Senior Staff Security Engineer, AI

Ripple Ripple · Fintech · San Francisco, CA +1 · Engineering

Senior Staff Security Engineer focused on AI Security, responsible for securing AI systems and leveraging AI for security enhancement. This role involves leading technical strategy for AI security across the agentic SDLC, defining guardrails for LLM and agentic AI adoption, building AI-powered security tooling, and shaping Ripple's external AI security posture.

What you'd actually do

  1. Drive the AI Security technical strategy and roadmap, defining how Ripple secures its AI systems, governs agentic workflows, and embeds security controls into the AI development lifecycle from day one.
  2. Design and implement security controls for LLM-integrated and agentic AI systems, including sandboxing, identity and permission scoping, runtime monitoring, and containment of autonomous agent actions that exceed authorized scope.
  3. Own AI security across the Controlled Agentic SDLC, establishing security guardrails, AI provenance standards, dual-review requirements, and audit trail controls for AI-assisted development across Ripple Engineering.
  4. Lead the security review and risk assessment of all AI integrations entering production, including LLM APIs, SaaS copilots, AI code editors, agentic workflows, third-party MCP servers, and vendor-embedded AI.
  5. Build and scale Ripple's Shadow AI detection capability, surfacing unsanctioned AI usage, driving adoption of the AI acceptable use policy, and ensuring all AI workflows operate within Ripple's auditable perimeter.

Skills

Required

  • 10+ years of Security Engineering experience
  • Demonstrated depth in Product Security, Cloud Security, or Security Operations
  • Meaningful hands-on exposure to AI or ML security in practice
  • Solid understanding of AI and LLM security concepts (prompt injection, jailbreaks, data poisoning, model extraction, RAG manipulation, agentic risks)
  • Experience securing agentic AI systems (sandboxing, permission scoping, human-in-the-loop design, runtime monitoring)
  • Fluency with core Security Engineering domains (cloud security on AWS, GCP, or Azure, CI/CD pipeline security, container and Kubernetes security, IAM, API security)
  • Strong threat modeling instincts (STRIDE, MITRE ATLAS, OWASP LLM Top 10)
  • Ability to work across teams and influence technical direction
  • Comfort building in ambiguity and raising the bar in a developing area

Nice to have

  • Experience in FinTech, crypto, or other highly regulated environments
  • Exposure to frameworks like NYDFS, MAS, DORA, or SOC 2 as they relate to AI adoption

What the JD emphasized

  • AI Security
  • agentic AI
  • LLM
  • security controls
  • agentic SDLC
  • security review
  • risk assessment
  • Shadow AI detection
  • agentic risks
  • prompt injection
  • tool poisoning
  • excessive agency
  • multi-agent systems

Other signals

  • AI Security Strategy
  • Securing AI Systems
  • AI-Powered Security Tooling
  • Agentic SDLC Security
  • LLM Security