Search all jobs
Browse jobs › Sr. Security Engineer (AI)

Sr. Security Engineer (AI)

Himarley · Hybrid - Boston, MA · Posted Jul 7, 2026

Apply on company site   Track it in JobSkout

Insurance touches people during some of the most challenging moments in their lives. Hi Marley is on a mission to transform how the P C industry communicates, making those moments faster, easier, and more empathetic for carriers and the customers they serve. We build AI-powered software that keeps everyone in the claims conversation informed and connected. If you believe insurance can combine operational excellence and automation with a human touch, we’d love to meet you.

As we continue to grow, we’re looking for a Sr. AI Security Engineer. Hi Marley is building an AI-native operating model: personal agents, team agents, MCP connectors, and AI deeply integrated into how we build, sell, and serve enterprise insurance carriers.

We’re looking for a Sr. AI Security Engineer to help secure how we use AI across the company, with a primary focus on Hi Marley’s internal AI environment: the tools, agents, and integrations that power how our teams work. Working within the security architecture and frameworks set by our senior security leadership, you’ll do the hands-on engineering that makes them real: threat-modeling new AI capabilities, running adversarial testing, operating the agent and MCP connector review process, and producing the evidence that lets leadership, our teams, and our auditors trust how we use AI. This role is for an experienced security engineer with genuine AI/ML depth who wants to go deep on one of the most important emerging problems in the field. Teamwork and shared enthusiasm are a core part of our culture, which is why this role involves joining us in the Boston office for 2-3 days each week.

What You’ll Do:

AI Security Engineering Threat Modeling

Apply Hi Marley’s AI security design patterns and reference architectures to LLM integrations, agent frameworks, MCP connectors, and data pipelines across the internal environment.

Lead threat modeling for new AI capabilities before they ship, identifying architectural risks and driving mitigations into the design phase.

Implement and enforce controls for agent isolation, least-privilege execution, credential scoping, and data-boundary enforcement in agentic environments.

Maintain a current inventory of AI tools and integrations in use across the organization, tracking data flows, permission scopes, and access controls.

Track emerging AI security research, attack techniques, and defensive tooling, and bring relevant findings into our practices.

AI Security Program Execution

Run the risk assessment process for internal AI tools, integrations, and third-party model providers against the established methodology .

Execute the AI red-teaming cadence ( e.g. a dversarial testing for prompt injection, data exfiltration, model manipulation, and jailbreaking ) and drive remediation.

Operate the agent and MCP connector lifecycle, from proposal through approval, deployment, monitoring, and retirement.

Own the security evaluation of new AI tool requests, including vendor risk assessments, data-handling reviews, and baseline configuration; surface unapproved tools and bring them under governance.

Maintain AI security incident response runbooks and help respond when something goes wrong.

Track and report AI security metrics that demonstrate program health.

Trust, Compliance Collaboration

Produce compliance evidence and documentation for AI systems supporting SOC 2 Type II examinations and ISO 42001 certification.

Translate technical decisions into clear, auditor-ready explanations of what we do, how it works, and why it is safe.

Partner with AI Operations and Corporate IT to embed security into the internal AI platform : access controls for inference APIs, isolation for cloud-hosted agentic workloads, and endpoint/DLP configuration.

Contribute employee-facing guidance on safe AI use .

What We’re Looking For:

Required

5+ years in security engineering, application security, or infrastructure security, with hands-on exposure to AI/ML systems.

Experience securing or building LLM-based systems, agentic frameworks, or ML pipelines in cloud environments.

Solid understanding of AI-specific attack surfaces: prompt injection, tool-use exploitation, privilege escalation through inherited access, data poisoning, and model/ training-data leakage.

Hands-on familiarity with how AI systems actually work . Y ou’ve built with them, not just read about them.

Strong proficiency in Python and experience building security tooling, automation, and testing.

Strong working knowledge of AWS security: IAM, networking, container isolation, encryption, and monitoring.

Familiarity with compliance frameworks (SOC 2, ISO 27001, ISO 42001, NIST AI RMF) and mapping technical controls to audit requirements.

Ability to communicate technical risk clearly to engineers, auditors, and stakeholders.

Preferred

Experience running or contributing to AI red-teaming or adversarial testing.

Experience with MCP s, agent orchestration frameworks, or similar agentic infrastruct…

Apply on company site