Senior AI Security Engineer

We are seeking a Senior Security Engineer with experience in cloud and AI security to help design, build, and scale security controls that protect our firm's systems, applications, cloud environments, and data-while enabling developer velocity or enduser productivity. This role is responsible for strengthening the firm's security posture through automation, secure platform design, and proactive risk mitigation. A significant focus will be on securing AI/ML platforms and AIenabled applications across their full lifecycle, from development through deployment and runtime operations., * Design and build Identity and Access Management solutions to support AI agent identities, including secure agent authentication, authorization, delegation, credential management , workload identity, tool/API access control, least-privilege enforcement, auditability, and lifecycle management across Windows, Linux, onprem infrastructure, cloud, Kubernetes, application, and enterprise environments.

• Define and operationalize a NonHuman Identity (NHI) strategy for agentic workflows (agents, tools, service principals, service accounts, bots), including identity issuance and binding to code/runtime, credential rotation and revocation, secrets isolation, stepup and delegated authorization, justintime access, and continuous verification to prevent identity sprawl and privilege drift.
• Implement endtoend identity context propagation for agent runs (who/what/why), ensuring every tool call and downstream action is attributable via signed requests, scoped tokens, tamperevident audit logs, and correlation IDs across orchestration layers, APIs, and cloud services.
• Partner with Platform and Cloud Engineering teams to secure AI/ML systems endtoend.
• Develop secure execution environments for opensource software, thirdparty tools, and AI agents by leveraging OSlevel, network, IAM, and containerized controls.
• Build monitoring, logging, and detection capabilities to identify malicious or unintended use of systems, including AIenabled applications and agentic workflows.
• Stay current on emerging AI features and integrations introduced in thirdparty tools and platforms, and proactively assess and mitigate associated security risks.
• Assess and continuously improve security posture across applications, infrastructure, and SDLC processes, including CI/CD pipelines.

• Deep hands-on expertise in Identity and Access Management architecture and implementation across human, workload, service, and AI agent identities, including strong knowledge of IdPs, federation, SSO, OAuth 2.0, OpenID Connect, SAML, SCIM, SPIFFE/SPIRE, workload identity, service accounts, API authentication/authorization, secrets management, least privilege, and policy-based access control. Must be able to design secure IAM architectures and implement them directly across cloud, Kubernetes, on-prem, application, API, and AI-enabled environments.
• Demonstrated experience governing and scaling NHI lifecycle controls (inventory, ownership, naming standards, issuance, attestation, rotation, breakglass, decommissioning) and policy enforcement for agentic workloads, including guardrails that limit tool access, data access, and delegation scope per task and environment.
• Extensive hands-on experience across security engineering, cloud security, application security, and network security
• Proven ability to secure AI/ML and LLMbased platforms, including dataintensive and production systems
• Strong understanding of AIspecific threat models (e.g., prompt injection, model misuse, data leakage, insecure outputs)
• Deep technical foundation in cloudnative security across AWS and/or Azure, including IAM, network segmentation, secure connectivity, and threat detection
• Ability to build security controls through code and automation, leveraging scripting, IaC, and CI/CD security practices
• Strong written and verbal communication skills, with the ability to clearly articulate security risks, tradeoffs, and recommendations to both technical and nontechnical stakeholders
• Proven ability to collaborate effectively across teams, influencing cloud, platform, and application engineers to embed security seamlessly into delivery workflows

Nice To Have

• Experience designing and implementing automated guardrails, monitoring, logging, and detection for AIenabled and datadriven applications
• Lead identification, assessment, and mitigation of AIspecific risks, including prompt injection, data leakage, model abuse, insecure output handling, model evasion, and poisoning attacks.

The base salary range for this position is $200,000 - $325,000 per year.

Arrowstreet Capital operates a robust talent acquisition program, and we also seek to compensate and reward our employees competitively within our industry and in line with our merit-based culture. Our approach to total compensation includes base salaries and annual discretionary bonuses, as well as a robust benefits package. The determination of a successful candidate's base salary placement within the listed range will vary based on the candidate's relevant experience and qualifications (which may also include relevant certifications, credentials and other education), the job responsibilities and scope, the commensurate resulting level of the position and other relevant factors. The listed range is also an estimate, and additional information regarding base salary and other elements of total compensation offered by Arrowstreet Capital to successful applicants will be communicated during the recruitment process. Arrowstreet Capital is a Boston-based systematic investment firm that manages global equity portfolios for institutional investors around the world.