Arrowstreet Capital
systematic investment
SeniorAISecurityEngineer
Neural analysis suggests this role is
optimal for Senior candidates.
“Senior AI Security Engineer at Arrowstreet Capital. Skills: AI Security, Identity and Access Management, Cloud Security, AI/ML Platform Security. design, build, and scale security controls. strengthen the firm’s security posture through automation, secure platform design, and proactive risk mitigation”
What You'll Achieve.
enable developer velocity or end‑user productivity; prevent identity sprawl and privilege drift; ensure every tool call and downstream action is attributable; identify malicious or unintended use of systems; continuously improve security posture
Industry & Context.
What They're Looking For.
Must Have
Deep hands-on expertise in Identity and Access Management architecture and implementation across human, workload, service, and AI agent identities, knowledge of IdPs, federation, SSO, OAuth 2. 0, OpenID Connect, SAML, SCIM, SPIFFE/SPIRE, workload identity, service accounts, API authentication/authorization, secrets management, least privilege, and policy-based access control, design secure IAM architectures and implement them directly across cloud, Kubernetes, on-prem, application, API, and AI-enabled environments, Demonstrated experience governing and scaling NHI lifecycle controls (inventory, ownership, naming standards, issuance, attestation, rotation, break‑glass, decommissioning) and policy enforcement for agentic workloads, guardrails that limit tool access, data access, and delegation scope per task and environment, Extensive hands-on experience across security engineering, cloud security, application security, and network security, Proven ability to secure AI/ML and LLM‑based platforms, including data‑intensive and production systems, understanding of AI‑specific threat models (e. g. , prompt injection, model misuse, data leakage, insecure outputs), Deep technical foundation in cloud‑native security across AWS and/or Azure, including IAM, network segmentation, secure connectivity, and threat detection, Ability to build security controls through code and automation, leveraging scripting, IaC, and CI/CD security practices, written and verbal communication skills, with the ability to clearly articulate security risks, tradeoffs, and recommendations to both technical and non‑technical stakeholders, Proven ability to collaborate effectively across teams, influencing cloud, platform, and application engineers to embed security seamlessly into delivery workflows
Nice to Have
Experience designing and implementing automated guardrails, monitoring, logging, and detection for AI‑enabled and data‑driven applications, Lead identification, assessment, and mitigation of AI‑specific risks, including prompt injection, data leakage, model abuse, insecure output handling, model evasion, and poisoning attacks
What You'll Do.
and scale security controls
strengthen the firm’s security posture through automation
secure platform design
and proactive risk mitigation
securing AI/ML platforms and AI‑enabled applications across their full lifecycle
Design and build Identity and Access Management solutions to support AI agent identities
Define and operationalize a Non‑Human Identity (NHI) strategy for agentic workflows
Implement end‑to‑end identity context propagation for agent runs
Partner with Platform and Cloud Engineering teams to secure AI/ML systems end‑to‑end
Develop secure execution environments for open‑source software
and detection capabilities to identify malicious or unintended use of systems
Stay current on emerging AI features and integrations
Assess and continuously improve security posture across applications
How You'll Work.
Team & Collaboration
Partner with Platform and Cloud Engineering teams to secure AI/ML systems end‑to‑end; collaborate effectively across teams, influencing cloud, platform, and application engineers to embed security seamlessly into delivery workflows
Communication Scope
written communication skills; verbal communication skills; ability to clearly articulate security risks, tradeoffs, and recommendations to both technical and non‑technical stakeholders
Full Job Description
**Job Description** We are seeking a Senior Security Engineer with experience in cloud and AI security to help design, build, and scale security controls that protect our firm’s systems, applications, cloud environments, and data—while enabling developer velocity or end‑user productivity. This role is responsible for strengthening the firm’s security posture through automation, secure platform design, and proactive risk mitigation. A significant focus will be on securing AI/ML platforms and AI‑enabled applications across their full lifecycle, from development through deployment and runtime operations. **Responsibilities** * Design and build Identity and Access Management solutions to support AI agent identities, including secure agent authentication, authorization, delegation, credential management , workload identity, tool/API access control, least-privilege enforcement, auditability, and lifecycle management across Windows, Linux, on‑prem infrastructure, cloud, Kubernetes, application, and enterprise environments. * Define and operationalize a Non‑Human Identity (NHI) strategy for agentic workflows (agents, tools, service principals, service accounts, bots), including identity issuance and binding to code/runtime, credential rotation and revocation, secrets isolation, step‑up and delegated authorization, just‑in‑time access, and continuous verification to prevent identity sprawl and privilege drift. * Implement end‑to‑end identity context propagation for agent runs (who/what/why), ensuring every tool call and downstream action is attributable via signed requests, scoped tokens, tamper‑evident audit logs, and correlation IDs across orchestration layers, APIs, and cloud services. * Partner with Platform and Cloud Engineering teams to secure AI/ML systems end‑to‑end. * Develop secure execution environments for open‑source software, third‑party tools, and AI agents by leveraging OS‑level, network, IAM, and containerized controls. * Build monitoring, logging, and detec
Applying for this Senior AI Security Engineer role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Arrowstreet Capital?
Real rants from real employees. Read before you apply.