Senior DevSecOps Engineer (AI/ML Systems)

26WD98448

Position Overview
 

We are looking for a DevSecOps Engineer to help build, secure, and scale our AI/ML platforms and services. In this role, you will partner with AI/ML Engineers, Data Scientists, Platform Engineers, and Security teams to integrate security throughout the software and machine learning development lifecycle.

You will be responsible for designing secure cloud-native architectures, automating security controls, implementing DevSecOps practices, and enabling secure AI innovation at scale.

Responsibilities

• AI/ML Platform Security

• Design and implement security controls across AI/ML platforms, model training pipelines, inference services, and AI applications

• Enable secure deployment and operation of Generative AI, LLM, RAG, and agent-based systems

• Support model governance, AI risk management, and responsible AI initiatives

• Secure AI infrastructure including GPU workloads, Kubernetes clusters, and distributed training environments

• DevSecOps & Security Automation

• Drive shift-left security practices across engineering teams

• Integrate SAST, DAST, SCA, container security scanning, and secrets detection into CI/CD pipelines

• Develop automated security controls and policy enforcement mechanisms.

• Build security tooling and automation using Python, Golang, TypeScript, or similar technologies

• Improve software supply chain security through dependency management and artifact validation

• Cloud & Infrastructure Security

• Build and maintain Infrastructure as Code (IaC) using Terraform, CloudFormation, and related tools

• Secure AWS, Azure, and GCP environments

• Implement identity and access management (IAM), secrets management, and Zero Trust principles

• Conduct cloud security architecture reviews and risk assessments.

• Application Security

• Perform threat modeling and security design reviews

• Establish secure coding standards and security best practices

• Secure REST and GraphQL APIs, authentication services, and microservices architectures

• Ensure alignment with OWASP Top 10 and OWASP API Security standards.

• Vulnerability Management

• Manage vulnerability identification, triage, prioritization, and remediation processes

• Assess findings from tools such as Black Duck, Snyk, Trivy, SonarQube, and Checkov

• Partner with engineering teams to resolve security issues effectively

• Define security metrics and reporting mechanisms

• Monitoring & Operations

• Implement observability and security monitoring solutions using OpenTelemetry, Prometheus, Grafana, ELK/OpenSearch, and cloud-native tools

• Support incident response, forensic investigations, and root cause analysis.

• Develop security dashboards and operational reporting

Minimum Qualifications

• 5+ years of experience in Security Engineering, Application Security, Security Operations, or DevSecOps roles

• Experience working with cloud platforms such as AWS, Azure, or GCP

• Experience with Docker, Kubernetes, and cloud-native technologies

• Strong understanding of secure software development lifecycle (SSDLC)

• Deep knowledge of Secure Coding Practices, OWASP Top 10, OWASP API Security Top 10, Threat Modeling, Vulnerability Management

• Hands-on experience with SAST, DAST, SCA, Container Security, Secrets Management

• Experience automating workflows using Python, Golang, Bash, TypeScript, or equivalent languages

• Familiarity with CI/CD pipelines and Git-based development workflows

• Experience designing security architectures that address complex threat models and compliance requirements

• Strong REST and GraphQL API experience, including authentication, authorization, and API security best practices

• Excellent communication and stakeholder management skills

Preferred Qualifications

• Experience with AI/ML platforms such as MLflow, Kubeflow, SageMaker, Vertex AI, or Databricks

• Experience securing Generative AI, LLM applications, AI agents, and RAG architectures

• Knowledge of MITRE ATLAS

• NIST AI Risk Management Framework

• Responsible AI principles

• Experience with Kubernetes security and cloud-native security platforms.

• Familiarity with SOC2, ISO 27001, NIST, HIPAA, or GDPR compliance frameworks

• Security certifications such as CISSP, CCSP, CSSLP, CKS, or AWS Security Specialty

• Preferred Skills Python, TypeScript, Terraform, Kubernetes, Docker, GitHub Actions, GitLab CI, Jenkins, AWS / Azure / GCP, Snyk, SonarQube, Open Telemetry, Prometheus, Grafana, ELK/OpenSearch, Comet Opik

#LI-SJ1

Learn More

About Autodesk

Welcome to Autodesk! Amazing things are created every day with our software – from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.

We take great pride in our culture here at Autodesk – it’s at the core of everything we do. Our culture guides the way we work and treat each other, informs how we connect with customers and partners, and defines how we show up in the world.

When you’re an Autodesker, you can do meaningful work that helps build a better world designed and made for all. Ready to shape the world and your future? Join us!

Salary transparency

Salary is one part of Autodesk’s competitive compensation package. Offers are based on the candidate’s experience and geographic location. In addition to base salaries, our compensation package may include annual cash bonuses, commissions for sales roles, stock grants, and a comprehensive benefits package.

Diversity & Belonging
We take pride in cultivating a culture of belonging where everyone can thrive. Learn more here: https://www.autodesk.com/company/diversity-and-belonging

Are you an existing contractor or consultant with Autodesk?

Please search for open jobs and apply internally (not on this external site).