AI AppSec Engineer V

"I can succeed as an AI AppSec Engineer V at Capital Group"

As anAIAppSecEngineer,you will work with application teams to ensure the security of custom andprocuredAI solutions.You willhelp enable Capital Group's AIstrategy bybuilding and/orprocuringsolutions toprotecta diverse set of enterprise AI platforms being built and deployed at Capital Group.You'llcollaborate with platformengineering, security engineering, and risk teams toensure their solutions support scalable, secureadoption of AI.

Additionally,you'llbe expected toprovidementoring,advising diverse teams across the organization, andpromotingAI Securityprinciples acrossCapital Group.

• Secure AI Development Lifecycle:You willprocureand/or build technical solutionstoembedautomatedsecuritychecks intothe AI SDLC and ML-Ops.
• AI Threat Modeling:You will threat model complex Agentic and AI systems and design security requirementscollaborativelywith developers,architectsand business stakeholders
• Code analysis:You will review code for security vulnerabilities in the context of AI-driven systems
• Contribute to Standards and Policies:You will providethought leadership forInformation Security policies and standards for AIin collaboration with technology risk
• AI/Agent SME:Youwill provideAI/Agent subject matterexpertisefor AI Incidentsand Security Reviews, and helpdevelop incident response playbooks for AI-related security incidents

"I am the person Capital Group is looking for."

• You have 8+years ofexperience in information security, application security,platform security, orpenetration testing,DevSecOps, networksecurityand other security disciplines.
• You have strong knowledge ofsecurity of safety risks of Large Language Models and AI Agents(OWASP for LLM Top 10, etcetera)
• You have 5+ Years ofexperienceautomating security checks, including SAST, SCA, and DAST, directly into CI/CD pipelines
• You have extensive experience with STRIDE/other threat modeling frameworks, agile workflows,
  including Scrum and Kanban
• You areexperiencedin at least oneprogramming languages (Python, Java,.NET)
• You can effectively partner and collaborate with stakeholder teams.
• You have effective communication skills andthe abilityto outline security riskstoleadership.

Preferred Qualifications:

• Youhave knowledge and experience with technologies including Kubernetes, Containers, CI/CD, and Cloud Service Providers
• You are familiar withfunctionand purpose of key AI platform components such as AI gateways (Kong, Databricks Mosaic AI Gateway, custom API orchestration), Model Orchestration (ExamplesLangChain,LlamaIndex, etc.)
• You are familiar withkey AI regulatory frameworks such asNIST AI RMF, MITRE ATLAS, GDPR, EU AI Act,etc
• You haveInformation Security certifications (CISSP, SANS G

In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.

You can learn more about our compensation and benefits here.

* Temporary positions in Canada and the United States are excluded from the above mentioned compensation and benefit plans.

We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.