Staff Engineer, AI Security and Product Security

Location: Salt Lake City, Utah

Department: IT

The Impact You’ll Make

• Define and lead product security strategy across web, mobile, API, cloud, infrastructure, and container security — conducting threat modeling, risk assessments, and security reviews throughout the development lifecycle with a strong shift-left focus.
• Embed secure development practices by designing and implementing secure coding standards, encryption, and security testing methodologies in close collaboration with development and ML teams, ensuring products are secure, resilient, and trustworthy.
• Own Enterprise AI Security end-to-end — from securing LLM integrations, agentic pipelines, and ML model ingestion to defending against AI-specific threats (prompt injection, data poisoning, model extraction, RAG poisoning, ), building AI incident response playbooks, and red-teaming AI systems across Recursion's product surfaces.
• Secure the AI supply chain and MLOps infrastructure by vetting third-party foundation models, open-source weights, and AI APIs before production integration, and partnering with ML engineering to protect training pipelines, feature stores, and model serving endpoints.
• Champion compliance and AI governance by operationalizing frameworks such as OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act requirements — collaborating with legal, privacy, and responsible AI teams to support audits and evolving regulatory expectations.
• Scale security as a force multiplier by evaluating and deploying security tooling, detecting policy violations, driving security outcomes, and ensuring security initiatives never become a bottleneck to business objectives.
• Elevate the security culture across the organization by serving as a subject matter expert, mentoring engineering teams, and leading incident response efforts from investigation through mitigation and prevention.
• Maintain the security foundation through thorough documentation — including security requirements, guidelines, and incident response plans — and hands-on penetration testing and code reviews to simulate and get ahead of real-world threats.

The Team You'll Join

• You will join a growing Information Security team at Recursion, focused on enabling Recursion to decode biology by providing world class technology services that are designed and fit for purpose. You'll collaborate with your teammates and across departments to agree on what the most important challenges and capabilities are, then figure out how to get us there.

The Experience You'll Need

• Education & Tenure: Bachelor's or Master's degree in Computer Science, Information Security, or a related field, with 10+ years of experience in product security or application security and a proven track record securing complex products.
• Security Fundamentals: Deep understanding of security principles, threats, and countermeasures as they relate to product design and development, with familiarity across standards and frameworks including OWASP, NIST, ISO/IEC 27001, and CVSS-based vulnerability prioritization.
• Offensive Security & Penetration Testing: Hands-on proficiency with penetration testing frameworks and tools (Metasploit, Burp Suite, Nmap, Wireshark), web application attack techniques (SQL injection, XSS, CSRF, OWASP Top Ten), and the ability to simulate real-world attacks and assess their impact.
• Secure Development & Engineering: Expertise in one or more programming languages (e.g., Python, Java, C++) with strong command of secure coding practices, encryption standards, and integrating security tooling into CI/CD and development workflows.
• Enterprise AI Security: Demonstrated experience securing AI/ML systems and LLM-powered or agentic products in production — including familiarity with AI attack surfaces (prompt injection, data poisoning, model extraction, membership inference, RAG poisoning) and hands-on red-teaming of AI pipelines and agentic workflows.
• AI Frameworks & Supply Chain Risk: Working knowledge of AI security frameworks (OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, EU AI Act) and experience vetting third-party foundation models, open-source weights, and AI APIs as part of a structured supply chain security program.
• MLOps & Model Security: Familiarity with securing ML infrastructure — including training pipelines, experiment tracking, model registries, and inference endpoints — and designing least-privilege access controls for AI agents with external system or tool access.
• Leadership & Communication: Excellent communication and influencing skills, with the ability to drive security initiatives across engineering, legal, privacy, and executive stakeholders and mentor teams on security best practices.
• Certifications (Highly Desirable): CISSP, OSCP, or GWAPT for core security credentialing, plus AI-focused certifications such as GAISC, Offensive ML (OffSec), or cloud provider AI security tracks (AWS/GCP).

Working Location & Compensation:

Making SLC your home base is ideal, however, we will consider remote work for this position. We ask that remote employees commit to regular on-site visits for routine work and departmental events.

At Recursion, we believe that every employee should be compensated fairly. Based on the skill and level of experience required for this role, the estimated current annual base range for this role is $186,900 to $220,400 (USD). You will also be eligible for an annual bonus and equity compensation, as well as a comprehensive benefits package. 

#LI-BO1

#LI-REMOTE