[Remote] Senior AI Security Engineer

Note: The job is a remote job and is open to candidates in USA. Wilson Sonsini is looking for a Senior AI Security Engineer to join the Security Operations team. This role involves architecting secure AI systems and managing the firm’s AI security engineering function, ensuring that AI workflows are secure and trustworthy in a legal environment.

Responsibilities

• Collaborate on designing secure-by-default patterns for LLM integration, agentic workflows, retrieval-augmented generation (RAG) pipelines, and MCP server deployments across firm systems
• Lead security architecture reviews for MCP (Model Context Protocol) integrations — evaluating tool definitions, server trust boundaries, prompt injection attack surfaces, and tool call authorization models before any MCP server is connected to firm data or workflows
• Build and operate AI threat modeling and red teaming capabilities — developing adversarial test suites for prompt injection, jailbreaking, data exfiltration via LLMs, model inversion, and supply chain attacks on AI/ML dependencies
• Engineer secure data pipelines for AI systems — implementing data loss prevention controls, confidentiality boundaries, and least-privilege access patterns for LLMs interacting with firm data
• Partner with IT, Information Security, and practice group leaders to evaluate and approve AI vendor integrations
• Develop and maintain security standards and engineering guardrails for AI development across the firm — including secure coding practices for AI-adjacent code, model output validation, hallucination detection controls, and audit logging for AI-assisted attorney workflows
• Perform related duties as assigned by supervisor
• Maintain compliance with all company policies and procedures

Skills

• Bachelor's degree in Computer Science, cybersecurity, or a related technical field required
• 5+ years of experience in application security, cloud security, or AI/ML engineering, with at least 2 years focused on AI system security — building, breaking, or hardening LLM-based or agentic AI systems in production environments
• Hands-on familiarity with the Model Context Protocol (MCP) — including how MCP servers are structured, how tool definitions are exposed to models, how to audit MCP server codebases for injection vulnerabilities, and how to implement secure MCP deployment patterns in enterprise environments
• Demonstrated experience with AI threat modeling — including OWASP LLM Top 10, adversarial ML attack techniques (prompt injection, jailbreaking, data poisoning, model extraction), and practical mitigations that work in production rather than just in theory
• Solid command of cloud security fundamentals (AWS, Azure, or GCP) as applied to AI workloads — including secure API gateway configuration, secrets management for model API keys, network isolation for AI inference endpoints, and identity-aware proxy patterns for LLM access control
• Experience securing agentic AI systems — understanding how multi-step reasoning pipelines, tool-using agents, and autonomous AI workflows introduce novel attack surfaces, and how to implement guardrails, human-in-the-loop controls, and scoped permissions that prevent runaway or adversarially manipulated agents
• Intellectual curiosity and a builder's mindset — this role is for someone who gets energized by the pace of AI development and who stays current not just by reading about AI security but by experimenting with models, tools, and attack techniques firsthand
• Comfortable working in a fast-moving environment where the AI landscape shifts faster than any governance framework can keep up — able to make sound risk judgments under ambiguity and bring stakeholders along with you
• Self-directed and resourceful — able to build a program from the ground up, prioritize intelligently across competing demands, and drive work to completion without waiting to be told exactly how
• Experience in a law firm is a plus — more important is the ability to communicate complex AI security concepts clearly to non-technical stakeholders, including attorneys and firm leadership who need to make informed decisions without a security background
• Relevant certifications (OSCP, GREM, Azure Security Engineer, or similar) are valued; more important is demonstrated hands-on work — a strong GitHub profile, original research, or CTF wins speaks louder than credentials alone

Benefits

• The compensation for this position may include a discretionary year-end merit bonus based on performance.
• We offer a highly competitive salary and benefits package.

Company Overview

Company H1B Sponsorship