Senior AI Defense Engineer
WilmerHale
•
Boston, MA
0
0
0
0
Not Applicable
Posted April 5, 2026
Job link
Thinking about this job
Responsibilities
Commitments
Responsibilities
- Threat Modeling & Risk Assessment - Guide and conduct technical threat modeling for AI/ML systems (neural networks, expert systems, retrieval-augmented generation, classification models, etc.).
- Identify and document AI-specific threats with emphasis on how vendor controls (gateways, content filters, policy engines, etc.) mitigate prompt injection, data leakage, jailbreaks, and unsafe autonomy.
- Provide clear, prioritized mitigation guidance to colleagues via vendor configuration standards, reference patterns, and exception processes.
- AI Defense Engineering – Evaluate and operationalize security controls, guardrails, and enforcement mechanisms for AI services (e.g., input/output filters, policy enforcement layers, content safety checks, rate limiting, abuse detection).
- Enable detections and monitoring for AI-specific attack patterns using logs, telemetry, and model signals.
- Work with platform teams to secure the integration and operational use of enterprise AI services, including protection of credentials, data flows, storage, and access controls across Copilot and other commercial LLM platforms.
- Adversarial Testing & Red Teaming – Identify and utilize adversarial test suites for AI applications (prompt libraries, fuzzing harnesses, automated attack campaigns).
- Simulate realistic attacker behavior targeting AI endpoints and agents, capture and track issues as actionable vulnerabilities.
- Partner with application and product teams to validate fixes, re-test, and track residual risk.
- Tooling & Automation –Ensure AI capabilities are incorporated into the existing and future security stacks (SIEM, SOAR, EDR, WAF, API gateways, identity platforms).
- Incident Response & Forensics for AI Systems - Serve as technical lead for security incidents that involve AI services (e.g., abuse, data exfiltration via AI systems, compromised API keys, poisoned training data).
- Analyze logs and model behavior to reconstruct attack paths and define durable fixes.
- Improve playbooks/runbooks and lead post-incident technical reviews.
- Collaboration - Serve as the AI security technical lead with engineering, product, infrastructure, and security leadership.
- Communicate tradeoffs clearly, align stakeholders, and unblock delivery.
- Provide technical input into AI security standards and guidelines, staying grounded in implementation and operational constraints along with emphasizing vendor capability fit, maintainability, and total cost of ownership (TCO).
- Roadmap Leadership - Own the technical strategy and roadmap for AI security engineering.
- Translate threat intelligence and risk assessments into prioritized engineering work, milestones, and measurable outcomes.
- Lead technical design reviews, set standards for secure AI architecture, and ensure high-quality implementation, supportability, and operational readiness.
- Contributes to the Firm's Service Matters initiative to consistently improve its image internally and externally.
- Displays professionalism, quality service and a "can do" attitude to internal members/departments of the Firm as well as external clients and vendors via electronic and print correspondence, over the telephone and in-person.
Commitments
Displays professionalism, quality service and a "can do" attitude to internal members/departments of the Firm as well as external clients and vendors via electronic and print correspondence, over the telephone and in-person.
It is our policy to take all employment actions and make all employment decisions without regard to race, color, religion, creed, gender, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, ancestry, age, marital status, citizenship status, genetic predisposition or carrier status, disability, military status, status as a disabled or other protected veteran, or any other protected status under applicable law.
WilmerHale will make reasonable accommodation for qualified individuals with disabilities and otherwise as required by applicable law.
L1-Hybrid
Not Met Priorities
What still needs stronger evidence
Requirements
- Practical understanding of ML/AI pipelines: data collection, feature engineering, training, evaluation, deployment, monitoring.
- Strong understanding of how enterprise AI services (SaaS/PaaS) are deployed and governed, including data handling, routing, and isolation controls.
- Experience with at least one major cloud platform (AWS, Azure, or GCP) and modern infrastructure (containers, Kubernetes, secrets management, CI/CD).
- Experience integrating Microsoft AI security and governance capabilities, including Azure OpenAI / Model Catalog, Azure API Management, Microsoft Entra ID, and related Azure-native AI security controls and gateways.
- Familiarity with AI attack patterns and defenses, such as prompt injection and jailbreaks, data/model poisoning, model inversion and membership inference, overreliance/automation bias, and unsafe autonomy in agents.
- Solid security fundamentals: authentication/authorization, network security, data protection, logging/telemetry, secure software engineering practices, vulnerability management.
- Strong understanding of neural network frameworks (e.g., LangChain, Semantic Kernel, LlamaIndex) or agentic/orchestration platforms.
- Experience doing application security reviews or threat modeling for APIs, microservices, or data platforms.
- Familiarity with NIST AI RMF, ISO 42001, ISO 27001, and key privacy/security regulations and third‑party assurance artifacts (SOC 2, ISO certifications, pen‑test summaries) to support buy decisions.
- Ability to translate complex risks into concrete technical changes (config updates, new controls, guardrails, playbooks) and operational playbooks.
- Strong written and verbal communication skills; able to collaborate with data scientists, software engineers, and security teams.
- Typically, 5–10+ years in security engineering, application security, red teaming, threat research, or ML/ML Ops engineering.
Preferred Skills
- Strong understanding of neural network frameworks (e.g., LangChain, Semantic Kernel, LlamaIndex) or agentic/orchestration platforms.
- Demonstrated team leadership or supervisory role is a plus.
- Strong written and verbal communication skills; able to collaborate with data scientists, software engineers, and security teams.
- Certification: ISC2 Building AI Strategy preferred
Education
- (Not required) – Typically, 5–10+ years in security engineering, application security, red teaming, threat research, or ML/ML Ops engineering.
- (Not required) – Education
- (Not required) – Bachelor’s degree in computer science, information security, or related field; or equitable work experience.
- (Not required) – Certification: ISC2 Building AI Strategy preferred
Job Description
WilmerHale is a leading, full-service international law firm with 1,000 lawyers located throughout 12 offices in the United States and Europe. Our lawyers work at the intersection of government, technology and business, and we remain committed to our guiding principles of providing quality, excellent legal and client services; developing diversity among our lawyers and staff and cultivating an environment that promotes an ambitious spirit, collaboration and collegiality by drawing on the extraordinary talents and dynamic experience of our lawyers. Our goal is to reflect the diversity of our clients and the communities in which we practice.
About The Role
The Senior AI Defense Engineer is a technical leader responsible for securing AI in a global law firm environment. This role is responsible for setting technical direction, driving delivery, and mentoring colleagues to raise their awareness and capabilities. The role will translate emerging AI threats into practical defenses, guardrails, policy enforcement layers, monitoring and detections, adversarial test automation, and hardened environments that hold up under real attacker pressure.
The role will support a smart-integration, buy-before-build, security strategy. You will evaluate, select, and operationalize commercial Al security solutions that meet stringent legal-sector expectations, including matter confidentiality, ethical walls, client audit requirements, data residency constraints, and contractual information technology service obligations.
Success looks like: The role also enables progress by enhancing and performing commercial AI tool evaluations and approvals, assessing internally developed AI solutions, and responding to growing audit demands with credible evidence of AI cybersecurity protections. Additionally, success includes secure-by-default adopted by engineering teams; adversarial evaluation and assessments that reliably finds issues before production; telemetry and detections that catch abuse early; and an AI security roadmap that stays current with fast-moving technology shifts.
What You Will Be Doing
Threat Modeling & Risk Assessment - Guide and conduct technical threat modeling for AI/ML systems (neural networks, expert systems, retrieval-augmented generation, classification models, etc.). Identify and document AI-specific threats with emphasis on how vendor controls (gateways, content filters, policy engines, etc.) mitigate prompt injection, data leakage, jailbreaks, and unsafe autonomy. Provide clear, prioritized mitigation guidance to colleagues via vendor configuration standards, reference patterns, and exception processes.
AI Defense Engineering – Evaluate and operationalize security controls, guardrails, and enforcement mechanisms for AI services (e.g., input/output filters, policy enforcement layers, content safety checks, rate limiting, abuse detection). Enable detections and monitoring for AI-specific attack patterns using logs, telemetry, and model signals. Work with platform teams to secure the integration and operational use of enterprise AI services, including protection of credentials, data flows, storage, and access controls across Copilot and other commercial LLM platforms.
Adversarial Testing & Red Teaming – Identify and utilize adversarial test suites for AI applications (prompt libraries, fuzzing harnesses, automated attack campaigns). Simulate realistic attacker behavior targeting AI endpoints and agents, capture and track issues as actionable vulnerabilities. Partner with application and product teams to validate fixes, re-test, and track residual risk.
Tooling & Automation –Ensure AI capabilities are incorporated into the existing and future security stacks (SIEM, SOAR, EDR, WAF, API gateways, identity platforms).
Incident Response & Forensics for AI Systems - Serve as technical lead for security incidents that involve AI services (e.g., abuse, data exfiltration via AI systems, compromised API keys, poisoned training data). Analyze logs and model behavior to reconstruct attack paths and define durable fixes. Improve playbooks/runbooks and lead post-incident technical reviews.
Collaboration - Serve as the AI security technical lead with engineering, product, infrastructure, and security leadership. Communicate tradeoffs clearly, align stakeholders, and unblock delivery. Provide technical input into AI security standards and guidelines, staying grounded in implementation and operational constraints along with emphasizing vendor capability fit, maintainability, and total cost of ownership (TCO).
Roadmap Leadership - Own the technical strategy and roadmap for AI security engineering. Translate threat intelligence and risk assessments into prioritized engineering work, milestones, and measurable outcomes. Lead technical design reviews, set standards for secure AI architecture, and ensure high-quality implementation, supportability, and operational readiness.
Contributes to the Firm's Service Matters initiative to consistently improve its image internally and externally. Displays professionalism, quality service and a "can do" attitude to internal members/departments of the Firm as well as external clients and vendors via electronic and print correspondence, over the telephone and in-person.
Required Skills
What You Will Bring To This Position
Practical understanding of ML/AI pipelines: data collection, feature engineering, training, evaluation, deployment, monitoring.
Strong understanding of how enterprise AI services (SaaS/PaaS) are deployed and governed, including data handling, routing, and isolation controls.
Experience with at least one major cloud platform (AWS, Azure, or GCP) and modern infrastructure (containers, Kubernetes, secrets management, CI/CD).
Experience integrating Microsoft AI security and governance capabilities, including Azure OpenAI / Model Catalog, Azure API Management, Microsoft Entra ID, and related Azure-native AI security controls and gateways.
Familiarity with AI attack patterns and defenses, such as prompt injection and jailbreaks, data/model poisoning, model inversion and membership inference, overreliance/automation bias, and unsafe autonomy in agents.
Solid security fundamentals: authentication/authorization, network security, data protection, logging/telemetry, secure software engineering practices, vulnerability management.
Strong understanding of neural network frameworks (e.g., LangChain, Semantic Kernel, LlamaIndex) or agentic/orchestration platforms.
Experience doing application security reviews or threat modeling for APIs, microservices, or data platforms.
Familiarity with NIST AI RMF, ISO 42001, ISO 27001, and key privacy/security regulations and third‑party assurance artifacts (SOC 2, ISO certifications, pen‑test summaries) to support buy decisions.
Ability to translate complex risks into concrete technical changes (config updates, new controls, guardrails, playbooks) and operational playbooks.
Demonstrated team leadership or supervisory role is a plus.
Strong written and verbal communication skills; able to collaborate with data scientists, software engineers, and security teams.
Required Experience
Typically, 5–10+ years in security engineering, application security, red teaming, threat research, or ML/ML Ops engineering.
Education
Bachelor’s degree in computer science, information security, or related field; or equitable work experience.
Certification: ISC2 Building AI Strategy preferred
Our Commitment
Wilmer Cutler Pickering Hale and Dorr LLP (WilmerHale) is an equal opportunity employer and is committed to compliance with all applicable laws prohibiting employment discrimination. It is our policy to take all employment actions and make all employment decisions without regard to race, color, religion, creed, gender, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, ancestry, age, marital status, citizenship status, genetic predisposition or carrier status, disability, military status, status as a disabled or other protected veteran, or any other protected status under applicable law. WilmerHale will make reasonable accommodation for qualified individuals with disabilities and otherwise as required by applicable law.
Hire in salary range is $158,000.00 - $197,500.00
For more information about Equal Employment Opportunity, please click here
For additional information about our benefits, please click here
L1-Hybrid
WilmerHale is a leading, full-service international law firm with 1,000 lawyers located throughout 12 offices in the United States and Europe. Our lawyers work at the intersection of government, technology and business, and we remain committed to our guiding principles of providing quality, excellent legal and client services; developing diversity among our lawyers and staff and cultivating an environment that promotes an ambitious spirit, collaboration and collegiality by drawing on the extraordinary talents and dynamic experience of our lawyers. Our goal is to reflect the diversity of our clients and the communities in which we practice.
About The Role
The Senior AI Defense Engineer is a technical leader responsible for securing AI in a global law firm environment. This role is responsible for setting technical direction, driving delivery, and mentoring colleagues to raise their awareness and capabilities. The role will translate emerging AI threats into practical defenses, guardrails, policy enforcement layers, monitoring and detections, adversarial test automation, and hardened environments that hold up under real attacker pressure.
The role will support a smart-integration, buy-before-build, security strategy. You will evaluate, select, and operationalize commercial Al security solutions that meet stringent legal-sector expectations, including matter confidentiality, ethical walls, client audit requirements, data residency constraints, and contractual information technology service obligations.
Success looks like: The role also enables progress by enhancing and performing commercial AI tool evaluations and approvals, assessing internally developed AI solutions, and responding to growing audit demands with credible evidence of AI cybersecurity protections. Additionally, success includes secure-by-default adopted by engineering teams; adversarial evaluation and assessments that reliably finds issues before production; telemetry and detections that catch abuse early; and an AI security roadmap that stays current with fast-moving technology shifts.
What You Will Be Doing
Threat Modeling & Risk Assessment - Guide and conduct technical threat modeling for AI/ML systems (neural networks, expert systems, retrieval-augmented generation, classification models, etc.). Identify and document AI-specific threats with emphasis on how vendor controls (gateways, content filters, policy engines, etc.) mitigate prompt injection, data leakage, jailbreaks, and unsafe autonomy. Provide clear, prioritized mitigation guidance to colleagues via vendor configuration standards, reference patterns, and exception processes.
AI Defense Engineering – Evaluate and operationalize security controls, guardrails, and enforcement mechanisms for AI services (e.g., input/output filters, policy enforcement layers, content safety checks, rate limiting, abuse detection). Enable detections and monitoring for AI-specific attack patterns using logs, telemetry, and model signals. Work with platform teams to secure the integration and operational use of enterprise AI services, including protection of credentials, data flows, storage, and access controls across Copilot and other commercial LLM platforms.
Adversarial Testing & Red Teaming – Identify and utilize adversarial test suites for AI applications (prompt libraries, fuzzing harnesses, automated attack campaigns). Simulate realistic attacker behavior targeting AI endpoints and agents, capture and track issues as actionable vulnerabilities. Partner with application and product teams to validate fixes, re-test, and track residual risk.
Tooling & Automation –Ensure AI capabilities are incorporated into the existing and future security stacks (SIEM, SOAR, EDR, WAF, API gateways, identity platforms).
Incident Response & Forensics for AI Systems - Serve as technical lead for security incidents that involve AI services (e.g., abuse, data exfiltration via AI systems, compromised API keys, poisoned training data). Analyze logs and model behavior to reconstruct attack paths and define durable fixes. Improve playbooks/runbooks and lead post-incident technical reviews.
Collaboration - Serve as the AI security technical lead with engineering, product, infrastructure, and security leadership. Communicate tradeoffs clearly, align stakeholders, and unblock delivery. Provide technical input into AI security standards and guidelines, staying grounded in implementation and operational constraints along with emphasizing vendor capability fit, maintainability, and total cost of ownership (TCO).
Roadmap Leadership - Own the technical strategy and roadmap for AI security engineering. Translate threat intelligence and risk assessments into prioritized engineering work, milestones, and measurable outcomes. Lead technical design reviews, set standards for secure AI architecture, and ensure high-quality implementation, supportability, and operational readiness.
Contributes to the Firm's Service Matters initiative to consistently improve its image internally and externally. Displays professionalism, quality service and a "can do" attitude to internal members/departments of the Firm as well as external clients and vendors via electronic and print correspondence, over the telephone and in-person.
Required Skills
What You Will Bring To This Position
Practical understanding of ML/AI pipelines: data collection, feature engineering, training, evaluation, deployment, monitoring.
Strong understanding of how enterprise AI services (SaaS/PaaS) are deployed and governed, including data handling, routing, and isolation controls.
Experience with at least one major cloud platform (AWS, Azure, or GCP) and modern infrastructure (containers, Kubernetes, secrets management, CI/CD).
Experience integrating Microsoft AI security and governance capabilities, including Azure OpenAI / Model Catalog, Azure API Management, Microsoft Entra ID, and related Azure-native AI security controls and gateways.
Familiarity with AI attack patterns and defenses, such as prompt injection and jailbreaks, data/model poisoning, model inversion and membership inference, overreliance/automation bias, and unsafe autonomy in agents.
Solid security fundamentals: authentication/authorization, network security, data protection, logging/telemetry, secure software engineering practices, vulnerability management.
Strong understanding of neural network frameworks (e.g., LangChain, Semantic Kernel, LlamaIndex) or agentic/orchestration platforms.
Experience doing application security reviews or threat modeling for APIs, microservices, or data platforms.
Familiarity with NIST AI RMF, ISO 42001, ISO 27001, and key privacy/security regulations and third‑party assurance artifacts (SOC 2, ISO certifications, pen‑test summaries) to support buy decisions.
Ability to translate complex risks into concrete technical changes (config updates, new controls, guardrails, playbooks) and operational playbooks.
Demonstrated team leadership or supervisory role is a plus.
Strong written and verbal communication skills; able to collaborate with data scientists, software engineers, and security teams.
Required Experience
Typically, 5–10+ years in security engineering, application security, red teaming, threat research, or ML/ML Ops engineering.
Education
Bachelor’s degree in computer science, information security, or related field; or equitable work experience.
Certification: ISC2 Building AI Strategy preferred
Our Commitment
Wilmer Cutler Pickering Hale and Dorr LLP (WilmerHale) is an equal opportunity employer and is committed to compliance with all applicable laws prohibiting employment discrimination. It is our policy to take all employment actions and make all employment decisions without regard to race, color, religion, creed, gender, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, ancestry, age, marital status, citizenship status, genetic predisposition or carrier status, disability, military status, status as a disabled or other protected veteran, or any other protected status under applicable law. WilmerHale will make reasonable accommodation for qualified individuals with disabilities and otherwise as required by applicable law.
Hire in salary range is $158,000.00 - $197,500.00
For more information about Equal Employment Opportunity, please click here
For additional information about our benefits, please click here
L1-Hybrid