Product Security Specialist (L4) IRC289419

Description

GlobalLogic is a prominent digital product engineering services company that helps brands design and build innovative software products and digital experiences.

Requirements

Key responsibilities:

• AI Security Architecture & AISDL (Secure-by-Design), Own the AI security reference architecture for LLM apps, RAG pipelines, agent frameworks, and MCP servers in Azure/AWS.
• Build and operationalize an AI Security Development Lifecycle (AISDL) integrated into SDLC/DevSecOps: requirements → threat modeling → secure design → secure implementation → AI-specific testing → release gates → monitoring.
• Lead AI threat modeling and produce actionable outputs (abuse cases, trust boundaries, mitigations, test plans).
  Define / assist implementing guardrails for AI / LLM implementations
  Define MCP server security standards: authentication, authorization, tool permissioning/scoping, safe schemas, tenant isolation, secure session handling, and connector trust boundaries.
• Create reusable secure patterns and templates for MCP servers (policy middleware, validation, tool allowlisting, audit logging).
  Perform deep security reviews of MCP servers (including HTTP/SSE deployments) and validate security requirements before production.
  AI/LLM Pen Testing, Red Teaming & Adversarial Evaluation (Hands-on), Plan and execute AI security pen tests for LLM apps, RAG systems, agents, and MCP servers
• Build an AI adversarial test harness and regression suite: attack prompt libraries, scenario tests, tool-misuse test cases, automated checks integrated into GitHub Actions
• Produce clear pen-test deliverables: POCs, exploit narratives, severity ratings, remediation guidance, and retest validation.
  AI Provenance & Secure AI-Assisted Development, Define and implement AI provenance for AI-assisted code and AI-generated artifacts:
  Establish secure usage standards for GitHub Copilot and Claude Code
• Integrate provenance and policy signals into CI/CD checks and security dashboards.
• Define security acceptance criteria and evidence collection for AI releases (test artifacts, threat models, pen-test reports, approvals).
• Partner with compliance/privacy teams to align AI controls with internal and external requirements (where applicable).
• Tooling, CI/CD Security Gates & Observability, Integrate AI security checks into CI/CD using GitHub Actions: SAST/DAST, secrets scanning, dependency scanning, plus AI-specific tests.
• Drive security automation and standardization across multiple product teams.
• Define production monitoring requirements for AI systems: prompt/tool telemetry, abuse monitoring, anomaly detection, and incident response playbooks.
• Conduct and coordinate technical penetration tests (black-box, grey-box, white-box) against AI systems, web, API, cloud, and mobile
• applications; produce high-quality findings and remediation guidance.
• Lead/participate in Global  pentest initiatives and manage external pentest vendors when required.
• Lead/Design and implement mobile application security assessments (iOS/Android) including static (SAST), dynamic (DAST), and binary analysis.
• Develop and operationalize AI/ML security assessments and controls: model threat modeling, data poisoning/evasion testing, privacy and
• model governance checks, secure deployment patterns, and monitoring strategies.
• Triage, validate, and prioritize security issues with product and engineering teams; provide clear remediation action plans and risk-based prioritization.
• Create repeatable testing playbooks, threat models, secure design checklists, and automated test harnesses.
• Mentor security champions and evangelize product security best practices across engineering/product teams.
• Keep current with emerging threats, tools, and industry standards in AI, mobile, cloud security.

Job responsibilities

Required qualifications & experience:

Bachelor’s degree in computer science, Engineering, or equivalent experience.
8–12+ years (Specialist) of hands-on product security experience including penetration testing, application/product/cloud security and/or offensive security with strong hands-on engineering experience.
3+ years securing or testing LLM/GenAI systems (or equivalent demonstrable projects in production environments).
Practical experience with AI/ML, MCP security topics (threat modeling, adversarial testing, data integrity/privacy risks). Experience with secure ML model deployment and MLOps security.
Proven experience testing mobile apps (iOS/Android) and modern web/API/cloud services.
Strong knowledge of common vulnerability classes (OWASP Top 10, Mobile Top 10, LLM top 10, AI/ML top 10, API vulnerabilities) and mitigation techniques.

Hands-on with pentest tooling such as Kali Linux, Burp Suite, Frida, MobSF, apktool, IDA/Ghidra, SAST/DAST tools, AI application/services, MCP security and cloud security testing tools, DAS (Dynamic Application Security) platforms and global pentest program management.
Experience with security automation, CI/CD integration, IaC scanning, and SCA/SAST pipelines.
Familiar with secure coding principles and cloud platforms (AWS/Azure/GCP) and container orchestration.
Excellent verbal and written communication skills; able to produce clear technical reports and remediation guidance.
Preferred
Certifications: OSCP, OSWE, OSEP, GWAPT, CISSP, CEH, CREST, or relevant mobile/AI security certifications.

Education:
Education/experience typically acquired through advanced education (e.g. Bachelor) and typically 11 Plus-related work experience or master’s degree with 12+ years of experience with an equivalent combination of education and experience

Key Skills Keywords (ATS / Resume Screening)
LLM Security, GenAI Security, Agent Security, MCP Security, Prompt Injection, Indirect Prompt Injection, Tool Abuse, RAG Security, Adversarial Testing, AI Red Teaming, Threat Modeling, Azure OpenAI, OpenAI API Security, GitHub Actions, GitHub Copilot, Claude Code, SAST, DAST, Secrets Scanning, CI/CD Security Gates, Cloud Security (Azure/AWS), AI Provenance, AI GRC, Secure-by-Design

What we offer

Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. 

Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally.

Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today.

Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way!

High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do.

About GlobalLogic

GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services.