Security & Agentic AI DevSecOps Engineer (Product Security)

Position: Security & Agentic AI DevSecOps Engineer (Product Security)

Location: Milpitas CA

Job Description :-

Role Overview

As a AI Security & Agentic AI DevSecOps Engineer you will act as a hands on technical authority responsible for designing and implementing fully automated security controls across the software and AI lifecycle. Your focus will be to ensure that every meaningful security decision is enforced through automation not manual processes.

You will embed security as code policy as code and continuous verification into modern software platforms and agentic AI systems enabling secure innovation at scale across cloud hybrid and air gapped environments.

Key Responsibilities

AI Security & Agentic Systems (Automation First)

• Design and implement automated Agentic and AI security controlsfor agentic systems including:
  • Automated model access control inference authorization and rate limiting
  • Policy driven prompt/instruction validation and misuse detection
  • Automated enforcement of agent to agent authentication and authorization
• Implement continuous automated threat modeling for:
  • LLM pipelines
  • Agent orchestration frameworks
  • AI gateways and inference services
• Build secure by default reference architectures where AI guardrails are enforced via:
  • Configuration as code
  • Runtime policy engines
  • Automated security testing pipelines
• Create Plugins Hooks and Skills using claude code and or Microsoft AI foundry

DevSecOps & Secure SDLC (End to End Automation)

• Implement fully automated Secure SDLC pipelines integrating:
  • SAST DAST SCA secrets detection container scanning and IaC scanning
  • AI specific security testing (prompt injection model misuse data leakage)
  • Automated build and release policy enforcement (fail gates conditional approvals)
• Ensure all security checks are:
  • Triggered automatically via CI/CD and MLOps pipelines
  • Enforced consistently across dev test and production
• Automate security validation during:
  • Design reviews (template driven controls)
  • Architecture reviews (reusable security patterns)
  • Pre release readiness checks

SBOM AI BOM & Supply Chain Automation

• Design and operate automated SBOM and AI BOM pipelines including:
  • Continuous generation of SBOMs for software containers firmware and artifacts
  • Automated AI BOMs covering models datasets checkpoints and training artifacts
• Implement automated vulnerability license and provenance analysis:
  • Continuous ingestion of CVEs and advisories
  • Automated policy enforcement for non compliant components
• Integrate SBOM and AI BOM outputs into:
  • CI/CD pipelines
  • Deployment gates
  • Audit and compliance reporting workflows

Runtime Security Risk & Metrics Automation

• Implement continuous automated security monitoringacross:
  • Application runtimes
  • AI/ML inference services
  • Agent workflows and interactions
• Develop automated security metrics and telemetry to measure:
  • Vulnerability exposure and remediation velocity
  • Secure SDLC and DevSecOps maturity
  • Model and AI risk posture over time
• Automate security feedback loops so findings:
  • Generate actionable tasks
  • Feed directly into engineering backlogs
  • Drive measurable risk reduction

Technical Influence & Enablement

• Ability and willing to learnteach and develop agentic AI workflow automation using copilot studio and or Claude code
• Act as a technical authority on AI security automation and DevSecOps.
• Define reusable security automation patterns templates and reference implementations.
• Partner with engineering AI/ML platform and compliance teams to replace manual security workflows with automated controls.
• Contribute to internal security standards that mandate automation by default.

• Strong hands on experience designing automated Product Security or AI Security systems.
• Deep knowledge of:
  • Operating systems infrastructure cloud platforms and hybrid environments
  • Automation frameworks and pipeline driven enforcement models
• Ability to interpret and secure code written in multiple languages with automation as the primary mitigation strategy.
• Experience integrating security tooling via APIs and pipelines not manual review.
• Familiarity with security intelligence ingestion and automation including:
  • CVE feeds
  • Security advisories
  • Automated alerting and remediation workflows
• Strong understanding of cybersecurity privacy and AI governance requirements with experience translating them into automated controls.
• Ability to concurrently deliver multiple security automation initiatives.

Minimum Qualifications

• Bachelors degree in Computer Science Cybersecurity IT Security or equivalent experience.
• Experience in DevOps SecOps DevSecOps or MLOps with a strong automation focus.
• Demonstrated success implementing automated Secure SDLC pipelines.
• Ability to evaluate code and architecture risk and remediate through automation not policy alone.
• Familiarity with security frameworks and scoring systems:
  • MITRE ATT&CK
  • CVSS
  • CWE
• Strong technical communication skills and cross functional influence.