Senior Application Security Engineer, AI and Machine Learning

Who We Are Lightning AI is the company behind PyTorch Lightning. Founded in 2019, we build an end-to-end platform for developing, training, and deploying AI systems—designed to take ideas from research to production with less friction. Through our merger with Voltage Park, a neocloud and AI Factory, Lightning AI combines developer-first software with cost-efficient, large-scale compute. Teams get the tools they need for experimentation, training, and production inference, with security, observability, and control built in. We serve solo researchers, startups, and large enterprises. Lightning AI operates globally with offices in New York City, San Francisco, Seattle, and London, and is backed by Coatue, Index Ventures, Bain Capital Ventures, and Firstminute.   What We're Looking For We are looking for a Senior Application Security Engineer to help secure our AI, machine learning, and inference platforms. This is a hands on technical role focused on building security into modern AI infrastructure, inference systems, and developer platforms. You will work closely with platform engineers, ML engineers, and infrastructure teams to identify risks, design secure architectures, and build security tooling that enables engineers to move quickly and safely. This role is execution focused. You will drive technical implementation, perform deep security reviews, and help build out our application security capabilities alongside the CISO and engineering leadership. This role can be based out of one of our office hubs (San Francisco or Seattle) with in-office requirements of at least 2 days per week, plus occasional team/company offsites. We are not able to offer visa sponsorship for this position at this time. What You’ll Do Secure AI and Machine Learning Systems Perform threat modeling across AI platforms, inference services, and ML pipelines Identify risks such as prompt injection, model extraction, adversarial inputs, and data leakage Review model serving architectures and inference pipelines Partner with ML engineers to secure training, fine tuning, and deployment workflows Help design isolation and security controls for multi tenant AI workloads Application Security Engineering Perform architecture and design security reviews Conduct targeted code reviews for high risk components Identify security gaps in APIs, micro-services, and distributed systems Build secure patterns for authentication, authorization, and service to service communication Help engineering teams implement secure defaults and guardrails Inference Platform Security Secure customer facing inference APIs and services Protect against abuse, model extraction, and adversarial behavior Design rate limiting, isolation, and workload protection controls Build monitoring and detection for anomalous inference behavior AI Supply Chain and Model Security Evaluate open source models and dependencies Secure model artifacts and distribution pipelines Implement integrity validation and provenance controls Help secure container images and runtime environments Security Automation and Tooling Build security automation for AI and application pipelines Integrate security scanning into CI/CD workflows Develop tooling to help engineers detect and fix issues early Improve developer experience with security guardrails What You'll Need Required Experience Strong background in application security engineering Experience performing threat modeling and architecture reviews Experience securing APIs and distributed systems Experience working in cloud environments such as AWS, GCP, or Azure Experience with containers and Kubernetes Strong scripting or programming skills such as Python, Go, or similar Experience working closely with engineering teams to implement security improvements AI and Machine Learning Experience Experience securing ML pipelines, inference systems, or data platforms Familiarity with risks such as prompt injection, model extraction, and adversarial inputs Experience reviewing model serving architectures Understanding of training data security and data leakage risks It's a Strong Plus If You Have Red team or offensive security experience Experience crafting payloads and evaluating CVEs for exploitability in diverse environments Experience with GPU infrastructure or high performance computing Experience with Hugging Face, PyTorch, TensorFlow, or similar frameworks Experience with LLM systems, RAG pipelines, or agent frameworks Experience building security automation pipelines Experience securing multi tenant infrastructure What Success Looks Like Security is embedded into AI platform architecture early Engineering teams ship quickly with secure defaults Inference platforms are resilient against abuse and extraction Model pipelines are secure and auditable Security tooling scales with engineering growth Why This Role Matters This role sits at t