM and Agentic Workflows
  • Build Reusable Security Primitives
  • Secure AI Development