AI Security Engineer Jobs: What the Role Is and Who's Hiring

What is an AI security engineer?

An AI security engineer secures systems that contain models — and, increasingly, builds security products out of models. The defensive half of the job covers the attack surface that arrives with AI: prompt injection through any text an agent reads, model and data supply chains, exfiltration through tool calls, and the identity problem of non-human actors holding real credentials. An agent that books refunds or queries a customer database has the blast radius of a production service, and an agent running on a shared credential cannot be individually revoked when it misbehaves — bounding that is this role's core work.

The current postings split cleanly into two directions, and it pays to know which one you are applying to. One set secures AI: Wiz's four AI Security Researcher openings, Anthropic's Applied AI Security Architect, OpenAI's technical program manager for adversarial model research, Stripe's backend engineer for AI security. The other set builds AI for security: Cohere's senior software engineer for security agents, Reddit's machine learning engineer for GenAI security, and HiddenLayer's platform engineers building a product whose subject matter is model protection. The interview loops differ accordingly — red-team instincts and adversarial thinking for the first, ML engineering depth for the second.

Both directions share one premise: classic application security does not transfer unmodified. Input validation assumes you can enumerate bad inputs; a model's input space is all of language.

Skills and tools

Grounded in the 13 postings: adversarial model research and red-teaming (OpenAI, Wiz), security architecture for applied AI deployments (Anthropic), backend and full-stack engineering on security platforms (Stripe, HiddenLayer), ML engineering applied to abuse and GenAI threats (Reddit), and agent-building for security workflows (Cohere). Cloud security fundamentals are assumed — Wiz's openings sit inside a cloud security product, and HiddenLayer wants full-stack cloud engineers. Seniority skews mid-level (9 of 13), with two senior and two manager-level roles, so this is one of the few agentic categories where you do not need a decade of prior art — partly because almost nobody has one in this field.

How to break in

The two directions suggest two routes. From security: take an existing appsec or cloud security background and add the model-specific attack surface — prompt injection, tool-call abuse, model supply chain — which is learnable in months because the public corpus is still small. From ML: engineers in AI engineer or agent engineer roles who have had to defend an agent's tool access already hold half the job. Published research travels unusually far here; four of the 13 openings are titled "Researcher", and a single well-documented attack or defence write-up is a stronger signal than a certification.

Adjacent roles: agent ops engineer (you secure it, they run it — the audit-trail work overlaps), AI governance lead (the policy counterpart to your controls), evals engineer (safety evals border directly on security testing), and AI solutions architect or forward deployed engineer if you want to do this work customer-side.

Skills appearing in real postings

Hiring for this role right now

• Wiz 5 roles New York Careers ↗
• AT&T 3 roles Dallas Careers ↗
• TJX 3 roles Framingham MA Careers ↗
• NVIDIA 2 roles Santa Clara Careers ↗
• HiddenLayer 2 roles Austin Careers ↗

Live from the Agentic AI Jobs Index, updated 16 June 2026.

Salary

None of the 13 tracked postings discloses a range. The nearest public benchmark is the general security engineering market: levels.fyi reports a median security software engineer package of $202,280 in the US — across all specialisations, not AI-specific, and concentrated at large tech employers. Disclosed ranges for AI-titled security roles remain too sparse to summarise honestly.

Sources: levels.fyi — security software engineer