Staff Security Engineer (AI Platform)

Chainguard is the trusted source for open source. By delivering hardened, secure, and production-ready builds of all the open source software engineers and AI agents rely on, Chainguard helps organizations build faster, stay compliant, and eliminate risk.  Our customers include Fortune 500 enterprises and global industry leaders, including Anduril, Canva, Fortinet, Hewlett Packard Enterprise, OpenAI, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. Staff Security Engineer, AI Platform IT Engineering · Cyber Resiliency · Remote   The role in a nutshell AI moves fast. Embarrassingly fast. And right now, most corporate IT teams are reacting to it,  scrambling to figure out what employees are pasting into ChatGPT while the next model drop quietly changes the rules again. You're going to change that at Chainguard. This is a brand-new role sitting within the IT Engineering group inside Cyber Resiliency. You'll own our managed AI platform posture end-to-end: anticipating what's coming, governing how we use it, tracking what it costs us, building the tooling that keeps it safe, and making sure everyone from engineering to the exec team is using AI in ways that are fast, secure, and defensible. This is a staff level individual contributor role. You won't be managing people but you'll be managing chaos. There's no playbook yet. You're writing it.   What you'll do Stay ahead of the roadmap (literally, it's the job) Continuously monitor Claude and ChatGPT product roadmaps, release notes, and vendor communications to anticipate platform changes before they land Translate upcoming features into proactive configuration, policy, and enablement decisions not reactive scrambles Maintain active relationships with Anthropic and OpenAI account teams; flag ToS updates, data processing agreement changes, and acceptable use policy shifts before they become surprises   Own AI platform administration and configuration governance Provide expert-level administration of AI console environments across both platforms Manage Claude and ChatGPT organizational settings files using Git, version-controlled, reviewed, and deployed like the infrastructure they are Own API key lifecycle management and secrets hygiene for all AI integrations Manage SSO/SCIM provisioning for AI platforms; ensure access is tight, auditable, and clean   Build financial visibility and usage intelligence Develop token tracking and financial dashboards so leadership actually knows what AI costs us by team, by use case, by month Build anomaly detection on AI spend; if something spikes, you catch it before accounting does Produce regular usage trend reports and ROI framing for leadership that goes beyond "we use AI a lot"   Develop MCP servers and agentic AI tooling Build and maintain internal MCP servers that extend AI capabilities into our workflows securely Be the in-house subject matter expert on agentic AI builds such as architecture, risk, failure modes, and the parts that go sideways in ways no one anticipated Write code. Python and/or TypeScript. AI-augmented is fine (encouraged, even), but you need to own what ships   Harden our AI security posture Identify and mitigate prompt injection risks in internal AI-powered tools Ensure no sensitive or regulated data (PII, PCI, PHI) flows into AI prompts.  Architect the guardrails, not just the policy Maintain awareness of AI-specific incident response options; when something goes wrong with an AI integration, you're in the room   Integrate with AI governance and enablement programs Serve as IT Engineering's primary liaison to the AI Adoption Committee bringing operational grounding to adoption decisions Participate actively in the AI Working Group; connect platform capabilities to how the company actually uses them Partner closely with the Governance & Trust team, who leads AI policy and governance. Your job is to be their technical counterpart by  implementing, informing, and flagging issues, not owning the policy itself   What we're looking for Required Outstanding interpersonal skills and team-first mentality 8+ years in security engineering, IT engineering, or a DevOps role with meaningful security responsibility throughout Hands-on DevOps background: Git-based config management, CI/CD, infrastructure-as-code mindset applied to platform administration Direct, hands-on experience administering Claude (Anthropic) and/or ChatGPT (OpenAI) at an organizational level. This isn't a "I use it every day" checkbox; we mean console administration, managed settings, and enterprise controls Working knowledge of AI risk factors: prompt injection, data leakage, agentic failure modes, and incident response options when AI systems behave unexpectedly Comfortable writing pr