Distro

AI Product Security Engineer

Distro

full-time

Posted on:

Location Type: Remote

Location: MissouriUnited States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $65 - $120 per hour

Job Level

SeniorLead

About the role

  • Serve as the in-house expert on AI security threat models and standards
  • Apply and operationalize the OWASP Top 10 for LLM Applications and Agentic Applications (2026)
  • Create client-specific mappings for required controls and approval conditions
  • Lead AI security testing that is fast, thorough, and AI-accelerated
  • Design and conduct adversarial evaluations for agentic tools
  • Use AI to accelerate security efforts by building automated test harnesses, reproducible PoCs, and regression suites for new releases
  • Deliver clear outputs including reproduction steps, severity rationale, mitigations, vendor requests, and guardrails, while pushing for systemic fixes
  • Shape client-side defenses and reference architectures
  • Define minimum bar guardrail architectures for AI developer tooling
  • Collaborate with other security teams to ensure policies are enforceable and not just documented
  • Standardize vendor and model onboarding
  • Develop reusable artifacts such as standard security and telemetry requirements, and default trust tiers
  • Provide guidance for hosting open-source models
  • Promote developer-facing clarity and adoption
  • Publish and maintain clear guidance on desktop agents vs IDE/CLI agents
  • Clarify safe defaults vs behavior restrictions with measurable outcomes
  • Conduct office hours and enablement sessions to align stakeholders on a shared playbook

Requirements

  • 8+ years in security engineering (AppSec, offensive security, or security architecture), including 1+ years focused on GenAI/LLM/agentic security
  • Proven expertise in the OWASP LLM Top 10 and applying it to real systems
  • Proven expertise in agentic system risks and applying the OWASP Agentic Top 10 (2026)
  • Experience in secure software architecture
  • Strong hands-on skills for executing and explaining complex security testing, including reproducible PoCs and clear mitigations
  • Proven ability to write scalable standards and achieve cross-team alignment
  • Excellent communication skills with senior engineers and security specialists
  • Experience securing developer tools (IDEs, CLIs, desktop agents), plugin ecosystems, and execution environments
  • Familiarity with MCP-style tool calling/agent integrations and governance challenges
  • Experience building policy-as-code, evaluation automation, or security gates for tool onboarding
  • Experience engaging vendors to influence product improvements
  • Security certifications (OSCP, CISSP, etc.) are a plus, but demonstrated AI security expertise is more important.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
AI security threat modelsOWASP Top 10adversarial evaluationsautomated test harnessesreproducible PoCssecurity testingsecure software architecturepolicy-as-codeevaluation automationsecurity gates
Soft Skills
communication skillscross-team alignmentguidancecollaborationclarityleadershipstakeholder alignmentsystemic thinkingproblem-solvinginfluence
Certifications
OSCPCISSP