Build and deploy GenAI applications using LangChain , LlamaIndex , or similar frameworks, and orchestrate agentic AI workflows with tools such as AutoGen , CrewAI , or custom agent-based architectures.
Design, train, and evaluate ML models from scratch, spanning both classical ML and deep learning, and develop end-to-end pipelines for ingestion, preprocessing, training, evaluation, and deployment.
Implement and optimize RAG pipelines using embeddings and vector databases (e.g., FAISS, Pinecone, Qdrant ), with security and data-leakage controls built in from the start.
Write robust backend APIs in Python to serve models, process data, and integrate with cloud infrastructure; monitor model performance, latency, and accuracy in production and iterate continuously.
Break
Conduct in-depth research on security vulnerabilities in LLMs and AI systems, including prompt injection, jailbreaks, data leakage, model theft, and adversarial attacks.
Design and execute offensive security assessments and red teaming campaigns against GenAI and ML-powered systems, including the agentic pipelines built in-house.
Identify and classify novel threat vectors targeting model inference, training pipelines, and model-serving architectures.
Contribute to and build internal tooling for scanning, fuzzing, and automating LLM vulnerability discovery.
Lead & Communicate
Collaborate cross-functionally with product and engineering teams to design secure AI-powered features and define hardening strategies.
Develop proof-of-concepts, technical whitepapers, or blog posts on emerging threats and best practices; monitor threat intelligence and academic research on AI model security and supply chain risks.
Represent Qualys in security and AI research communities through speaking, publishing, or standardization efforts, and mentor engineers on secure AI development.
Required Qualifications
6+ years of combined experience across software engineering / machine learning and security research, penetration testing, or exploit development, with a focus on application or cloud security.
Strong programming skills in Python, including building APIs and backend components, plus scripting and automation for testing and PoC development.
Experience training ML models using Scikit-learn, TensorFlow, or PyTorch , and a strong working knowledge of LLM architectures (transformers, embeddings, fine-tuning, RAG).
Hands-on experience with LangChain , LlamaIndex , or other GenAI frameworks, and with building multi-agent or autonomous AI workflows.
Familiarity with GenAI-specific risks such as prompt injection, model evasion, hallucination-based exploits, data leakage, or model theft, and with LLM deployment scenarios (e.g., OpenAI, HuggingFace , custom-hosted models) and their threat surfaces.
Ability to analyze logs, API interactions, inference responses, and prompt chains to identify anomalous or risky behavior.
Working knowledge of SQL, Pandas, and large-scale data processing, with experience developing and deploying ML systems in Agile environments.
Strong analytical mindset, excellent technical writing skills, and familiarity with responsible disclosure practices, bug bounty programs, or security research ethics.
Requirements
Background in AI/ML security red teaming or adversarial ML.
Knowledge of vector database risks, insecure RAG pipelines, model fingerprinting, and AI model supply chain attacks.
Experience using or contributing to tools such as AutoGen , CrewAI , MetaGPT , Guardrails.ai, LLM Guard, or Tracer.
Fam
Additional Information
Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Company Overview
Qualys is a leading provider of cloud-based security and compliance solutions, processing vast amounts of data to help our global customers secure their networks, devices, and applications. With a strong focus on innovation and scale, Qualys empowers organizations to achieve continuous security and compliance through real-time visibility and analytics. As we continue to grow, we are looking for passionate and skilled professionals to join our mission in redefining the future of cybersecurity.
Position Overview
We are seeking a Senior Security Engineer - AI/ML who sits at the intersection of hands-on AI/ML engineering and offensive security research. You will both build and break: designing and deploying GenAI and agentic systems that power next-generation threat detection, while red teaming those same systems to uncover prompt injection exploits, adversarial inputs, model manipulation, and other emerging AI threats.
This is a senior, dual-mandate role for an engineer who is equally comfortable orchestrating multi-agent pipelines and RAG architectures as they are tearing them apart to find weaknesses. You will set the technical bar for secure-by-design AI at Qualys, mentor other engineers, and translate research into production hardening strategies.
Qualys · Foster City