Runtime Security Engineer

Recruitment Fraud Alert

We’ve learned that scammers are impersonating Commvault team members—including HR and leadership—via email or text. These bad actors may conduct fake interviews and ask for personal information, such as your social security number.  

What to know:

• Commvault does not conduct interviews by email or text.
• We will never ask you to submit sensitive documents (including banking information, SSN, etc) before your first day.

If you suspect a recruiting scam, please contact us at wwrecruitingteam@commvault.com 

About Commvault 

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data. 

Runtime Security Engineer:

The Opportunity:

 We are seeking a highly skilled Runtime Security Engineer to strengthen the security of our production application environments. This role will focus on protecting live systems, APIs, and next-generation AI-powered applications against evolving threats. The ideal candidate will have deep expertise in at least one runtime security technology such as Web Application Firewalls (WAF), API security platforms, or Generative AI  security tools. You will collaborate closely with engineering, operations, and security teams to ensure our applications are resilient, monitored, and safeguarded in real time.

What you’ll do…

• Define, tune and review WAF rules to protect against OWASP Top 10 and emerging threats
• Define API security best practices including authentication, and rate limiting
• Integrate and manage API security platforms (e.g., Salt Security, Noname Security, or similar)
• Collaborate with development teams to secure internal and external
• Evaluate, implement, and maintain security tooling specific to AI/ML environments (e.g., model access controls, prompt injection protections, LLM firewalls)
• Monitor AI systems for misuse, adversarial inputs, or unauthorized access
• Integrate runtime security tools into SIEM/SOAR platforms
• Contribute to incident response processes involving web applications, APIs, or AI services
• Provide input into overall security architecture and tooling strategy
• Lead security assessments, proof of concepts, and vendor evaluations

Who you are?

• 5+ years of experience in application or cloud security, with a focus on runtime environments
• Strong hands-on experience with WAF technologies and API security tools
• Understanding of common web vulnerabilities (OWASP Top 10, API Security Top 10)
• Experience with securing containerized and serverless environments (Docker, Kubernetes, AWS Lambda, etc.)
• Familiarity with securing AI/ML systems or a strong desire to grow in this domain
• Scripting and automation experience (Python, Bash, or similar)

Preferred Qualifications…

• Experience with AI/LLM security platforms (e.g., LLMGuard, ProtectAI, Robust Intelligence)
• Knowledge of machine learning pipelines, model risks, and AI governance
• Familiarity with cloud platforms (AWS, GCP, Azure) and their native security services
• Certifications such as GWAPT, GCPN, or similar are a plus