AI Security Engineer

At Cetera, our Information Security organization protects employees, advisors, and clients from evolving cyber threats across cloud, SaaS, and emerging AI-enabled technologies. As artificial intelligence capabilities expand across the enterprise, Cetera is investing in secure AI adoption, governance, and risk mitigation to ensure innovation aligns with regulatory and security expectations.
We are seeking a skilled security engineer with a strong cloud and application security background to lead and support the secure design, deployment, and governance of AI-driven systems. This role will serve as a key bridge across IT Risk, Cloud Security, Cloud Engineering, and Application Development teams, ensuring AI and cloud services are implemented securely within a regulated financial environment. 
 

What will you do:
•    Identify, assess, and mitigate security risks associated with AI/ML systems
•    Implement controls aligned to OWASP Top 10 for LLMs and NIST AI RMF
•    Perform threat modeling for AI-enabled applications
•    Propose and validate technical guardrails to prevent unauthorized AI actions and support secure AI development
•    Identify and assess risk from unsanctioned AI tool usage across the enterprise
•    Evaluate third-party AI tools for risk and compliance
•    Design and secure cloud-based AI workloads
•    Integrate security into CI/CD pipelines
•    Partner with IT Risk, Cloud Security, and Engineering teams
•    Support incident response for AI and cloud-related threats
•    Develop security standards, runbooks, and architecture documentation
•    Support audits and regulatory compliance activities

What you will have:
•    5+ years of experience in cloud security, application security, or a combination of both
•    Hands-on experience securing cloud-native infrastructure and applications
•    Experience with DevSecOps practices and integrating security into CI/CD pipelines
•    Understanding of AI/ML concepts and the ability to apply security principles to AI-enabled systems
•    Familiarity with OWASP (including Top 10 for LLMs) and NIST frameworks (including AI RMF)
•    Experience in regulated environments (financial services or FINRA preferred)
•    Strong communication skills across technical and non-technical stakeholders

Preferred Qualifications:
•    Experience with AWS Bedrock or other AI/ML platforms
•    Certifications such as AWS Security Specialty, AWS Certified Generative AI Developer – Professional, CISSP, or CCSP
•    Experience with SAST/DAST tools
•    Exposure to AI governance and risk frameworks
•    Familiarity with AI-specific threats such as prompt injection, model poisoning, and data exfiltration