Senior Application Security Engineer, AI and Machine Learning

Who We Are Lightning AI is the company behind PyTorch Lightning. Founded in 2019, we build an end-to-end platform for developing, training, and deploying AI systems—designed to take ideas from research to production with less friction. Through our merger with Voltage Park, a neocloud and AI Factory, Lightning AI combines developer-first software with cost-efficient, large-scale compute. Teams get the tools they need for experimentation, training, and production inference, with security, observability, and control built in. We serve solo researchers, startups, and large enterprises. Lightning AI operates globally with offices in New York City, San Francisco, Seattle, and London, and is backed by Coatue, Index Ventures, Bain Capital Ventures, and Firstminute. Our Values Move Fast : We act with speed and precision, breaking down big challenges into achievable steps. Focus : We complete one goal at a time with care, collaborating as a team to deliver features with precision. Balance : Sustained performance comes from rest and recovery. We ensure a healthy work-life balance to keep you at your best. Craftsmanship : Innovation through excellence. Every detail matters, and we take pride in mastering our craft. Minimal : Simplicity drives our innovation. We eliminate complexity through discipline and focus on what truly matters. What We're Looking For We are looking for a Senior Application Security Engineer to help secure our AI, machine learning, and inference platforms. This is a hands on technical role focused on building security into modern AI infrastructure, inference systems, and developer platforms. You will work closely with platform engineers, ML engineers, and infrastructure teams to identify risks, design secure architectures, and build security tooling that enables engineers to move quickly and safely. This role is execution focused. You will drive technical implementation, perform deep security reviews, and help build out our application security capabilities alongside the CISO and engineering leadership. This is a hybrid role based in either our Seattle or San Francisco office. The anticipated salary range for this role is $180,000 - $220,000. What You’ll Do Secure AI and Machine Learning Systems Perform threat modeling across AI platforms, inference services, and ML pipelines Identify risks such as prompt injection, model extraction, adversarial inputs, and data leakage Review model serving architectures and inference pipelines Partner with ML engineers to secure training, fine tuning, and deployment workflows Help design isolation and security controls for multi tenant AI workloads Application Security Engineering Perform architecture and design security reviews Conduct targeted code reviews for high risk components Identify security gaps in APIs, micro-services, and distributed systems Build secure patterns for authentication, authorization, and service to service communication Help engineering teams implement secure defaults and guardrails Inference Platform Security Secure customer facing inference APIs and services Protect against abuse, model extraction, and adversarial behavior Design rate limiting, isolation, and workload protection controls Build monitoring and detection for anomalous inference behavior AI Supply Chain and Model Security Evaluate open source models and dependencies Secure model artifacts and distribution pipelines Implement integrity validation and provenance controls Help secure container images and runtime environments Security Automation and Tooling Build security automation for AI and application pipelines Integrate security scanning into CI/CD workflows Develop tooling to help engineers detect and fix issues early Improve developer experience with security guardrails What You'll Need Required Experience Strong background in application security engineering Experience performing threat modeling and architecture reviews Experience securing APIs and distributed systems Experience working in cloud environments such as AWS, GCP, or Azure Experience with containers and Kubernetes Strong scripting or programming skills such as Python, Go, or similar Experience working closely with engineering teams to implement security improvements AI and Machine Learning Experience Experience securing ML pipelines, inference systems, or data platforms Familiarity with risks such as prompt injection, model extraction, and adversarial inputs Experience reviewing model serving architectures Understanding of training data security and data leakage risks Strong Plus Red team or offensive security experience Experience crafting payloads and evaluating CVEs for exploitability in diverse environments Experience with GPU infrastructure or high performance computing Experience with Hugging Face, PyTorch, TensorFlow, or similar frameworks Experience with LLM systems, RAG pipeli