Job responsibilities
- Develop new / update existing AI technology control requirements identified from emerging AI threats, standards and regulations, e.g., MITRE ATLAS, NIST AI Risk Management Framework, EU AI Act, OWASP Top 10 for LLM, etc.
- Engineer / deploy AI specific technology controls in-line with requirements (e.g., model vulnerability management technologies, AI firewalls, etc.) and integrate the controls into the broader JPMC cybersecurity eco-system.
- Partner with other JPMC cybersecurity organizations to uplift their respective areas to accommodate for AI specific security requirements.
- Guide the evaluation of current cybersecurity principals, processes, and controls, and leads the evaluation of new technology using existing standards and frameworks
- Regularly provide technical guidance and direction to support the business and its technical teams, contractors, and vendors
- Work with stakeholders and senior leaders to recommend business modifications during periods of vulnerability
- Serve as function-wide subject matter expert in one or more areas of focus
- Actively contribute to the engineering community as an advocate of firmwide frameworks, tools, and practices of the Software Development Life Cycle
- Influence peers and project decision-makers to consider the use and application of leading-edge technologies
- Add to team culture of diversity, equity, inclusion, and respect
Required qualifications, capabilities, and skills
- Formal training or certification on software engineering concepts and 5+ years applied experience in an AI/ML systems or cybersecurity architecture
- Hands-on practical technical experience delivering secure enterprise level AI/ML solutions and controls
- Advanced in one or more programming languages or applications
- Advanced knowledge of cybersecurity architecture, applications, and technical processes with considerable, in-depth knowledge in artificial intelligence and machine learning.
- Practical cloud native experience in AWS, GCP and/or Azure
- Experience with AI and machine learning concepts and technologies, including notebooks, Python, TensorFlow, PyTorch, etc.
- Solid understanding and practical experience across the model development lifecycle (MDLC), including data acquisition & preparation, model experimentation, training & testing and serving / MLOps
- Solid understanding of the AI system attack surface, threats and mitigating controls across the MDLC
- Solid understanding of security architecture requirements across the MDLC, including traditional cybersecurity controls and AI specific security controls
- Knowledge of AI safety, AI alignment and AI cybersecurity concepts and trends
- Experience conducting AI red teaming exercises against Large language models (LLMs)
Preferred qualifications, capabilities, and skills
- Experience with API security
- Knowledge of containers and container orchestration, such as Docker, Kubernetes, Helm, etc.
- Knowledge of cloud infrastructure as code (IaC), such as Terraform
- Knowledge of networking concepts and protocols, such as TCP/IP, routing, DNS, DHCP, etc.
- Knowledge of identity access management concepts and protocols, such as OAuth 2.0, OpenID Connect and SAML
- Certifications: AWS Certified Machine Learning – Specialty or Microsoft Certified: Azure Data Scientist Associate; AWS Certified Security – Specialty or Microsoft Certified: Cybersecurity Architect Expert certification; CISSP