AI Security Engineer in London

This is a fantastic opportunity to work in a new and cutting-edge team within the UKI Platform and Enablement Super Tribe. This team is focused on driving the next phase of AI innovation across the Flutter UK & Ireland business, building intelligent systems and capabilities that will shape the future of our platform and customer experience. Flutter is a global leader in sports betting, gaming, and entertainment, with a culture focused on innovation, collaboration, and growth. This role offers the opportunity to work on large-scale technology platforms in a supportive and exciting environment where you'll ensure that AI capabilities are built with security and responsible AI at their core.

The AI Security Engineer is a critical role within the team, focused on securing AI workloads, managing data risks, and ensuring that AI capabilities meet regulatory and governance requirements. You'll work alongside the DevOps Engineer, backend engineers, and compliance stakeholders to build security into every layer of the platform. This role is ideal for someone who understands that security and innovation aren't opposed — they're complementary. You'll help the team move fast while staying secure, and you'll be instrumental in proving to regulators and stakeholders that Flutter is building AI responsibly.

AI platforms handle sensitive data (customer data, behavioral data, financial data). Breaches are catastrophic. LLMs can be tricked into revealing sensitive information or behaving in unintended ways. You'll implement safeguards. Regulatory scrutiny on AI is increasing. UKGC, ICO, and other regulators are watching. You'll ensure Flutter stays ahead of requirements. Responsible AI isn't just compliance — it's a competitive advantage. You'll help Flutter build AI that customers and regulators trust.

• AI‑Specific Threat Modeling: Conduct threat modeling for AI workloads. Identify risks specific to LLMs (prompt injection, data leakage, model poisoning, adversarial inputs). Develop mitigation strategies.
• Prompt Security: Establish secure prompt engineering practices. Implement safeguards against prompt injection, jailbreaking, and other attacks. Review prompts for security and responsible AI concerns.
• Data Security: Ensure sensitive data is protected throughout the AI pipeline — in transit, at rest, and during processing. Implement data masking, encryption, and access controls.
• Model & API Security: Secure LLM APIs and model access. Implement authentication, authorization, rate limiting, and anomaly detection. Protect against model extraction and abuse.
• Audit & Compliance: Implement audit logging for AI workloads. Ensure immutable audit trails of model decisions, data access, and system changes. Support compliance with UKGC, ICO, and other regulations.
• Responsible AI Governance: Establish responsible AI practices — bias detection, fairness monitoring, explainability, human oversight. Ensure AI decisions can be audited and explained.
• Vulnerability Management: Conduct security assessments and penetration testing of the AI platform. Identify and remediate vulnerabilities. Manage dependencies and patch management.
• Security Documentation: Create security documentation, threat models, and security runbooks. Educate the team on AI‑specific security risks.
• Incident Response: Participate in incident response for security issues. Help the team understand what happened and how to prevent recurrence.
• Stakeholder Communication: Communicate security posture to compliance, audit, and leadership. Present security findings and recommendations.

• 5+ years of cybersecurity, application security, or infrastructure security experience
• Strong understanding of cloud security (AWS security services, IAM, encryption, networking)
• Experience with threat modeling and risk assessment
• Knowledge of secure coding practices and common vulnerabilities (OWASP)
• Understanding of authentication and authorization patterns (OAuth 2.0, JWT, IAM)
• Experience with security testing and vulnerability assessment
• Strong communication skills — ability to explain security concepts to non‑security audiences
• Experience working in regulated or compliance‑driven environments
• Familiarity with incident response and security operations

• Experience with AI/ML security and responsible AI
• Knowledge of LLM‑specific risks (prompt injection, jailbreaking, data leakage)
• Familiarity with prompt engineering and LLM APIs
• Experience with data privacy regulations (GDPR, CCPA, ICO)
• Knowledge of gaming or iGaming industry regulations
• Experience with security automation and Infrastructure as Code security
• Background in penetration testing or ethical hacking
• Experience with bias detection and fairness monitoring in ML systems

You’ll be the guardian of security and responsible AI within the platform team. Your work will ensure that as the platform scales and takes on more critical business functions, it remains secure, trustworthy, and compliant. You'll help Flutter build AI that customers, regulators, and stakeholders trust, and you'll be instrumental in differentiating Flutter as a responsible AI leader in the gaming industry.