Description
GlobalLogic, a Hitachi Group Company, is a leader in digital engineering. We help brands design and build innovative products, platforms, and digital experiences for the modern world. By integrating experience design, complex engineering, and vertical industry expertise, we show our customers what’s possible and help them fast-track their transition into tomorrow’s digital businesses. Headquartered in Silicon Valley, GlobalLogic operates design studios and engineering centers around the world, extending our deep expertise to customers in automotive, communications, financial services, healthcare and life sciences, manufacturing, media and entertainment, semiconductor, and technology industries.
Requirements
Key responsibilities:
AI Security Architecture & AISDL (Secure-by-Design), Own the AI security reference architecture for LLM apps, RAG pipelines, agent frameworks, and MCP servers in Azure/AWS.
Build and operationalize an AI Security Development Lifecycle (AISDL) integrated into SDLC/DevSecOps: requirements → threat modeling → secure design → secure implementation → AI-specific testing → release gates → monitoring.
Lead AI threat modeling and produce actionable outputs (abuse cases, trust boundaries, mitigations, test plans).
Define / assist implementing guardrails for AI / LLM implementations
Define MCP server security standards: authentication, authorization, tool permissioning/scoping, safe schemas, tenant isolation, secure session handling, and connector trust boundaries.
Create reusable secure patterns and templates for MCP servers (policy middleware, validation, tool allowlisting, audit logging).
Perform deep security reviews of MCP servers (including HTTP/SSE deployments) and validate security requirements before production.
AI/LLM Pen Testing, Red Teaming & Adversarial Evaluation (Hands-on), Plan and execute AI security pen tests for LLM apps, RAG systems, agents, and MCP servers
Build an AI adversarial test harness and regression suite: attack prompt libraries, scenario tests, tool-misuse test cases, automated checks integrated into GitHub Actions
Produce clear pen-test deliverables: POCs, exploit narratives, severity ratings, remediation guidance, and retest validation.
AI Provenance & Secure AI-Assisted Development, Define and implement AI provenance for AI-assisted code and AI-generated artifacts:
Establish secure usage standards for GitHub Copilot and Claude Code
Integrate provenance and policy signals into CI/CD checks and security dashboards.
Define security acceptance criteria and evidence collection for AI releases (test artifacts, threat models, pen-test reports, approvals).
Partner with compliance/privacy teams to align AI controls with internal and external requirements (where applicable).
Tooling, CI/CD Security Gates & Observability, Integrate AI security checks into CI/CD using GitHub Actions: SAST/DAST, secrets scanning, dependency scanning, plus AI-specific tests.
Drive security automation and standardization across multiple product teams.
Define production monitoring requirements for AI systems: prompt/tool telemetry, abuse monitoring, anomaly detection, and incident response playbooks.
Conduct and coordinate technical penetration tests (black-box, grey-box, white-box) against AI systems, web, API, cloud, and mobile
applications; produce high-quality findings and remediation guidance.
Lead/participate in pentest initiatives and manage external pentest vendors when required.
Lead/Design and implement mobile application security assessments (iOS/Android) including static (SAST), dynamic (DAST), and binary analysis.
Develop and operationalize AI/ML security assessments and controls: model threat modeling, data poisoning/evasion testing, privacy and
model governance checks, secure deployment patterns, and monitoring strategies.
Triage, validate, and prioritize security issues with product and engineering teams; provide clear remediation action plans and risk-based prioritization.
Create repeatable testing playbooks, threat models, secure design checklists, and automated test harnesses.
Mentor security champions and evangelize product security best practices across engineering/product teams.
Keep current with emerging threats, tools, and industry standards in AI, mobile, cloud security.
Job responsibilities
Required qualifications & experience:
Bachelor’s degree in computer science, Engineering, or equivalent experience.
8–12+ years (Specialist) of hands-on product security experience including penetration testing, application/product/cloud security and/or offensive security with strong hands-on engineering experience.
3+ years securing or testing LLM/GenAI systems (or equivalent demonstrable projects in production environments).
Practical experience with AI/ML, MCP security topics (threat modeling, adversarial testing, data integrity/privacy risks). Experience with secure ML model deployment and MLOps security.
Proven experience testing mobile apps (iOS/Android) and modern web/API/cloud services.
Strong knowledge of common vulnerability classes (OWASP Top 10, Mobile Top 10, LLM top 10, AI/ML top 10, API vulnerabilities) and mitigation techniques.
Hands-on with pentest tooling such as Kali Linux, Burp Suite, Frida, MobSF, apktool, IDA/Ghidra, SAST/DAST tools, AI application/services, MCP security and cloud security testing tools, DAS (Dynamic Application Security) platforms and global pentest program management.
Experience with security automation, CI/CD integration, IaC scanning, and SCA/SAST pipelines.
Familiar with secure coding principles and cloud platforms (AWS/Azure/GCP) and container orchestration.
Excellent verbal and written communication skills; able to produce clear technical reports and remediation guidance.
Preferred
Certifications: OSCP, OSWE, OSEP, GWAPT, CISSP, CEH, CREST, or relevant mobile/AI security certifications.
Education:
Education/experience typically acquired through advanced education (e.g. Bachelor) and typically 11 Plus-related work experience or master’s degree with 12+ years of experience with an equivalent combination of education and experience
Key Skills Keywords (ATS / Resume Screening)
LLM Security, GenAI Security, Agent Security, MCP Security, Prompt Injection, Indirect Prompt Injection, Tool Abuse, RAG Security, Adversarial Testing, AI Red Teaming, Threat Modeling, Azure OpenAI, OpenAI API Security, GitHub Actions, GitHub Copilot, Claude Code, SAST, DAST, Secrets Scanning, CI/CD Security Gates, Cloud Security (Azure/AWS), AI Provenance, AI GRC, Secure-by-Design
What we offer
Exciting Projects: We focus on industries like High-Tech, communication, media, healthcare, retail and telecom. Our customer list is full of fantastic global brands and leaders who love what we build for them.
Collaborative Environment: You Can expand your skills by collaborating with a diverse team of highly talented people in an open, laidback environment — or even abroad in one of our global centers or client facilities!
Work-Life Balance: GlobalLogic prioritizes work-life balance, which is why we offer flexible work schedules, opportunities to work from home, and paid time off and holidays.
Professional Development: Our dedicated Learning & Development team regularly organizes Communication skills training(GL Vantage, Toast Master),Stress Management program, professional certifications, and technical and soft skill trainings.
Excellent Benefits: We provide our employees with competitive salaries, family medical insurance, Group Term Life Insurance, Group Personal Accident Insurance , NPS(National Pension Scheme ), Periodic health awareness program, extended maternity leave, annual performance bonuses, and referral bonuses.
Fun Perks: We want you to love where you work, which is why we host sports events, cultural activities, offer food on subsidies rates, Corporate parties. Our vibrant offices also include dedicated GL Zones, rooftop decks and GL Club where you can drink coffee or tea with your colleagues over a game of table and offer discounts for popular stores and restaurants!
About GlobalLogic
GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services.
