Enterprise Security Engineer (AI & Enterprise Security)

We're looking for a motivated engineer to help secure the most critical AI initiatives across the business.

Most application security engineers spend their careers on the product side. This role puts you on the other side: AI-era security for the business itself, not the product customers use. You'll work alongside the CISO on problems most companies don't have a playbook for yet.

The work is product security with an enterprise scope. Internal apps, AI tools, and agents are products that need the same threat modeling, secure design, and engineering rigour as anything customer-facing.

Alongside enterprise security work, you'll build tooling, automation, and agents that help the broader security team scale with AI.

You're curious, proactive, and hands-on. We'll back you with the resources and exposure to do your best work.

This is a hands-on role. Bring initiative. We'll give you the problems worth solving.

What You'll Do

Secure Development Standards

• Develop secure SDLC standards for internal apps and AI workflows
• Build patterns, reference architectures, and the documentation teams need to self-serve
• Work with business teams to raise the profile of security and adopt secure practices, especially for AI and low-code

Threat modeling and risk assessment

• Conduct threat modeling, risk assessments, and technical security reviews for enterprise systems, internal apps, and AI and agentic deployments
• Identify and prioritize security risks; advise risk, compliance, audit, and business teams on mitigations
• Translate findings into actionable enterprise controls and detection requirements

AI and agentic security

• Design safeguards for enterprise AI tooling, including agents and non-human identities
• Evaluate and integrate emerging AI/ML security tools
• Stay current with the AI security landscape

Building and automation

• Engineer and automate AI-first security workflows that scale the wider Security team
• Build for the enterprise domain in a way that benefits Product Security, SOC, and GRC

Security expertise

• Hands-on experience in software and enterprise security
• Desirable: working knowledge in any of SaaS, cloud, IAM, or endpoint security

Secure SDLC

• Proficiency in secure SDLC fundamentals, including threat modelling, secure design, vulnerability management, and CI/CD security

Engineering and tooling

• Comfortable writing and reviewing code (Python, Go, TypeScript, or similar)
• Experience building integrations and automating security workflows
• Experience with security tools at scale - SAST, DAST, SIEM, endpoint, cloud, identity, AI/ML, vulnerability management platforms

AI and agentic security knowledge

• Understanding of AI/ML security risks, attack vectors, and vulnerabilities
• Familiarity with agentic AI frameworks and generative AI tools

Communication and interpersonal skills

• Exceptional written and verbal communication; able to translate complex security concepts for any audience
• Strong interpersonal skills; build trust and credibility quickly across technical and non-technical teams
• Drive outcomes through collaboration

Mindset

• Self-starter with initiative and ownership
• Hacker mindset - figures out the problem, then solves it
• Thrives in ambiguity

• Hybrid - Full time
• Travel required Adjustments will be considered to accommodate individual needs in line with applicable equality and disability legislation.

CloudBees enables enterprises to deliver scalable, compliant, and secure software, empowering developers to do their best work. Seamlessly integrating into any hybrid and heterogeneous environment, CloudBees is more than a tool—it's a strategic partner in your cloud transformation journey, ensuring security, compliance, and operational efficiency while enhancing the developer experience.