Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Lead, AI Security Operations Engineer
As an Information Security Engineer – AI Security Operations, you will be at the forefront of protecting the organization’s AI platforms, models, and data in active use. This role focuses on the operational security of AI systems, including continuous assessment, monitoring, testing, and response using specialized AI security tools such as AI red teaming, guardrails, model evaluation platforms, and AI Security Posture Management (AI‑SPM) capabilities.
You will apply deep technical expertise to identify, assess, and mitigate AI‑specific threats and vulnerabilities across the AI lifecycle. Working closely with AI engineering, data science, platform, and risk teams, you will help ensure the robustness, confidentiality, integrity, availability, and trustworthiness of AI‑enabled solutions.
Key Responsibilities:
AI Security Operations & Tooling
- Operate and continuously improve AI security tooling, including:
o AI red team testing tools to simulate adversarial attacks against models and AI workflows
o AI guardrails and policy enforcement mechanisms to prevent misuse, data leakage, and unsafe outputs
o Model evaluation and validation platforms to assess robustness, bias, misuse risk, and control effectiveness
o AI Security Posture Management (AI‑SPM) solutions to inventory AI assets, assess risk, and monitor control coverage
- Analyze findings from AI security tools and translate results into actionable remediation and risk reduction activities.
- Integrate AI security tooling into broader security operations workflows, including monitoring, alerting, and incident response.
Security Architecture & Control Design
- Support the design and operationalization of security architectures for AI systems, including secure model deployment patterns, data protections, and access controls.
- Author and maintain secure design principles and operational security requirements for AI platforms and services.
- Ensure AI security controls are measurable, testable, and enforceable in production environments.
Secure AI Lifecycle Enablement
- Collaborate with data scientists, ML engineers, and software engineers to embed security controls and guardrails throughout the AI development and deployment lifecycle.
- Support security reviews and approvals for AI systems transitioning from experimentation to production.
- Ensure AI systems meet operational security requirements before and after deployment.
Governance, Standards & Compliance
- Support implementation of AI security policies, standards, and control frameworks, aligned with NIST, ISO, and emerging AI‑specific guidance.
- Track regulatory, legal, and industry developments related to AI security and contribute to control uplift where required.
- Provide operational evidence and reporting to support audits, risk assessments, and governance forums.
Documentation, Reporting & Metrics
- Develop and maintain standard operating procedures (SOPs), playbooks, and runbooks for AI security operations, testing, and incident response.
- Produce clear security reports summarizing AI security posture, assessment outcomes, and remediation progress.
- Contribute to AI security KPIs and KRIs to demonstrate operational effectiveness and risk reduction.
Advisory, Training & Enablement
- Act as a trusted advisor on AI security operations and tooling, providing guidance on secure implementation and ongoing monitoring.
- Provide technical training and knowledge sharing on AI threats, red teaming techniques, guardrails, and model evaluation practices.
- Support internal communities of practice focused on AI security and responsible AI adoption.
Research, Experimentation & Continuous Improvement
- Stay current on emerging AI threats, attack techniques, and defensive controls.
- Design and execute proofs of concept (POCs) to evaluate new AI security tools, detection techniques, and operational workflows.
- Continuously improve AI security operations through automation, tooling integration, and process refinement.
Qualifications
- Bachelor’s or Master’s degree in Computer Science, Information Security, Engineering, or a related field.
- Strong experience in information security engineering or operations, with hands‑on exposure to AI/ML systems and associated security risks.
- Practical experience working with or evaluating AI security tools, such as red team testing, guardrails, model evaluation, or AI‑SPM platforms.
- Proven experience implementing defensive controls to mitigate OWASP Top 10 for LLM applications.
- Proven ability to assess, test, and operationalize security controls for complex, distributed systems.
- Strong analytical and problem‑solving skills, with the ability to interpret tool output and translate findings into remediation actions.
- Excellent technical communication and collaboration skills to work effectively across engineering, data, and risk teams.
- Relevant certifications such as CISSP, GIAC, CEH, OSCP, or cloud security certifications are highly desirable.
This role aligns to the NICE Cybersecurity Workforce Framework, with primary alignment to Security Control Assessment, Secure Systems Development, Cybersecurity Architecture, Systems Security Management, and Incident Response work roles.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.