AI/ML Security Engineer

You Lead the Way. We’ve Got Your Back.

With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Join Team Amex and let's lead the way together.

How will you make an impact in this role?

American Express is seeking an AI/ML Security Engineer with proven strong competence in building implementing AI/ML application security governance and risk management processes. The Security Engineer serves as a domain expert in developing and maintaining comprehensive security requirements across a diverse number of technology stacks. This engineer plays a key role in assessing capabilities including, Generative AI augmented, LLM agentic cybersecurity solutions, emerging risk security technologies and conducting proof-of-concept evaluations to drive innovative capability adoption.

Primary Responsibilities:

• Perform threat modeling for Applications.
• Develop security governance processes and procedures for the threat modeling program with key focus on AI/ML.
• Assist in the development of threat modeling governance documentation.
• Develops reports for management concerning residual risk and non-compliance.
• Monitor and track compliance with application owners to ensure implementation of security controls as planned.
• Review issued security controls with application owners to ensure identified requirements are implemented.
• Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
• Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
• Develop, Maintain, update and enhance secure design patterns and secure coding standards.
• Develop, Maintain, update and enhance threat libraries.
• Socialize secure design patterns and secure coding standards with engineering teams.
• Assist application teams with threat modeling consultancy questions.
• Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams.
• Implement secure model development life cycle practices with automated white box and black box assessments for AI/ML models.
• Identify, analyze, and benchmark Generative AI augmented, LLM agentic security solutions in the market.
• Conduct proof-of-concept (PoC) assessments of selected cybersecurity capabilities to validate effectiveness in real-world environments.
• Define security control baselines and evaluation criteria for emerging risk security solutions.
• Evaluate vendor claims, solution architecture, and technical scalability.
• security testing of GenAI-powered cybersecurity tools.
• Publish detailed reports on the security, compliance, and efficacy of evaluated products. `
• Deliver and integrate AI robustness, vulnerability, and stress testing capabilities with MLOps ecosystems.
• Evaluate and assess open-source AI security libraries to build into enterprise AI stress testing and audit capabilities.

Minimum Qualifications:

• Bachelor's Degree in Data Science, Statistics, Computer Science or Software Engineering.
• 2+ years experience with Machine Learning Application Development.
• 3+ years of software engineering experience. 

Preferred Qualifications:

• Master's Degree - Data Science, Statistics, Computer Science, or Software Engineering.
• Machine Learning Operation Professional Certifications.
• Strong knowledge of Adversarial Robustness techniques and tools for machine learning. 
• Strong knowledge of AI Risk Management frameworks and Trustworthy AI practices. 
• Hands-on experience with applying statistics, machine learning algorithms (DNN, NLP), big data, and data science toolkits. Hands-on experience designing, implementing, and operationalizing high performant AI/ML pipelines and writing production code.
• Hands-on experience with deploying and operationalizing AI/ML models to public cloud environments.
• Hands-on experience evaluating open-source ML tools, frameworks, and libraries.
• Hands-on experience with commonly used data science programming languages, packages, and tools.
• Hands-on experience with MLOps, DevOps, DataOps and API integrations.
• Hands-on experience with AI workload management.
• Hands-on experience with Cloud architecture, design, implementation, and operations.
• Demonstrated peer reviewed journal publications, conference presentations, open-source contributions, or similar activities.
• Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE.
• Experience with application security controls (Web, API, Mobile, AI).
• Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS.
• Experience with Application Security design and DevSecOps.
• Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications.
• Experience with Java, JavaScript and mobile application development.
• Knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases.
• Experience with Cloud security, architecture, design, implementation, and operations.
• Exposure to IAM Controls (OAuth 2.0, OIDC, JWT).
• Strong familiarity with Cryptography Controls (Data at rest, in motion).
• Certification - CISSP, CISM, CSSLP, CISA, CRISC.

We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include:

• Competitive base salaries 
• Bonus incentives 
• Support for financial-well-being and retirement 
• Comprehensive medical, dental, vision, life insurance, and disability benefits (depending on location) 
• Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need 
• Generous paid parental leave policies (depending on your location) 
• Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) 
• Free and confidential counseling support through our Healthy Minds program 
• Career development and training opportunities

American Express is committed to providing an inclusive and accessible work environment in which all people who apply for positions or who work for or on behalf of Amex are treated with dignity and respect and are provided with equal treatment with respect to employment, regardless of that person's age, sex, sexual orientation, gender identity, gender expression, race, colour, ancestry, ethnic or national origin, citizenship, religion or creed, marital status, family status, pregnancy, disability, record of offences, social condition or origin, political beliefs, association or activity or other factors prohibited under applicable Human Rights legislation (the “Prohibited Grounds”).   If you have a disability and need accommodation, please speak with the Recruiter for more information.

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.