AI Security Infrastructure Engineer (B3167)

Research, evaluate, and design AI Security Infrastructure solutions to mitigate security control gaps and support leadership strategy.,Conduct proof-of-concepts (PoC's) for new security technologies and protocols.,Support hardening efforts for mission-critical assets across Azure, Google Cloud, and On-Premises environments.,Evaluate and secure emerging standards for multi-agent workflows (A2A, MCP).,Conduct deep security assessments and validation for third-party LLM and RAG applications.,Support threat modeling for new AI applications and pipelines to identify design flaws and adversarial attack vectors.,Support the design, build, and testing of security controls against AI/ML attacks (OWASP Top 10 for LLM Applications, Mitre Atlas).,Define and implement security designs for Identity and Access Management (IAM), specializing in non-human identities, service principles, and cross-cloud access.,Own the security strategy for AI service consumption, including hardening API Gateways and securing authentication flows (OAuth 2.0/OIDC).,Design and PoC secure storage, injection, and rotation of confidential data (API keys, model weights) using solutions like Azure Key Vault and GCP Secret Manager.,Establish security configuration baselines and network segmentation (Private Link, VPC Service Controls) for AI-specific cloud resources on Azure and GCP.,Provide infrastructure security expertise and tooling for the AI Red Team program.,Collaborate with DevOps, Governance, Vulnerability Management, and Platform Engineering to translate PoCs into production-ready solutions and Infrastructure as Code (IaC) controls.

7+ years of progressive experience in Cybersecurity, Cloud Security Engineering, or Application Security.,Hands-on experience securing platforms and services in Microsoft Azure and Google Cloud Platform (GCP), with an understanding of hybrid security models.,In-depth knowledge of Identity and Access Management (IAM) concepts, including implementation experience with OAuth 2.0/OIDC and modern token-based authentication systems.,Solid background in designing and testing the security of REST APIs and associated middleware (API Gateways, WAFs).,Practical experience designing or implementing solutions for secure secret storage and retrieval (e.g., Azure Key Vault, GCP Secret Manager, HashiCorp Vault, Hardware Security Modules).,Ability to script in Python, Go, PowerShell, or similar languages (Python preferred) for security tool evaluation, PoC implementation, and security automation.,Good understanding of AI security frameworks such as OWASP Top 10 for LLM Applications, OWASP API Top 10, Mitre Atlas.,3+ years leading A.I. programs.,Strong understanding of the AI/ML development lifecycle and unique security risks associated with Generative AI, LLMs, and RAG architectures.,Familiarity with security implications of emerging agent collaboration protocols (A2A and MCP).,Experience with risk assessment, vulnerability research, or threat modeling focused on AI systems.,Desired: Relevant professional certifications (e.g., Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, CISSP, CCSP).,Desired: Experience securing containerized environments (Kubernetes/AKS/GKE).,Desired: Familiarity with Infrastructure as Code (IaC) tools such as Terraform or Pulumi.

This job opportunity is subject to provincial regulation for employment purposes. It is imperative to acknowledge that each province or territory within the jurisdiction of Canada may have its own set of regulations, requirements.