Senior Staff Security Engineer, AI

THE WORK:

As a Senior Staff Security Engineer focused on AI Security, you will be Ripple's deepest technical expert at the intersection of artificial intelligence and security. This is a purpose-built, high-impact individual contributor role that spans two critical mandates: securing AI systems that Ripple builds and operates, and harnessing AI to make Ripple's security function faster, smarter, and more scalable.

You will lead the technical strategy for AI security across the agentic SDLC, define and operationalize guardrails for LLM and agentic AI adoption, and build AI-powered security tooling in close partnership with the broader organization to embed AI security into how Ripple operates every day. You will also shape Ripple's external posture on AI security, contributing to industry standards, regulatory discussions, and Ripple's published security practices.

WHAT YOU’LL DO:

• Drive the AI Security technical strategy and roadmap, defining how Ripple secures its AI systems, governs agentic workflows, and embeds security controls into the AI development lifecycle from day one.


• Design and implement security controls for LLM-integrated and agentic AI systems, including sandboxing, identity and permission scoping, runtime monitoring, and containment of autonomous agent actions that exceed authorized scope.


• Own AI security across the Controlled Agentic SDLC, establishing security guardrails, AI provenance standards, dual-review requirements, and audit trail controls for AI-assisted development across Ripple Engineering.


• Lead the security review and risk assessment of all AI integrations entering production, including LLM APIs, SaaS copilots, AI code editors, agentic workflows, third-party MCP servers, and vendor-embedded AI.


• Build and scale Ripple's Shadow AI detection capability, surfacing unsanctioned AI usage, driving adoption of the AI acceptable use policy, and ensuring all AI workflows operate within Ripple's auditable perimeter.


• Serve as Ripple's go-to technical resource on agentic AI risks, including MCP server security, tool poisoning, prompt injection at the orchestration layer, and excessive agency in multi-agent systems, translating emerging threats into concrete mitigations with Engineering and Product.


• Shape Ripple's external AI security posture, contributing to industry frameworks, engaging regulators, and publishing research that establishes Ripple as a credible voice in responsible AI security. 

WHAT YOU'LL BRING: 

• 10+ years of Security Engineering experience with demonstrated depth in at least two domains, such as Product Security, Cloud Security, or Security Operations, and meaningful hands-on exposure to AI or ML security in practice.


• Solid understanding of AI and LLM security concepts, including prompt injection, jailbreaks, data poisoning, model extraction, RAG manipulation, and agentic risks such as tool poisoning, excessive agency, and MCP server vulnerabilities.


• Experience securing agentic AI systems, including sandboxing, permission scoping, human-in-the-loop design, or runtime monitoring for autonomous workflows.


• Fluency with core Security Engineering domains including cloud security on AWS, GCP, or Azure, CI/CD pipeline security, container and Kubernetes security, IAM, and API security, with the ability to reason about how these apply in AI-specific contexts.


• Strong threat modeling instincts, whether using STRIDE, MITRE ATLAS, OWASP LLM Top 10, or your own approach, and comfort applying frameworks to architectures where the playbook remains in development.


• Experience in FinTech, crypto, or other highly regulated environments is a strong plus, ideally with exposure to frameworks like NYDFS, MAS, DORA, or SOC 2 as they relate to AI adoption.


• Proven ability to work across teams, influence technical direction without direct authority, and bring structure to problems that span Engineering, Product, and Security.


• A genuine builder's mentality. You are energized by problems without established playbooks, comfortable building in ambiguity, and motivated by raising the bar in an area that is still being defined.

Other common names for this role: AI Security Architect, LLM Security Engineer, Agentic AI Security Lead