Identify and mitigate key AI-specific threats, including: Prompt injection, jailbreaking, and adversarial inputs.
Sensitive information disclosure (e.g., data leakage via inputs/outputs).
Insecure output handling and excessive agency.
Model misuse, abuse, or overreliance.
Supply chain vulnerabilities in third-party AI services/models.
Inference-side attacks and exfiltration risks.
Partner with Engineering, Product, Legal, and Privacy teams to review AI use cases, conduct risk assessments, and recommend controls before production deployment.
Evaluate third-party AI vendors and services for security posture.
Develop, implement, and enforce technical and policy-based guardrails (e.g., input/output filtering, usage policies) for responsible AI adoption.
Support AI-related incident response, investigation, and post-incident analysis.
Perform SOC-style monitoring, alert triage, and investigation across cloud, application, and AI-enabled systems (including AI API usage and data flows).
Enhance detection rules and logging for AI-specific activity.
Contribute to threat modeling, particularly for AI integrations.
Support audit readiness and compliance with: SOC 2, PCI DSS, HIPAA (as applicable), ISO standards.
Emerging AI frameworks (e.g., NIST AI RMF, ISO 42001, OWASP Top 10 for LLMs).
Document AI security controls, risk assessments, and evidence for audits.
Collaborate with Privacy and Compliance teams to align AI usage with data protection obligations.
Monitor evolving AI regulations and translate them into actionable controls.
Serve as the go-to security advisor on AI initiatives, acting as an enabler of innovation.
Educate stakeholders on AI risks, best practices, and secure usage patterns.

Requirements

3–7 years of experience in information security, security operations, application security, or related fields.
Working knowledge of: Familiarity with AI concepts, architectures, and common risks (e.g., OWASP Top 10 for LLMs).
Experience supporting compliance/audit activities (SOC 2, PCI, HIPAA, ISO).
Strong communication skills and ability to collaborate in a fast-paced SaaS environment.
Demonstrated experience leveraging AI tools and technologies to improve workflows, enhance decision-making, or drive innovation.
Nice to Have: Hands-on experience securing AI/LLM applications or internal AI tools (e.g., guardrails, monitoring).
Deep knowledge of AI governance frameworks (NIST AI RMF, ISO 42001).
Background in SOC operations or regulated industries (fintech, payments, healthcare, legal tech).
Experience with privacy/data protection controls in AI contexts.

Benefits

Health Insurance Coverage: We offer our 8Team a variety of medical, dental, and vision plans, designed to fit your needs, including a 100% company-paid HDHP plan for employees.
Financial perks: We offer a competitive compensation and benefits package including annual bonuses, equity options and 401(k) or RRSP if in Canada, with a company match for all team members.
Time for what matters: Flexible Time Off, paid holidays, and a parental leave program for our new parents.
Wellness: Wellness stipends, mental health support, and one-on-one nutrition coaching.
Learning and Development: Continuous learning through 8am.edu, leadership programs, professional development funds, and individually focused talent development.
Giving back to the communities around us: Participate in our charitable matching gift program, paid time off for volunteer service, and company-sponsored volunteer events (both local and virtually).
Engagement: Virtual and in-person team-building events, quarterly award recognition through our Rise & Shine Award of Excellence Program, and our peer-to-peer appreciation platform.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

information securitysecurity operationsapplication securityAI conceptsAI architecturesAI governance frameworksSOC operationscompliance/audit activitiesrisk assessmentsincident response

Soft skills

strong communication skillscollaborationstakeholder educationfast-paced environment

Certifications

SOC 2PCI DSSHIPAAISO standards