Principal AI Security Engineer

Essential functions

• Security Champion: Foster a "security-first" mindset across all engineering teams through training, collaboration, and the development of secure coding guidelines.

• AI Security Governance: Establish robust guardrails to mitigate emerging AI risks, including prompt injection, data leakage, and insecure output handling.

• Spec-Driven AI Development: Guide and mentor engineering teams in crafting robust, secure specifications for AI tools (like Claude) to ensure generated code adheres to strict standards from day one.

• Threat Modeling: Conduct proactive architecture reviews and threat modeling for microservices, new features, and AI/LLM integrations before code is written.

• Collaborative Code Review: Conduct security code reviews, successfully balancing the productivity benefits of AI tools with their inherent security risks.

• Executive Communication: Explain complex security risks to diverse audiences, including developers, product managers, and C-level executives, with clarity and empathy.

• Vulnerability Management: Triage, prioritize, and assist development teams in remediating security findings.

Qualifications

• Seniority & Leadership: Proven track record operating at a Principal, Architect, or Lead level within Application Security or Product Security.

• Cloud-Native DevSecOps: Hands-on experience working with modern CI/CD tools and seamlessly integrating automated security testing into AWS environments.

• AppSec Mastery: Deep understanding of OWASP standards, secure Software Development Life Cycles (SDLC), and modern web and mobile application architectures.

• Security Automation: Proficiency in managing and automating SAST, DAST, SCA, and container security scanning tools without negatively impacting engineering velocity.

• AI-Assisted Development: Practical background working with AI coding assistants (specifically Claude) and a strong understanding of spec-driven AI development.

• Coding & Scripting: Proficiency in at least one modern programming language to write automation scripts and independently review complex codebases.

Would be a plus

• Industry Certifications: Relevant advanced security certifications (e.g., CISSP, AWS Certified Security - Specialty, CISM, CSSLP).

• Compliance Knowledge: Experience with European data privacy and compliance regulations (e.g., GDPR), given the client's location.

• Domain Experience: Previous experience securing platforms in the HR, payroll, fintech, or Employee Benefits sectors.

• Broader AI Ecosystem: Familiarity with other GenAI models (e.g., OpenAI, Gemini) and orchestration frameworks beyond Claude.

We offer

• Opportunity to work on bleeding-edge projects
• Work with a highly motivated and dedicated team
• Competitive salary
• Flexible schedule
• Benefits package - medical insurance, sports
• Corporate social events
• Professional development opportunities
• Well-equipped office

About us

Grid Dynamics (NASDAQ: GDYN) is a leading provider of technology consulting, platform and product engineering, AI, and advanced analytics services. Fusing technical vision with business acumen, we solve the most pressing technical challenges and enable positive business outcomes for enterprise companies undergoing business transformation. A key differentiator for Grid Dynamics is our 8 years of experience and leadership in enterprise AI, supported by profound expertise and ongoing investment in data, analytics, cloud & DevOps, application modernization and customer experience. Founded in 2006, Grid Dynamics is headquartered in Silicon Valley with offices across the Americas, Europe, and India.