Lead ML Security - Agentic Security

MARA is redefining the future of sovereign, energy-aware AI infrastructure. We’re building a modular platform that unifies IaaS, PaaS, and SaaS which will enable governments, enterprises, and AI innovators to deploy, scale, and govern workloads across data centers, edge environments, and sovereign clouds. 

MARA is seeking a Principal Application Security Engineer to lead the design and execution of our product security strategy across AI initiatives. This role sits at the intersection of security architecture, threat modeling, and applied AI, driving security-by-design practices that scale across development, infrastructure, and product lifecycles. 

The Principal Application Security Engineer will define frameworks, tools, and training that enable engineering teams to build secure, privacy-aware, and reliable AI-driven products. The ideal candidate combines deep experience in application security with a pioneering mindset around AI threat modeling, secure SDLC, and Responsible AI (RAI) implementation. 

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Lead development and implementation of AI Product Security program ensuring alignment with regulatory, privacy, and Responsible AI standards. 
• Build and maintain security process (threat modeling, code review, pen-testing, continuous security validation) for both traditional and AI-enabled applications. 
• Define and maintain framework of AI security controls, including reference threat models for LLM-based systems, prompt-injection mitigation, model supply-chain security, and data-handling controls. 
• Collaborate with engineering and ML teams to design secure architectures for AI pipelines, agentic systems, and inference workflows. 
• Develop and deploy AI-aware security automation tools (scanning, vulnerability prioritization, remediation) 
• Drive security education and awareness, conducting workshops and learning programs for engineers, product managers, and executives. 
• Partner with clients and internal stakeholders to perform deep-dive assessments, translate findings into actionable roadmaps, and influence product security transformations. 
• Lead internal and external penetration-testing coordination, ensuring effective remediation and security ownership across delivery units. 
• Represent the company externally at conferences and working groups (e.g., OWASP, CSA, NIST) to influence industry best practices around GenAI security. 

 QUALIFICATIONS

• 8+ years of experience in application security or secure software architecture, including leadership or mentoring roles. 
• Expertise in threat modeling, secure SDLC, and security automation across cloud-native and AI-driven environments. 
• Proven success building or scaling products security programs 
• Familiarity with emerging AI threats such as prompt injection, model exfiltration, LLM misalignment, etc. 
• Experience with security tooling (42Crunch, BlackDuck, Fortify, SonarQube, Wiz, Prisma Cloud, BurSuite Sysdig, NowSecure, or similar) and modern CI/CD integration. 

PREFERRED EXPERIENCE

• Background in HPC, ML infrastructure, or sovereign/regulated environments. 
• Familiarity with energy-aware computing, modular data centers, or ESG-driven infrastructure design. 
• Experience collaborating with European and global engineering partners. 
• Strong communicator who can bridge engineering, business, and vendor ecosystems seamlessly. 
• Strong understanding of API security within enterprise ecosystems, including understanding of OAuth, OIDC, and SAML 
• Practical experience in AI/ML pipelines and security for LLM applications 
• Excellent communication and leadership skills; demonstrated ability to influence engineering and executive stakeholders. 
• CSSLP certification or equivalent (CISSP, CISM) preferred.