Senior AI Security Engineer (Golang, LLM & Cloud Security) - SVP

We are Citi’s Application, Platform and Engineering team, a start‑up with the mission of shaping the direction of technology for the entire bank under the Chief Technology Office. We focus on cutting‑edge modern technology and engineering disciplines such as generative AI, cloud, security, modern app stacks, open source and Kubernetes.

You might be a good fit if:

• Bring your deep‑dive application security engineering expertise from building production systems
• Thrive in a results‑driven environment, where flexibility fuels impact
• Be a game‑changer, ready to step beyond your designated role
• Love the synergy of pair programming
• Seize the opportunity to secure AI applications at scale
• A relentless passion to learn more about AI security, LLM attacks, and bring your knowledge to shape Citi’s secure AI future

What you’ll do within the Tech Strategy team:

• Build secure AI products from 0‑1 – engineer production‑grade, business‑facing AI platforms with security built‑in from day one
• Conduct ethical hacking and red‑team activities – penetration testing, vulnerability research, and attack simulation to make our products bullet‑proof
• Design and build security tools and frameworks – create automated security solutions that scale across fast‑paced development cycles
• Secure novel AI attack surfaces – identify and mitigate LLM‑specific vulnerabilities, prompt‑injection attacks, and AI model security risks through hands‑on testing
• Lead “shift left” security – embed security practices throughout our rapid development lifecycle while maintaining velocity
• Mentor security practices – guide other engineers on secure coding, vulnerability remediation, and security‑first thinking

Experience that will help you succeed in this role:

• Production system builder with security focus – proven track record of architecting and building secure, large‑scale production applications and business‑facing platforms from the ground up
• Ethical hacking and penetration testing expertise – hands‑on experience finding and exploiting vulnerabilities, conducting red‑team exercises, and thinking like an attacker to strengthen defenses
• State‑of‑the‑art security engineering with Go, Python, JavaScript – building security tools and secure production systems in fast‑paced environments
• HashiCorp Vault mastery – deep experience writing custom plugins, creating secrets engines, implementing dynamic credentials, and extending Vault functionality for enterprise‑scale secrets management
• Enterprise authentication & authorization – designing and implementing OAuth, JWT, RBAC, and fine‑grained access controls in business‑critical applications
• API security and threat modelling – securing REST/GraphQL APIs, conducting threat assessments, and implementing advanced security patterns in high‑traffic production systems
• AI/ML security and vulnerability research – understanding of LLM vulnerabilities, model security, prompt‑injection attacks, and AI‑specific threat vectors through hands‑on testing
• Security automation and tooling – automating manual security processes
• Cloud‑native security – securing containerized applications in Kubernetes, service mesh security, and cloud‑native security patterns at enterprise scale
• Incident response and forensics – experience investigating, analyzing, and responding to security incidents in live production systems

What we’ll provide you:

• 27 days annual leave (plus bank holidays)
• Discretionary annual performance‑related bonus
• Private medical care & life insurance
• Employee assistance program
• Pension plan
• Paid parental leave
• Special discounts for employees, family, and friends
• Competitive base salary reviewed annually
• Hybrid working model – up to two days working at home per week
• Competitive benefits and a business‑casual workplace

Official Statements: Citi is an equal‑opportunity employer. Qualified candidates will receive consideration regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.