Sr. Staff Vulnerability & AI Security Engineer (Hybrid)

Archer is an aerospace company based in San Jose, California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing, manufacturing, and operating an all-electric aircraft that can carry four passengers while producing minimal noise.

Our sights are set high and our problems are hard, and we believe that diversity in the workplace is what makes us smarter, drives better insights, and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences, and supports and celebrates all of our team members.

Sr. Staff Vulnerability & AI Security Engineer (Hybrid-San Jose,CA)

Job Overview

We are seeking a Sr. Staff Vulnerability & AI Security Engineer to architect and lead Archer’s enterprise vulnerability management strategy while establishing technical, secure guardrails for AI adoption. Reporting directly to the CISO, you will serve as a technical principal and "player-coach," owning the end-to-end vulnerability lifecycle across cloud, endpoints, applications, and identity.

This is a high-influence, high-execution role. You will move between high-level strategy and deep-dive engineering, partnering with teams to drive measurable risk reduction through automation, rigorous prioritization, and disciplined remediation. You will operationalize modern approaches such as attack surface management and AI-assisted detection while ensuring our security posture meets the high bar of aerospace compliance (NIST SP 800-171, CMMC, ITAR).

Key Responsibilities

• Architect Enterprise Strategy: Design and own the end-to-end vulnerability management architecture—from discovery and coverage to automated validation and executive reporting.

• Risk-Based Prioritization: Establish a sophisticated prioritization model that integrates asset criticality, threat intelligence, and exploitability to ensure engineering teams focus on the "critical few" over the "noisy many."

• Technical AI Governance: Lead the technical implementation of AI security; design and deploy guardrails for GenAI usage, detect "Shadow AI," and build technical controls to prevent IP leakage into public LLMs.

• Attack Surface Engineering: Partner with Cloud and Infrastructure teams to integrate CNAPP/CSPM findings and build automated workflows that reduce configuration-driven exposure in AWS/Azure.

• Shift-Left Leadership: Drive DevSecOps excellence by embedding SAST/DAST/SCA and secrets scanning into CI/CD pipelines, preventing vulnerabilities from reaching production.

• Metrics & Storytelling: Define and operationalize technical KPIs (MTTR, risk burn-down, coverage) that translate raw technical data into business risk for executive leadership.

• Tactical Response: Lead high-severity vulnerability response efforts, providing technical validation, containment strategies, and verification of remediation.

• Technical Mentorship: Act as a "multiplier" by setting engineering standards, mentoring security analysts, and leading cross-functional remediation initiatives through technical influence rather than just authority.

Required Qualifications

• 8+ years of security engineering experience with a heavy focus on vulnerability management, AppSec, or cloud security.

• Staff-Level Influence: Proven track record of leading complex, enterprise-wide security programs and driving technical change across diverse engineering organizations.

• Cloud Depth: Strong hands-on experience in AWS, GCP, or Azure, specifically regarding identity, secure configuration, and automated telemetry.

• Tooling Mastery: Deep expertise in the modern security stack (SAST/DAST/SCA, scanners, and automated ticketing workflows).

• Regulatory Fluency: Practical understanding of how vulnerability evidence supports compliance in regulated environments (NIST SP 800-171, CMMC Level 2, ITAR).

• Communication: Exceptional ability to translate a complex CVE into a business risk narrative for non-technical stakeholders.

Preferred Qualifications

• AI Security Practitioner: Experience implementing technical enforcement (not just policy) for AI usage and data leakage prevention.

• Automation Specialist: Experience building automated triage and enrichment workflows to reduce "security friction" for developers.

• Aerospace/Defense Background: Prior experience in high-stakes, auditable environments where "checkbox security" isn't an option.

Please note that this job description is intended to provide a general overview of the position and does not include an exhaustive list of responsibilities and qualifications

At Archer, we aim to attract, retain, and motivate talent with the skills and leadership needed to grow our business. We drive a pay-for-performance culture and reward performance that supports the Company’s strategy. For this position, we are targeting a base pay range of $182,500 - $240,900. Actual compensation offered will be determined by job-related knowledge, skills, and experience.

Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit, qualifications, and business needs. We do not discriminate based upon race, color, religion, sex, sexual orientation, age, national origin, disability status, protected veteran status, gender identity or any other characteristic protected by federal, state or local laws.

Archer is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities, and those with sincerely held religious beliefs. Applicants who may require reasonable accommodation for any part of the application or hiring process should provide their name and contact information to Archer’s People Team at people@archer.com. Reasonable accommodations will be determined on a case-by-case basis.

Information collected and processed as part of any job applications you choose to submit is subject to Archer's Candidate Privacy Policy.

Archer is unable to provide work visa sponsorship for this position at the present time.

Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit, qualifications, and business needs. We do not discriminate based upon race, color, religion, sex, sexual orientation, age, national origin, disability status, protected veteran status, gender identity or any other characteristic protected by federal, state or local laws.

Archer Aviation does not engage with external recruiting agencies/individual recruiters with whom it does not have a prior written agreement. Archer reserves the right to make use of any unsolicited resumes that it receives and bears no responsibility for payment of any fees asserted from the use of unsolicited resumes. If you are a recruiting agency or individual recruiter wishing to do business with Archer, please reach out to People@archer.com. All employment processes are managed by the Archer People Team.