Staff Engineer, AI Security and Product Security

The Impact You’ll Make

• Define and lead product security strategy across web, mobile, API, cloud, infrastructure, and container security — conducting threat modeling, risk assessments, and security reviews throughout the development lifecycle with a strong shift-left focus.
• Embed secure development practices by designing and implementing secure coding standards, encryption, and security testing methodologies in close collaboration with development and ML teams, ensuring products are secure, resilient, and trustworthy.
• Own Enterprise AI Security end-to-end — from securing LLM integrations, agentic pipelines, and ML model ingestion to defending against AI-specific threats (prompt injection, data poisoning, model extraction, RAG poisoning, ), building AI incident response playbooks, and red-teaming AI systems across Recursion's product surfaces.
• Secure the AI supply chain and MLOps infrastructure by vetting third-party foundation models, open-source weights, and AI APIs before production integration, and partnering with ML engineering to protect training pipelines, feature stores, and model serving endpoints.
• Champion compliance and AI governance by operationalizing frameworks such as OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act requirements — collaborating with legal, privacy, and responsible AI teams to support audits and evolving regulatory expectations.
• Scale security as a force multiplier by evaluating and deploying security tooling, detecting policy violations, driving security outcomes, and ensuring security initiatives never become a bottleneck to business objectives.
• Elevate the security culture across the organization by serving as a subject matter expert, mentoring engineering teams, and leading incident response efforts from investigation through mitigation and prevention.
• Maintain the security foundation through thorough documentation — including security requirements, guidelines, and incident response plans — and hands-on penetration testing and code reviews to simulate and get ahead of real-world threats.

The Team You'll Join

• You will join a growing Information Security team at Recursion, focused on enabling Recursion to decode biology by providing world class technology services that are designed and fit for purpose. You'll collaborate with your teammates and across departments to agree on what the most important challenges and capabilities are, then figure out how to get us there.

The Experience You'll Need

• Education & Tenure: Bachelor's or Master's degree in Computer Science, Information Security, or a related field, with 10+ years of experience in product security or application security and a proven track record securing complex products.
• Security Fundamentals: Deep understanding of security principles, threats, and countermeasures as they relate to product design and development, with familiarity across standards and frameworks including OWASP, NIST, ISO/IEC 27001, and CVSS-based vulnerability prioritization.
• Offensive Security & Penetration Testing: Hands-on proficiency with penetration testing frameworks and tools (Metasploit, Burp Suite, Nmap, Wireshark), web application attack techniques (SQL injection, XSS, CSRF, OWASP Top Ten), and the ability to simulate real-world attacks and assess their impact.
• Secure Development & Engineering: Expertise in one or more programming languages (e.g., Python, Java, C++) with strong command of secure coding practices, encryption standards, and integrating security tooling into CI/CD and development workflows.
• Enterprise AI Security: Demonstrated experience securing AI/ML systems and LLM-powered or agentic products in production — including familiarity with AI attack surfaces (prompt injection, data poi