{"id":73613,"date":"2026-04-14T01:53:56","date_gmt":"2026-04-14T01:53:56","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/ai-security-engineer-role-blueprint-responsibilities-skills-kpis-and-career-path\/"},"modified":"2026-04-14T01:53:56","modified_gmt":"2026-04-14T01:53:56","slug":"ai-security-engineer-role-blueprint-responsibilities-skills-kpis-and-career-path","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/ai-security-engineer-role-blueprint-responsibilities-skills-kpis-and-career-path\/","title":{"rendered":"AI Security Engineer: Role Blueprint, Responsibilities, Skills, KPIs, and Career Path"},"content":{"rendered":"\n

1) Role Summary<\/h2>\n\n\n\n

The AI Security Engineer<\/strong> designs, implements, and operates security controls that protect AI\/ML systems across the full lifecycle\u2014data, training, evaluation, deployment, inference, and monitoring. The role focuses on preventing and detecting AI-specific threats (e.g., data poisoning, model theft, prompt injection, insecure tool use in agents, supply-chain compromise) while integrating with standard application and cloud security practices.<\/p>\n\n\n\n

This role exists in software and IT organizations because AI capabilities increasingly sit on critical paths (customer-facing features, automation, decision support) and introduce novel attack surfaces beyond traditional AppSec. The AI Security Engineer reduces business risk, improves customer trust, and accelerates safe AI delivery by embedding security into MLOps\/LLMOps pipelines and production operations.<\/p>\n\n\n\n

This role is Emerging<\/strong>: many organizations are actively standardizing AI security patterns, governance, and tooling, with expectations evolving rapidly over the next 2\u20135 years.<\/p>\n\n\n\n

Typical interaction teams\/functions include: AI\/ML Engineering, Platform Engineering, Product Security\/AppSec, Cloud Security, Data Engineering, SRE\/Operations, Privacy\/Legal, Risk & Compliance, Internal Audit, and Product Management.<\/p>\n\n\n\n

\n\n\n\n

2) Role Mission<\/h2>\n\n\n\n

Core mission:<\/strong>\nEnsure AI-enabled products and internal AI platforms are secure-by-design and resilient in production by identifying AI-specific threats, implementing preventative and detective controls, and operationalizing continuous security monitoring across the AI lifecycle.<\/p>\n\n\n\n

Strategic importance:<\/strong>\nAI systems can expose sensitive data, amplify security incidents at scale, and create new adversarial pathways into core systems (via tools, connectors, and automation). Securing AI systems enables faster innovation, reduces regulatory and customer trust risk, and protects intellectual property (datasets, model weights, prompts, agent workflows).<\/p>\n\n\n\n

Primary business outcomes expected:<\/strong>\n– AI features and platforms pass security and privacy gates without late-cycle rework.\n– Reduced likelihood and impact of AI-specific incidents (prompt injection, data leakage, model exfiltration).\n– Clear, enforceable security standards for ML\/LLM development integrated into engineering workflows.\n– Measurable improvements in security posture for AI services (coverage, detection, response readiness).\n– Increased confidence from enterprise customers, security reviewers, and auditors.<\/p>\n\n\n\n

\n\n\n\n

3) Core Responsibilities<\/h2>\n\n\n\n
\n

Seniority assumption: mid-level individual contributor<\/strong> (typically equivalent to Engineer II \/ Senior Engineer-lite depending on company). No direct people management, but expected to lead workstreams and influence cross-functional teams.<\/p>\n<\/blockquote>\n\n\n\n

Strategic responsibilities<\/h3>\n\n\n\n
    \n
  1. Define AI security requirements and reference architectures<\/strong> for AI\/ML products and platforms, aligned to enterprise security strategy and product risk appetite.<\/li>\n
  2. Build an AI threat landscape and control roadmap<\/strong> (e.g., prompt injection defenses, model supply chain controls, secure inference patterns) prioritized by business-critical use cases.<\/li>\n
  3. Partner with AI leadership on \u201csecure AI delivery\u201d operating model<\/strong>\u2014how controls integrate with MLOps\/LLMOps, release gates, and incident response.<\/li>\n<\/ol>\n\n\n\n

    Operational responsibilities<\/h3>\n\n\n\n
      \n
    1. Operate AI security controls in production<\/strong>: monitoring, alert triage, and iterative hardening based on observed threats and incidents.<\/li>\n
    2. Establish security SLAs\/SLOs for AI services<\/strong>, including vulnerability remediation timelines and high-risk issue escalation paths.<\/li>\n
    3. Run AI security incident playbooks<\/strong> in partnership with Security Operations\/SRE (e.g., prompt injection exploitation, data leakage via RAG, compromised model artifact).<\/li>\n
    4. Maintain an AI security risk register<\/strong> and track mitigation progress with evidence suitable for audits and customer security reviews.<\/li>\n<\/ol>\n\n\n\n

      Technical responsibilities<\/h3>\n\n\n\n
        \n
      1. Perform AI-specific threat modeling<\/strong> for LLM apps, RAG pipelines, ML APIs, training workflows, model registries, and agentic systems (tools\/connectors).<\/li>\n
      2. Harden AI application architectures<\/strong>: secure prompt handling, input\/output filtering, least-privileged tool execution, sandboxing, rate limiting, and safe retrieval patterns.<\/li>\n
      3. Secure MLOps\/LLMOps pipelines<\/strong>: artifact integrity, signed models, reproducible builds, dependency governance, secrets isolation, secure evaluation datasets, and CI\/CD security gates.<\/li>\n
      4. Implement and tune AI security testing<\/strong> (including red-team style testing): prompt injection tests, jailbreak resistance, sensitive data leakage testing, and adversarial robustness checks where applicable.<\/li>\n
      5. Design controls for data protection<\/strong> in AI systems: PII handling, training data governance, retention\/TTL, encryption, access controls, and safe logging practices.<\/li>\n
      6. Deploy detection mechanisms<\/strong> for AI abuse signals (anomalous prompts, tool misuse, excessive data retrieval, policy violations, suspicious embeddings access).<\/li>\n
      7. Assess and mitigate third-party AI risk<\/strong>: vendor models\/APIs, open-source model provenance, dataset licensing risk, and hosted inference security posture.<\/li>\n<\/ol>\n\n\n\n

        Cross-functional \/ stakeholder responsibilities<\/h3>\n\n\n\n
          \n
        1. Consult product teams during design and sprint planning<\/strong>, ensuring security is included early (security stories, acceptance criteria).<\/li>\n
        2. Coordinate with Privacy\/Legal\/Compliance<\/strong> on data usage constraints, transparency requirements, and security evidence for regulated customers.<\/li>\n
        3. Enable engineers through guidance and training<\/strong>, including secure coding patterns for LLM apps and MLOps pipeline hardening.<\/li>\n<\/ol>\n\n\n\n

          Governance, compliance, and quality responsibilities<\/h3>\n\n\n\n
            \n
          1. Develop AI security standards and guardrails<\/strong> (policies, secure patterns, secure defaults) and enforce them through automation where possible.<\/li>\n
          2. Support audits and customer security questionnaires<\/strong> with clear documentation, control mapping (e.g., SOC 2 \/ ISO 27001), and technical evidence.<\/li>\n<\/ol>\n\n\n\n

            Leadership responsibilities (influence-based, not people management)<\/h3>\n\n\n\n
              \n
            1. Lead small cross-functional initiatives<\/strong> (e.g., secure RAG blueprint rollout, model signing adoption) by aligning stakeholders, defining scope, and delivering measurable outcomes.<\/li>\n<\/ol>\n\n\n\n
              \n\n\n\n

              4) Day-to-Day Activities<\/h2>\n\n\n\n

              Daily activities<\/h3>\n\n\n\n
                \n
              • Review AI-related security alerts and logs (e.g., anomalous prompt patterns, policy violations, tool invocation anomalies).<\/li>\n
              • Triage reported vulnerabilities or issues from developers, bug bounty, penetration tests, or internal red teams.<\/li>\n
              • Participate in design discussions for AI features (RAG\/agent workflows, new connectors, new model providers).<\/li>\n
              • Pair with engineers to implement mitigations (e.g., output filtering, safe retrieval constraints, RBAC updates).<\/li>\n
              • Update threat models and risk register entries as designs or assumptions change.<\/li>\n<\/ul>\n\n\n\n

                Weekly activities<\/h3>\n\n\n\n
                  \n
                • Conduct 1\u20133 AI security reviews (architecture review, LLM app threat model workshop, MLOps pipeline walkthrough).<\/li>\n
                • Run or refine automated security tests for AI apps (prompt injection suites, sensitive data leakage tests).<\/li>\n
                • Review backlog with AI platform\/product owners to prioritize high-risk gaps and security tech debt.<\/li>\n
                • Sync with AppSec\/CloudSec\/SRE on shared initiatives (e.g., secrets handling, WAF\/API gateway rules, runtime policies).<\/li>\n
                • Contribute to internal documentation: secure patterns, reusable libraries, templates.<\/li>\n<\/ul>\n\n\n\n

                  Monthly or quarterly activities<\/h3>\n\n\n\n
                    \n
                  • Lead AI security posture reviews: control coverage, incident trends, release gate performance, time-to-remediate.<\/li>\n
                  • Support internal audit\/compliance evidence gathering; update control mapping for AI-specific controls.<\/li>\n
                  • Perform vendor\/third-party risk reviews for new model providers, vector DB services, or agent tool integrations.<\/li>\n
                  • Run tabletop exercises for AI incident scenarios (e.g., data leakage via RAG, compromised model artifact).<\/li>\n
                  • Refresh AI threat intel assumptions and update security standards accordingly.<\/li>\n<\/ul>\n\n\n\n

                    Recurring meetings or rituals<\/h3>\n\n\n\n
                      \n
                    • AI platform engineering standup (as embedded security partner) or regular sync.<\/li>\n
                    • AppSec\/Product Security triage meeting.<\/li>\n
                    • Change advisory \/ production readiness review (for higher-risk AI releases).<\/li>\n
                    • Security architecture review board (as presenter for AI designs).<\/li>\n
                    • Post-incident reviews and blameless retrospectives.<\/li>\n<\/ul>\n\n\n\n

                      Incident, escalation, or emergency work (when relevant)<\/h3>\n\n\n\n
                        \n
                      • Rapid response to suspected prompt injection exploitation impacting data access or tool execution.<\/li>\n
                      • Coordinating temporary mitigations (kill switch, model\/provider swap, tightened retrieval filters, connector disablement).<\/li>\n
                      • Forensic analysis on inference logs and tool invocation traces.<\/li>\n
                      • Communication support: clear technical summaries for incident command, customer support, and leadership.<\/li>\n<\/ul>\n\n\n\n
                        \n\n\n\n

                        5) Key Deliverables<\/h2>\n\n\n\n

                        Security architecture and design<\/strong>\n– AI\/LLM reference architectures (secure RAG, secure agent\/tool use, secure inference API patterns).\n– Threat models and risk assessments for AI systems (per product\/use case).\n– Security requirements checklists and design review templates tailored to AI.<\/p>\n\n\n\n

                        Controls and automation<\/strong>\n– CI\/CD security gates for AI pipelines (model artifact signing, dependency checks, secrets scanning).\n– Automated test suites for LLM security (prompt injection regression tests, data leakage checks).\n– Runtime policies (rate limits, anomaly detection rules, tool allowlists, retrieval constraints).\n– Secure libraries\/modules (input validation, output filtering, policy enforcement hooks).<\/p>\n\n\n\n

                        Operational readiness<\/strong>\n– AI security runbooks and incident playbooks.\n– Monitoring dashboards (AI policy violations, suspicious tool calls, retrieval abuse signals).\n– Post-incident reports and corrective action plans.<\/p>\n\n\n\n

                        Governance and compliance<\/strong>\n– AI security standards, control objectives, and evidence packs for audits\/customer reviews.\n– Third-party\/model provider security assessment reports.\n– Training materials and secure development guidance for AI engineers.<\/p>\n\n\n\n

                        \n\n\n\n

                        6) Goals, Objectives, and Milestones<\/h2>\n\n\n\n

                        30-day goals (onboarding and baselining)<\/h3>\n\n\n\n
                          \n
                        • Understand the organization\u2019s AI architecture: model providers, MLOps stack, AI products, key data flows.<\/li>\n
                        • Inventory AI systems and classify them by risk (customer-facing vs internal, sensitive data exposure, autonomy level).<\/li>\n
                        • Review existing security controls and identify critical gaps (secrets, logging, access control, evaluation coverage).<\/li>\n
                        • Build relationships with AI platform engineers, AppSec, CloudSec, Privacy, and SRE.<\/li>\n
                        • Deliver 1\u20132 quick wins (e.g., fix unsafe logging of prompts, enable secrets scanning, tighten IAM on model registry).<\/li>\n<\/ul>\n\n\n\n

                          60-day goals (control implementation and process integration)<\/h3>\n\n\n\n
                            \n
                          • Establish an AI security review process integrated into SDLC (design reviews, pre-release gates).<\/li>\n
                          • Implement baseline AI security testing for one flagship LLM\/RAG product (prompt injection suite + leakage tests).<\/li>\n
                          • Draft AI security standards: secure prompt handling, data minimization, tool integration requirements, logging policy.<\/li>\n
                          • Introduce risk register tracking with owners, due dates, and measurable remediation plans.<\/li>\n<\/ul>\n\n\n\n

                            90-day goals (operational maturity and measurable posture gains)<\/h3>\n\n\n\n
                              \n
                            • Roll out secure reference architecture patterns adopted by at least one product team.<\/li>\n
                            • Deploy monitoring dashboards and alerts for AI abuse signals with agreed triage procedures.<\/li>\n
                            • Implement model artifact integrity controls (e.g., signing\/attestation) for a primary deployment pipeline.<\/li>\n
                            • Conduct a tabletop AI incident exercise and publish updated playbooks.<\/li>\n<\/ul>\n\n\n\n

                              6-month milestones (scaling and standardization)<\/h3>\n\n\n\n
                                \n
                              • Standardize AI security controls across multiple AI services (common libraries, templates, CI checks).<\/li>\n
                              • Achieve measurable reduction in critical AI security findings escaping to production.<\/li>\n
                              • Establish regular AI security posture reporting (quarterly) tied to KPIs and executive visibility.<\/li>\n
                              • Complete at least one third-party\/provider assessment and implement required compensating controls.<\/li>\n<\/ul>\n\n\n\n

                                12-month objectives (enterprise-grade capabilities)<\/h3>\n\n\n\n
                                  \n
                                • Mature AI security governance: clear control ownership, audit-ready evidence, reliable release gating.<\/li>\n
                                • Embed AI security testing into CI\/CD with high coverage and low developer friction.<\/li>\n
                                • Demonstrate improved incident readiness: reduced MTTD\/MTTR for AI-specific events.<\/li>\n
                                • Support enterprise customer requirements confidently (security questionnaires, pen tests, compliance attestations).<\/li>\n<\/ul>\n\n\n\n

                                  Long-term impact goals (2\u20133 years)<\/h3>\n\n\n\n
                                    \n
                                  • Enable safe deployment of higher-autonomy AI (agents) through strong control primitives: least-privileged tools, sandboxing, verifiable policy enforcement.<\/li>\n
                                  • Create a repeatable \u201csecure AI delivery\u201d program that reduces time-to-market while improving risk posture.<\/li>\n
                                  • Contribute to industry leadership via robust internal standards aligned with evolving frameworks and regulations.<\/li>\n<\/ul>\n\n\n\n

                                    Role success definition<\/h3>\n\n\n\n

                                    Success is demonstrated when AI products ship quickly without security surprises<\/strong>, AI-related incidents are rare and contained, and engineering teams can adopt secure patterns easily through automated guardrails and clear standards.<\/p>\n\n\n\n

                                    What high performance looks like<\/h3>\n\n\n\n
                                      \n
                                    • Anticipates threats early and prevents rework by embedding security into design and pipelines.<\/li>\n
                                    • Produces pragmatic controls that teams adopt (low friction, high coverage).<\/li>\n
                                    • Communicates risk clearly to technical and non-technical stakeholders.<\/li>\n
                                    • Delivers measurable improvements in AI security posture quarter over quarter.<\/li>\n<\/ul>\n\n\n\n
                                      \n\n\n\n

                                      7) KPIs and Productivity Metrics<\/h2>\n\n\n\n
                                      \n

                                      Metrics should be tuned to product criticality and maturity. Targets below are examples; regulated environments or enterprise SaaS may require tighter thresholds.<\/p>\n<\/blockquote>\n\n\n\n

                                      \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                      Metric name<\/th>\nWhat it measures<\/th>\nWhy it matters<\/th>\nExample target\/benchmark<\/th>\nFrequency<\/th>\n<\/tr>\n<\/thead>\n
                                      AI Security Review Coverage<\/td>\n% of AI releases\/use cases that complete security review<\/td>\nPrevents high-risk deployments without oversight<\/td>\n90\u2013100% for high-risk systems; 70\u201380% for medium<\/td>\nMonthly<\/td>\n<\/tr>\n
                                      Threat Model Completion Rate<\/td>\n% of AI systems with current threat models<\/td>\nBaseline for risk-driven controls<\/td>\n80% within 6 months; 100% for Tier-1 apps<\/td>\nQuarterly<\/td>\n<\/tr>\n
                                      Critical Finding Escape Rate<\/td>\n# critical AI security issues found post-release<\/td>\nIndicates gate effectiveness<\/td>\n0\u20131 per quarter (Tier-1)<\/td>\nQuarterly<\/td>\n<\/tr>\n
                                      Time to Remediate (TTR) \u2013 Critical<\/td>\nMedian days to fix critical AI security findings<\/td>\nReduces exposure window<\/td>\n\u2264 7\u201314 days<\/td>\nMonthly<\/td>\n<\/tr>\n
                                      Prompt Injection Regression Pass Rate<\/td>\n% of test suite passing on main branches<\/td>\nPrevents regressions in defenses<\/td>\n\u2265 95% pass rate; failures block release for Tier-1<\/td>\nPer release<\/td>\n<\/tr>\n
                                      Sensitive Data Leakage Rate<\/td>\nIncidents where PII\/secrets appear in outputs\/logs<\/td>\nDirect trust, privacy, and compliance risk<\/td>\nNear zero; strict thresholds<\/td>\nMonthly<\/td>\n<\/tr>\n
                                      Policy Violation Rate (Runtime)<\/td>\n# of policy violations per 1k requests (e.g., disallowed tool use)<\/td>\nDetects abuse and guardrail gaps<\/td>\nDownward trend; set baseline then reduce 20\u201330% QoQ<\/td>\nWeekly\/Monthly<\/td>\n<\/tr>\n
                                      MTTD \u2013 AI Abuse Events<\/td>\nTime from abuse onset to detection<\/td>\nLimits blast radius<\/td>\n< 30 minutes for Tier-1<\/td>\nMonthly<\/td>\n<\/tr>\n
                                      MTTR \u2013 AI Abuse Events<\/td>\nTime from detection to mitigation<\/td>\nOperational resilience<\/td>\n< 4\u201324 hours depending on severity<\/td>\nMonthly<\/td>\n<\/tr>\n
                                      Model Artifact Integrity Coverage<\/td>\n% of deployed models with signing\/attestation<\/td>\nReduces model supply-chain risk<\/td>\n80% in 6 months; 95% in 12 months<\/td>\nMonthly<\/td>\n<\/tr>\n
                                      Dependency Risk Score<\/td>\n# high\/critical vulnerabilities in AI pipeline deps<\/td>\nPrevents supply-chain compromise<\/td>\nSLO by severity (e.g., 0 critical outstanding)<\/td>\nWeekly<\/td>\n<\/tr>\n
                                      Secrets Exposure Rate<\/td>\n# of secrets in repos\/build logs related to AI projects<\/td>\nPrevents credential compromise<\/td>\n0 critical exposures; continuous scanning<\/td>\nWeekly<\/td>\n<\/tr>\n
                                      Access Control Hygiene<\/td>\n% of AI resources with least-privilege IAM and periodic review<\/td>\nPrevents lateral movement\/data exfil<\/td>\n100% for Tier-1; quarterly access review completion<\/td>\nQuarterly<\/td>\n<\/tr>\n
                                      Security Control Adoption<\/td>\nAdoption rate of secure AI libraries\/templates<\/td>\nMeasures scaling of best practices<\/td>\n2\u20133 teams per quarter adopting reference patterns<\/td>\nQuarterly<\/td>\n<\/tr>\n
                                      False Positive Rate (Alerts)<\/td>\n% alerts closed as non-issues<\/td>\nMaintains trust in monitoring<\/td>\n< 30\u201340% after tuning<\/td>\nMonthly<\/td>\n<\/tr>\n
                                      Security Enablement Throughput<\/td>\n# trainings, office hours, PR reviews, guidelines delivered<\/td>\nDrives behavior change<\/td>\ne.g., 2 sessions\/month + ongoing reviews<\/td>\nMonthly<\/td>\n<\/tr>\n
                                      Stakeholder Satisfaction<\/td>\nFeedback score from AI eng\/product on security partnership<\/td>\nEnsures practicality<\/td>\n\u2265 4\/5<\/td>\nQuarterly<\/td>\n<\/tr>\n
                                      Audit Evidence Readiness<\/td>\n% required AI control evidence available on request<\/td>\nReduces audit cost and delays<\/td>\n\u2265 90% \u201cready\u201d<\/td>\nQuarterly<\/td>\n<\/tr>\n
                                      Risk Register Burn-down<\/td>\n% of high risks mitigated by due date<\/td>\nTracks closure<\/td>\n\u2265 80% on-time for high-risk items<\/td>\nMonthly<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                      \n\n\n\n

                                      8) Technical Skills Required<\/h2>\n\n\n\n

                                      Must-have technical skills<\/h3>\n\n\n\n
                                        \n
                                      1. \n

                                        Cloud and application security fundamentals<\/strong>\n – Use:<\/strong> securing AI services deployed to cloud (IAM, network, secrets, encryption).\n – Importance:<\/strong> Critical<\/strong>.<\/p>\n<\/li>\n

                                      2. \n

                                        Secure software engineering and AppSec practices<\/strong> (OWASP Top 10, secure API design, authn\/authz)\n – Use:<\/strong> securing LLM\/ML endpoints, connectors, internal services.\n – Importance:<\/strong> Critical<\/strong>.<\/p>\n<\/li>\n

                                      3. \n

                                        Threat modeling for distributed systems<\/strong> (e.g., STRIDE-style thinking)\n – Use:<\/strong> analyzing AI workflows end-to-end (data \u2192 model \u2192 inference \u2192 tools).\n – Importance:<\/strong> Critical<\/strong>.<\/p>\n<\/li>\n

                                      4. \n

                                        LLM application security concepts<\/strong> (prompt injection, data leakage, jailbreaks, tool abuse, RAG risks)\n – Use:<\/strong> designing and validating mitigations for AI products.\n – Importance:<\/strong> Critical<\/strong>.<\/p>\n<\/li>\n

                                      5. \n

                                        MLOps\/LLMOps pipeline awareness<\/strong> (model registry, training\/inference pipelines, evaluation workflows)\n – Use:<\/strong> securing artifact lineage, CI\/CD, and production rollout.\n – Importance:<\/strong> Important<\/strong>.<\/p>\n<\/li>\n

                                      6. \n

                                        Logging\/monitoring and incident response basics<\/strong>\n – Use:<\/strong> detection, triage, and post-incident hardening.\n – Importance:<\/strong> Important<\/strong>.<\/p>\n<\/li>\n

                                      7. \n

                                        Programming\/scripting<\/strong> (Python plus one of: Go\/Java\/TypeScript)\n – Use:<\/strong> building tests, automation, policy enforcement hooks, prototype mitigations.\n – Importance:<\/strong> Important<\/strong>.<\/p>\n<\/li>\n

                                      8. \n

                                        Security testing and vulnerability management<\/strong> (SAST\/DAST\/dependency scanning)\n – Use:<\/strong> integrating security checks into AI repos and pipelines.\n – Importance:<\/strong> Important<\/strong>.<\/p>\n<\/li>\n<\/ol>\n\n\n\n

                                        Good-to-have technical skills<\/h3>\n\n\n\n
                                          \n
                                        1. \n

                                          Kubernetes\/container security<\/strong> (admission policies, runtime restrictions, image scanning)\n – Use:<\/strong> hardening inference services and AI platform components.\n – Importance:<\/strong> Important<\/strong> (Common in modern stacks).<\/p>\n<\/li>\n

                                        2. \n

                                          Data security and privacy engineering<\/strong> (tokenization, DLP, data classification)\n – Use:<\/strong> preventing leakage in prompts, logs, training data, and retrieval sources.\n – Importance:<\/strong> Important<\/strong>.<\/p>\n<\/li>\n

                                        3. \n

                                          Adversarial ML awareness<\/strong> (poisoning, evasion, membership inference\u2014context-dependent)\n – Use:<\/strong> more relevant for classical ML; selectively for high-stakes models.\n – Importance:<\/strong> Optional\/Context-specific<\/strong>.<\/p>\n<\/li>\n

                                        4. \n

                                          Red teaming \/ security evaluation methods for LLMs<\/strong>\n – Use:<\/strong> building systematic abuse cases and test harnesses.\n – Importance:<\/strong> Important<\/strong>.<\/p>\n<\/li>\n

                                        5. \n

                                          API gateway and WAF tuning<\/strong>\n – Use:<\/strong> rate limits, request validation, bot protection around inference APIs.\n – Importance:<\/strong> Optional<\/strong>.<\/p>\n<\/li>\n<\/ol>\n\n\n\n

                                          Advanced or expert-level technical skills<\/h3>\n\n\n\n
                                            \n
                                          1. \n

                                            Secure agent\/tool execution design<\/strong> (sandboxing, capability-based access, policy enforcement)\n – Use:<\/strong> enabling safe autonomy in production.\n – Importance:<\/strong> Important<\/strong> (increasingly).<\/p>\n<\/li>\n

                                          2. \n

                                            Supply-chain security & provenance<\/strong> (SLSA concepts, signed artifacts, SBOM)\n – Use:<\/strong> model and code integrity across builds and deployments.\n – Importance:<\/strong> Important<\/strong>.<\/p>\n<\/li>\n

                                          3. \n

                                            Detection engineering for AI abuse<\/strong> (behavioral analytics, alert tuning, correlation)\n – Use:<\/strong> monitoring prompt + tool traces at scale.\n – Importance:<\/strong> Optional to Important<\/strong> depending on SOC ownership.<\/p>\n<\/li>\n

                                          4. \n

                                            Privacy-preserving techniques<\/strong> (differential privacy, federated learning)\n – Use:<\/strong> specialized AI products and sensitive domains.\n – Importance:<\/strong> Context-specific<\/strong>.<\/p>\n<\/li>\n<\/ol>\n\n\n\n

                                            Emerging future skills for this role (2\u20135 years)<\/h3>\n\n\n\n
                                              \n
                                            1. \n

                                              Security for agentic workflows and multi-agent systems<\/strong>\n – Safe delegation, toolchain verification, autonomous action boundaries.\n – Importance:<\/strong> Important<\/strong> (rising).<\/p>\n<\/li>\n

                                            2. \n

                                              LLM supply chain governance<\/strong>\n – Model provenance, watermarking\/attestation, safe fine-tuning pipelines.\n – Importance:<\/strong> Important<\/strong>.<\/p>\n<\/li>\n

                                            3. \n

                                              Confidential computing for AI<\/strong> (TEEs)\n – Protecting inference\/training in hostile environments.\n – Importance:<\/strong> Context-specific<\/strong> but growing.<\/p>\n<\/li>\n

                                            4. \n

                                              AI security standards alignment<\/strong> (e.g., NIST AI RMF mapping to internal controls)\n – Translating frameworks into enforceable engineering requirements.\n – Importance:<\/strong> Important<\/strong>.<\/p>\n<\/li>\n<\/ol>\n\n\n\n

                                              \n\n\n\n

                                              9) Soft Skills and Behavioral Capabilities<\/h2>\n\n\n\n
                                                \n
                                              1. \n

                                                Security judgment and risk-based prioritization<\/strong>\n – Why it matters:<\/strong> AI security involves tradeoffs (usability vs safety, speed vs assurance).\n – Shows up as:<\/strong> clearly categorizing risk severity, focusing effort where it reduces real exposure.\n – Strong performance:<\/strong> proposes pragmatic mitigations with rationale; avoids \u201csecurity theater.\u201d<\/p>\n<\/li>\n

                                              2. \n

                                                Cross-functional influence without authority<\/strong>\n – Why it matters:<\/strong> most changes land in AI engineering\/product teams, not in security-owned code.\n – Shows up as:<\/strong> aligning teams on requirements, creating shared ownership, negotiating timelines.\n – Strong performance:<\/strong> high adoption of controls and patterns with minimal friction.<\/p>\n<\/li>\n

                                              3. \n

                                                Systems thinking and end-to-end mindset<\/strong>\n – Why it matters:<\/strong> AI security failures often occur at boundaries (connectors, logging, retrieval).\n – Shows up as:<\/strong> mapping full data and control flows; spotting weak links outside the model.\n – Strong performance:<\/strong> prevents incidents by addressing architectural root causes.<\/p>\n<\/li>\n

                                              4. \n

                                                Technical communication and documentation discipline<\/strong>\n – Why it matters:<\/strong> security controls must be reproducible, auditable, and understandable.\n – Shows up as:<\/strong> clear threat models, design notes, runbooks, \u201csecure-by-default\u201d guidance.\n – Strong performance:<\/strong> stakeholders can act quickly using the artifacts produced.<\/p>\n<\/li>\n

                                              5. \n

                                                Curiosity and continuous learning<\/strong>\n – Why it matters:<\/strong> AI threats evolve quickly (new jailbreaks, agent misuse patterns).\n – Shows up as:<\/strong> staying current, validating new claims with testing, updating controls.\n – Strong performance:<\/strong> anticipates changes and prevents being reactive.<\/p>\n<\/li>\n

                                              6. \n

                                                Incident calm and operational rigor<\/strong>\n – Why it matters:<\/strong> AI incidents can be ambiguous and fast-moving.\n – Shows up as:<\/strong> structured triage, evidence collection, clear escalation, timely mitigations.\n – Strong performance:<\/strong> lowers MTTR and improves long-term resilience.<\/p>\n<\/li>\n

                                              7. \n

                                                Developer empathy and product mindset<\/strong>\n – Why it matters:<\/strong> guardrails must not block delivery unnecessarily.\n – Shows up as:<\/strong> providing libraries\/templates, automation, and clear acceptance criteria.\n – Strong performance:<\/strong> teams see security as an accelerator rather than a gate.<\/p>\n<\/li>\n<\/ol>\n\n\n\n

                                                \n\n\n\n

                                                10) Tools, Platforms, and Software<\/h2>\n\n\n\n
                                                \n

                                                Tools vary by stack; entries reflect common enterprise patterns. \u201cCommon\u201d indicates widespread usage in software\/IT orgs; \u201cContext-specific\u201d indicates narrower adoption.<\/p>\n<\/blockquote>\n\n\n\n

                                                \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                Category<\/th>\nTool \/ Platform<\/th>\nPrimary use<\/th>\nCommonality<\/th>\n<\/tr>\n<\/thead>\n
                                                Cloud platforms<\/td>\nAWS \/ Azure \/ GCP<\/td>\nHosting AI services, IAM, network controls<\/td>\nCommon<\/td>\n<\/tr>\n
                                                Container & orchestration<\/td>\nKubernetes<\/td>\nDeploying inference services and supporting components<\/td>\nCommon<\/td>\n<\/tr>\n
                                                Container security<\/td>\nTrivy \/ Grype<\/td>\nImage vulnerability scanning<\/td>\nCommon<\/td>\n<\/tr>\n
                                                Cloud security posture<\/td>\nWiz \/ Prisma Cloud \/ Defender for Cloud<\/td>\nCloud misconfig detection, posture management<\/td>\nOptional<\/td>\n<\/tr>\n
                                                IAM & secrets<\/td>\nHashiCorp Vault \/ cloud secrets managers<\/td>\nSecrets storage, rotation, access control<\/td>\nCommon<\/td>\n<\/tr>\n
                                                DevOps \/ CI-CD<\/td>\nGitHub Actions \/ Azure DevOps \/ GitLab CI \/ Jenkins<\/td>\nBuild\/deploy automation and security gates<\/td>\nCommon<\/td>\n<\/tr>\n
                                                Source control<\/td>\nGitHub \/ GitLab<\/td>\nCode review, branch protections<\/td>\nCommon<\/td>\n<\/tr>\n
                                                Observability<\/td>\nPrometheus + Grafana \/ Datadog \/ New Relic<\/td>\nMetrics, dashboards for AI services<\/td>\nCommon<\/td>\n<\/tr>\n
                                                Logging & SIEM<\/td>\nSplunk \/ Microsoft Sentinel \/ Elastic<\/td>\nCentral logs, detection, investigations<\/td>\nCommon<\/td>\n<\/tr>\n
                                                Vulnerability mgmt<\/td>\nSnyk \/ Dependabot \/ Mend<\/td>\nDependency scanning and remediation workflows<\/td>\nCommon<\/td>\n<\/tr>\n
                                                SAST<\/td>\nCodeQL \/ Semgrep<\/td>\nStatic analysis for AI app code<\/td>\nCommon<\/td>\n<\/tr>\n
                                                DAST \/ API testing<\/td>\nOWASP ZAP \/ Burp Suite<\/td>\nDynamic testing for AI endpoints and portals<\/td>\nOptional<\/td>\n<\/tr>\n
                                                API gateway<\/td>\nKong \/ Apigee \/ AWS API Gateway \/ Azure API Mgmt<\/td>\nAuth, rate limiting, routing for inference APIs<\/td>\nCommon<\/td>\n<\/tr>\n
                                                Policy-as-code<\/td>\nOpen Policy Agent (OPA) \/ Kyverno<\/td>\nEnforcing runtime\/deploy policies<\/td>\nOptional<\/td>\n<\/tr>\n
                                                MLOps platforms<\/td>\nMLflow \/ Kubeflow \/ SageMaker \/ Azure ML<\/td>\nTraining pipelines, model registry, deployment<\/td>\nCommon (varies)<\/td>\n<\/tr>\n
                                                Model registry\/artifacts<\/td>\nArtifact repositories (e.g., Artifactory)<\/td>\nStoring signed artifacts, provenance metadata<\/td>\nOptional<\/td>\n<\/tr>\n
                                                LLM providers<\/td>\nOpenAI \/ Azure OpenAI \/ Anthropic \/ self-hosted models<\/td>\nModel inference backends<\/td>\nContext-specific<\/td>\n<\/tr>\n
                                                LLM app frameworks<\/td>\nLangChain \/ LlamaIndex<\/td>\nRAG and agent orchestration<\/td>\nOptional<\/td>\n<\/tr>\n
                                                Vector databases<\/td>\nPinecone \/ Weaviate \/ Milvus \/ OpenSearch<\/td>\nEmbeddings storage for RAG<\/td>\nContext-specific<\/td>\n<\/tr>\n
                                                LLM security testing<\/td>\npromptfoo \/ garak \/ custom harness<\/td>\nPrompt injection\/leakage regression testing<\/td>\nOptional (increasingly common)<\/td>\n<\/tr>\n
                                                Data classification\/DLP<\/td>\nMicrosoft Purview \/ Google DLP \/ custom classifiers<\/td>\nPreventing sensitive data leakage<\/td>\nOptional<\/td>\n<\/tr>\n
                                                ITSM<\/td>\nServiceNow \/ Jira Service Management<\/td>\nIncident\/change tracking<\/td>\nCommon<\/td>\n<\/tr>\n
                                                Collaboration<\/td>\nSlack \/ Microsoft Teams \/ Confluence<\/td>\nCoordination, documentation<\/td>\nCommon<\/td>\n<\/tr>\n
                                                IDE \/ engineering<\/td>\nVS Code \/ IntelliJ<\/td>\nDevelopment and reviews<\/td>\nCommon<\/td>\n<\/tr>\n
                                                Scripting\/automation<\/td>\nPython<\/td>\nTest harnesses, automation, integrations<\/td>\nCommon<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                \n\n\n\n

                                                11) Typical Tech Stack \/ Environment<\/h2>\n\n\n\n

                                                Infrastructure environment<\/h3>\n\n\n\n
                                                  \n
                                                • Cloud-hosted environment (single or multi-cloud) with network segmentation and IAM-based access.<\/li>\n
                                                • Kubernetes-based inference services, often fronted by an API gateway and sometimes a WAF.<\/li>\n
                                                • Managed services for secrets, KMS\/HSM, identity, logging, and monitoring.<\/li>\n<\/ul>\n\n\n\n

                                                  Application environment<\/h3>\n\n\n\n
                                                    \n
                                                  • LLM applications: chat interfaces, copilots, workflow assistants, summarization pipelines, classification services.<\/li>\n
                                                  • RAG pipelines: document ingestion, chunking, embedding generation, retrieval, reranking, answer synthesis.<\/li>\n
                                                  • Agentic workflows: tool execution (e.g., search, ticket creation, code execution, database queries) via connectors.<\/li>\n<\/ul>\n\n\n\n

                                                    Data environment<\/h3>\n\n\n\n
                                                      \n
                                                    • Data lake\/warehouse + operational databases.<\/li>\n
                                                    • Document stores and vector databases for retrieval.<\/li>\n
                                                    • Strict data classification expectations (PII, customer data, internal confidential).<\/li>\n
                                                    • Data retention and logging controls are critical due to prompt and tool traces.<\/li>\n<\/ul>\n\n\n\n

                                                      Security environment<\/h3>\n\n\n\n
                                                        \n
                                                      • Enterprise AppSec tools for code scanning, vulnerability management, and secrets detection.<\/li>\n
                                                      • Centralized SIEM and incident response processes (SOC-led or SRE-led depending on org model).<\/li>\n
                                                      • Governance frameworks: SOC 2 \/ ISO 27001 common in SaaS; additional requirements in regulated sectors.<\/li>\n<\/ul>\n\n\n\n

                                                        Delivery model<\/h3>\n\n\n\n
                                                          \n
                                                        • Agile (Scrum\/Kanban) with CI\/CD pipelines, infrastructure as code, and frequent releases.<\/li>\n
                                                        • Security integrated as \u201cshift-left\u201d controls plus runtime detection (\u201cshift-right\u201d).<\/li>\n<\/ul>\n\n\n\n

                                                          Scale or complexity context<\/h3>\n\n\n\n
                                                            \n
                                                          • Moderate to high complexity due to:<\/li>\n
                                                          • Rapidly changing AI product requirements.<\/li>\n
                                                          • Multiple model providers and frequent model updates.<\/li>\n
                                                          • High sensitivity around data leakage and cross-tenant exposure.<\/li>\n
                                                          • The need for explainable risk decisions and audit-ready evidence.<\/li>\n<\/ul>\n\n\n\n

                                                            Team topology<\/h3>\n\n\n\n
                                                              \n
                                                            • AI Security Engineer typically sits in AI & ML org or Product Security org with strong dotted-line partnership.<\/li>\n
                                                            • Works with AI Platform team (owning shared LLM infrastructure) and product squads building AI features.<\/li>\n<\/ul>\n\n\n\n
                                                              \n\n\n\n

                                                              12) Stakeholders and Collaboration Map<\/h2>\n\n\n\n

                                                              Internal stakeholders<\/h3>\n\n\n\n
                                                                \n
                                                              • AI\/ML Engineering (product squads):<\/strong> implement AI features; primary consumers of secure patterns and reviews.<\/li>\n
                                                              • AI Platform Engineering \/ MLOps:<\/strong> owns model serving, pipelines, registries; key partner for systemic controls.<\/li>\n
                                                              • Product Security \/ AppSec:<\/strong> shared standards, tooling, vulnerability management processes.<\/li>\n
                                                              • Cloud Security:<\/strong> IAM, network segmentation, posture management, cloud-native controls.<\/li>\n
                                                              • SRE \/ Production Operations:<\/strong> incident response, reliability engineering, monitoring pipelines.<\/li>\n
                                                              • Data Engineering:<\/strong> data lineage, access controls, ingestion pipelines affecting RAG\/training.<\/li>\n
                                                              • Privacy & Legal:<\/strong> data processing agreements, training data constraints, retention rules, transparency requirements.<\/li>\n
                                                              • Risk & Compliance \/ GRC:<\/strong> control mapping, audits, customer assurances.<\/li>\n
                                                              • Product Management:<\/strong> prioritization and release planning for AI features; risk acceptance decisions.<\/li>\n<\/ul>\n\n\n\n

                                                                External stakeholders (as applicable)<\/h3>\n\n\n\n
                                                                  \n
                                                                • Model\/AI vendors:<\/strong> security posture, incident notifications, contractual controls.<\/li>\n
                                                                • Enterprise customers\u2019 security teams:<\/strong> security questionnaires, pen test coordination, assurance evidence.<\/li>\n
                                                                • Third-party auditors:<\/strong> SOC 2 \/ ISO auditors requesting evidence of control operation.<\/li>\n<\/ul>\n\n\n\n

                                                                  Peer roles<\/h3>\n\n\n\n
                                                                    \n
                                                                  • Application Security Engineer<\/li>\n
                                                                  • Cloud Security Engineer<\/li>\n
                                                                  • Security Architect<\/li>\n
                                                                  • ML Engineer \/ Applied Scientist<\/li>\n
                                                                  • MLOps Engineer<\/li>\n
                                                                  • Site Reliability Engineer<\/li>\n
                                                                  • Privacy Engineer (where present)<\/li>\n<\/ul>\n\n\n\n

                                                                    Upstream dependencies<\/h3>\n\n\n\n
                                                                      \n
                                                                    • Availability of logging\/telemetry for prompts, tool calls, retrieval traces (with privacy-safe controls).<\/li>\n
                                                                    • Platform support for policy enforcement (API gateway, authn\/z, secrets managers).<\/li>\n
                                                                    • Data classification and access control systems.<\/li>\n<\/ul>\n\n\n\n

                                                                      Downstream consumers<\/h3>\n\n\n\n
                                                                        \n
                                                                      • Engineering teams consuming secure templates, libraries, and guidance.<\/li>\n
                                                                      • SOC\/SRE teams consuming alerts and runbooks.<\/li>\n
                                                                      • Compliance teams consuming control evidence and documentation.<\/li>\n<\/ul>\n\n\n\n

                                                                        Nature of collaboration<\/h3>\n\n\n\n
                                                                          \n
                                                                        • Heavy consultative work with hands-on engineering contribution (PRs, automation, test harnesses).<\/li>\n
                                                                        • Shared ownership of outcomes; AI Security Engineer drives standards and enables adoption.<\/li>\n<\/ul>\n\n\n\n

                                                                          Typical decision-making authority<\/h3>\n\n\n\n
                                                                            \n
                                                                          • Recommends and defines controls; can block or gate high-risk releases depending on governance model.<\/li>\n
                                                                          • Escalates risk acceptance decisions to product\/security leadership.<\/li>\n<\/ul>\n\n\n\n

                                                                            Escalation points<\/h3>\n\n\n\n
                                                                              \n
                                                                            • Severe data leakage risk \u2192 CISO\/Head of Security + Privacy + Product leadership.<\/li>\n
                                                                            • Tool\/agent abuse risk affecting core systems \u2192 Security leadership + Platform leadership.<\/li>\n
                                                                            • Vendor\/provider security incident \u2192 Third-party risk + Legal + Security leadership.<\/li>\n<\/ul>\n\n\n\n
                                                                              \n\n\n\n

                                                                              13) Decision Rights and Scope of Authority<\/h2>\n\n\n\n

                                                                              Can decide independently<\/h3>\n\n\n\n
                                                                                \n
                                                                              • Security testing approaches and design for AI-specific test suites (within agreed tooling).<\/li>\n
                                                                              • Drafting threat models and security requirements for specific AI use cases.<\/li>\n
                                                                              • Security findings severity recommendations and remediation guidance.<\/li>\n
                                                                              • Proposed runtime detection rules and dashboard designs (subject to operational review).<\/li>\n<\/ul>\n\n\n\n

                                                                                Requires team approval (AI Platform \/ Product Security \/ SRE alignment)<\/h3>\n\n\n\n
                                                                                  \n
                                                                                • Changes to shared libraries\/templates used across product teams.<\/li>\n
                                                                                • Adjustments to release gating criteria for AI services (e.g., must-pass test suites).<\/li>\n
                                                                                • New alerting rules that may impact on-call load or incident workflows.<\/li>\n
                                                                                • Standardization of logging fields and retention policies (privacy and ops input required).<\/li>\n<\/ul>\n\n\n\n

                                                                                  Requires manager\/director\/executive approval<\/h3>\n\n\n\n
                                                                                    \n
                                                                                  • Formal risk acceptance for high-severity issues shipped to production.<\/li>\n
                                                                                  • Budget spend for new vendors\/tools (LLM security platforms, CSPM expansions).<\/li>\n
                                                                                  • Major architectural changes affecting multiple product lines (e.g., sandbox for tool execution).<\/li>\n
                                                                                  • Contractual requirements or policy commitments made to customers.<\/li>\n<\/ul>\n\n\n\n

                                                                                    Budget, vendor, delivery, hiring, compliance authority<\/h3>\n\n\n\n
                                                                                      \n
                                                                                    • Budget:<\/strong> typically influences but does not own; provides business cases and requirements.<\/li>\n
                                                                                    • Vendor:<\/strong> participates in evaluations; recommends controls and contractual security requirements.<\/li>\n
                                                                                    • Delivery:<\/strong> may block high-risk releases if governance mandates; otherwise escalates.<\/li>\n
                                                                                    • Hiring:<\/strong> may interview and contribute to role definitions; not final decision-maker.<\/li>\n
                                                                                    • Compliance:<\/strong> provides evidence and technical mapping; GRC owns official control narratives.<\/li>\n<\/ul>\n\n\n\n
                                                                                      \n\n\n\n

                                                                                      14) Required Experience and Qualifications<\/h2>\n\n\n\n

                                                                                      Typical years of experience<\/h3>\n\n\n\n
                                                                                        \n
                                                                                      • 3\u20137 years<\/strong> in security engineering, AppSec, cloud security, platform security, or adjacent engineering roles with significant security responsibilities.<\/li>\n
                                                                                      • At least 1\u20132 years<\/strong> hands-on exposure to AI\/ML or LLM-enabled systems is common (or equivalent demonstrated learning and project experience).<\/li>\n<\/ul>\n\n\n\n

                                                                                        Education expectations<\/h3>\n\n\n\n
                                                                                          \n
                                                                                        • Bachelor\u2019s degree in Computer Science, Software Engineering, Cybersecurity, or equivalent practical experience.<\/li>\n
                                                                                        • Advanced degrees are helpful but not required; practical security engineering capability is primary.<\/li>\n<\/ul>\n\n\n\n

                                                                                          Certifications (Common \/ Optional \/ Context-specific)<\/h3>\n\n\n\n
                                                                                            \n
                                                                                          • Common\/Optional:<\/strong> Security+ (baseline), CSSLP (software security).<\/li>\n
                                                                                          • Optional:<\/strong> AWS\/Azure\/GCP security certifications for cloud-heavy organizations.<\/li>\n
                                                                                          • Context-specific:<\/strong> CISSP (more governance-heavy roles), GIAC (deep security specialization), privacy certifications for regulated domains.<\/li>\n<\/ul>\n\n\n\n

                                                                                            Prior role backgrounds commonly seen<\/h3>\n\n\n\n
                                                                                              \n
                                                                                            • Application Security Engineer who moved into AI threats and LLM application patterns.<\/li>\n
                                                                                            • Cloud Security Engineer supporting AI infrastructure on Kubernetes.<\/li>\n
                                                                                            • Platform\/SRE engineer with security focus supporting MLOps stacks.<\/li>\n
                                                                                            • ML Engineer with strong security interest who transitioned into AI security engineering.<\/li>\n<\/ul>\n\n\n\n

                                                                                              Domain knowledge expectations<\/h3>\n\n\n\n
                                                                                                \n
                                                                                              • Understanding of AI system components (inference APIs, RAG, vector DBs, training pipelines).<\/li>\n
                                                                                              • Solid grounding in software delivery, CI\/CD, infrastructure as code, and production operations.<\/li>\n
                                                                                              • Familiarity with data governance and privacy impacts of prompts, logs, and training data.<\/li>\n<\/ul>\n\n\n\n

                                                                                                Leadership experience expectations<\/h3>\n\n\n\n
                                                                                                  \n
                                                                                                • Not a people manager, but should demonstrate:<\/li>\n
                                                                                                • Leading small initiatives end-to-end.<\/li>\n
                                                                                                • Coordinating stakeholders.<\/li>\n
                                                                                                • Producing repeatable artifacts (standards, templates, automation).<\/li>\n<\/ul>\n\n\n\n
                                                                                                  \n\n\n\n

                                                                                                  15) Career Path and Progression<\/h2>\n\n\n\n

                                                                                                  Common feeder roles into this role<\/h3>\n\n\n\n
                                                                                                    \n
                                                                                                  • Application Security Engineer (AppSec)<\/li>\n
                                                                                                  • Cloud Security Engineer<\/li>\n
                                                                                                  • Platform Security Engineer<\/li>\n
                                                                                                  • SRE\/Platform Engineer with security focus<\/li>\n
                                                                                                  • ML Engineer\/MLOps Engineer with security specialization interest<\/li>\n<\/ul>\n\n\n\n

                                                                                                    Next likely roles after this role<\/h3>\n\n\n\n
                                                                                                      \n
                                                                                                    • Senior AI Security Engineer<\/strong> (owning broader scope and strategy; leading major programs)<\/li>\n
                                                                                                    • AI Security Architect<\/strong> (reference architectures, governance, enterprise patterns)<\/li>\n
                                                                                                    • Staff\/Principal Product Security Engineer (AI focus)<\/strong> (cross-portfolio influence)<\/li>\n
                                                                                                    • Security Engineering Lead for AI Platforms<\/strong> (technical lead role, sometimes with team leadership)<\/li>\n
                                                                                                    • AI Red Team \/ Adversarial Testing Lead<\/strong> (specialized evaluation and attack simulation)<\/li>\n<\/ul>\n\n\n\n

                                                                                                      Adjacent career paths<\/h3>\n\n\n\n
                                                                                                        \n
                                                                                                      • Responsible AI \/ AI Governance (if leaning toward policy, risk frameworks, and compliance)<\/li>\n
                                                                                                      • Privacy Engineering (if focusing on data protection and lifecycle governance)<\/li>\n
                                                                                                      • Detection Engineering \/ Threat Hunting (if focusing on monitoring and response for AI systems)<\/li>\n<\/ul>\n\n\n\n

                                                                                                        Skills needed for promotion (to Senior AI Security Engineer)<\/h3>\n\n\n\n
                                                                                                          \n
                                                                                                        • Demonstrated impact across multiple AI services\/teams, not just one product.<\/li>\n
                                                                                                        • Ability to design scalable controls and drive adoption (libraries, templates, CI gates).<\/li>\n
                                                                                                        • Strong incident leadership contributions and operational improvements.<\/li>\n
                                                                                                        • Mature stakeholder management (risk acceptance, executive-ready communications).<\/li>\n
                                                                                                        • Clear measurement of security posture improvement via KPIs.<\/li>\n<\/ul>\n\n\n\n

                                                                                                          How this role evolves over time<\/h3>\n\n\n\n
                                                                                                            \n
                                                                                                          • Year 1:<\/strong> establish baseline controls, testing, and governance; reduce immediate risks. <\/li>\n
                                                                                                          • Year 2:<\/strong> standardize across portfolio; build strong runtime detection and incident readiness. <\/li>\n
                                                                                                          • Year 3+:<\/strong> enable safe autonomous\/agentic systems, sophisticated provenance, and advanced assurance methods.<\/li>\n<\/ul>\n\n\n\n
                                                                                                            \n\n\n\n

                                                                                                            16) Risks, Challenges, and Failure Modes<\/h2>\n\n\n\n

                                                                                                            Common role challenges<\/h3>\n\n\n\n
                                                                                                              \n
                                                                                                            • Ambiguity in ownership:<\/strong> AI security spans AppSec, CloudSec, Data, and AI engineering; unclear RACI slows progress.<\/li>\n
                                                                                                            • Rapidly evolving threats:<\/strong> jailbreaks and prompt injection techniques change faster than traditional patch cycles.<\/li>\n
                                                                                                            • Data sensitivity and logging tension:<\/strong> security needs visibility; privacy requires minimization and control.<\/li>\n
                                                                                                            • Developer friction:<\/strong> heavy-handed controls lead to bypass behavior and shadow deployments.<\/li>\n
                                                                                                            • Evaluation complexity:<\/strong> \u201csecure\u201d is not binary; risk depends on context, autonomy, and data access.<\/li>\n<\/ul>\n\n\n\n

                                                                                                              Bottlenecks<\/h3>\n\n\n\n
                                                                                                                \n
                                                                                                              • Lack of telemetry (missing prompt\/tool traces) limits detection and forensics.<\/li>\n
                                                                                                              • Inconsistent environment setups across teams hinder standardization.<\/li>\n
                                                                                                              • Vendor opacity for model providers can block assurance and incident investigation.<\/li>\n
                                                                                                              • Slow governance processes can cause late security engagement.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                Anti-patterns<\/h3>\n\n\n\n
                                                                                                                  \n
                                                                                                                • Treating AI security as only \u201ccontent safety\u201d and ignoring infrastructure, access, and supply chain.<\/li>\n
                                                                                                                • Relying solely on prompt instructions as a security boundary.<\/li>\n
                                                                                                                • Allowing agents to use powerful tools without least privilege and explicit allowlists.<\/li>\n
                                                                                                                • Logging sensitive prompts\/outputs in plaintext without retention controls.<\/li>\n
                                                                                                                • Shipping RAG without document-level access control or tenant isolation guarantees.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                  Common reasons for underperformance<\/h3>\n\n\n\n
                                                                                                                    \n
                                                                                                                  • Insufficient hands-on engineering contribution (only writing docs without enabling adoption).<\/li>\n
                                                                                                                  • Inability to communicate risk in business terms; escalations become noise.<\/li>\n
                                                                                                                  • Over-indexing on niche adversarial ML while missing basic cloud\/app security failures.<\/li>\n
                                                                                                                  • Lack of prioritization\u2014trying to solve all AI security problems at once.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                    Business risks if this role is ineffective<\/h3>\n\n\n\n
                                                                                                                      \n
                                                                                                                    • Sensitive data leakage through outputs, logs, or retrieval sources (high legal and trust impact).<\/li>\n
                                                                                                                    • Unauthorized actions by agentic systems (fraud, operational disruption).<\/li>\n
                                                                                                                    • Model theft or IP leakage (weights, prompts, proprietary datasets).<\/li>\n
                                                                                                                    • Supply-chain compromise of model artifacts or pipeline dependencies.<\/li>\n
                                                                                                                    • Loss of enterprise deals due to inadequate security posture and audit readiness.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                      \n\n\n\n

                                                                                                                      17) Role Variants<\/h2>\n\n\n\n

                                                                                                                      By company size<\/h3>\n\n\n\n
                                                                                                                        \n
                                                                                                                      • Startup\/small company:<\/strong> <\/li>\n
                                                                                                                      • Broader scope; may own AppSec + AI security + some compliance tasks. <\/li>\n
                                                                                                                      • More hands-on building; fewer formal processes; faster iteration.<\/li>\n
                                                                                                                      • Mid-size SaaS:<\/strong> <\/li>\n
                                                                                                                      • Strong partnership with Product Security and AI platform team; building scalable guardrails. <\/li>\n
                                                                                                                      • Balanced between engineering and governance.<\/li>\n
                                                                                                                      • Large enterprise:<\/strong> <\/li>\n
                                                                                                                      • More formal governance, multiple platforms, heavy audit and customer assurance needs. <\/li>\n
                                                                                                                      • Role may specialize: AI platform security, AI red teaming, or AI governance engineering.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                        By industry<\/h3>\n\n\n\n
                                                                                                                          \n
                                                                                                                        • General SaaS\/consumer:<\/strong> focus on data leakage, abuse prevention, and platform integrity.<\/li>\n
                                                                                                                        • Finance\/healthcare\/public sector (regulated):<\/strong> stronger emphasis on compliance evidence, privacy controls, model governance, and strict access controls.<\/li>\n
                                                                                                                        • Developer tools\/platform:<\/strong> deeper focus on supply chain, code execution safety, agent tool sandboxing.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                          By geography<\/h3>\n\n\n\n
                                                                                                                            \n
                                                                                                                          • Most responsibilities are global. Variations typically appear in:<\/li>\n
                                                                                                                          • Data residency and retention requirements.<\/li>\n
                                                                                                                          • Regulatory expectations and reporting timelines.<\/li>\n
                                                                                                                          • Vendor availability (regional cloud\/model offerings).<\/li>\n<\/ul>\n\n\n\n

                                                                                                                            Product-led vs service-led company<\/h3>\n\n\n\n
                                                                                                                              \n
                                                                                                                            • Product-led:<\/strong> controls embedded in product SDLC; focus on scalable automation and customer trust.<\/li>\n
                                                                                                                            • Service-led\/IT org:<\/strong> focus on internal AI platforms, governance, and secure enablement for many internal teams.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                              Startup vs enterprise<\/h3>\n\n\n\n
                                                                                                                                \n
                                                                                                                              • Startup:<\/strong> lightweight policies, fast prototyping, pragmatic guardrails; fewer audits. <\/li>\n
                                                                                                                              • Enterprise:<\/strong> strict change management, formal risk acceptance, structured evidence, multi-team rollouts.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                                Regulated vs non-regulated environment<\/h3>\n\n\n\n
                                                                                                                                  \n
                                                                                                                                • Regulated:<\/strong> stronger documentation, access reviews, data minimization, validation, and control testing cadence.<\/li>\n
                                                                                                                                • Non-regulated:<\/strong> more flexibility, but still must address trust and security incidents that affect reputation.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                  \n\n\n\n

                                                                                                                                  18) AI \/ Automation Impact on the Role<\/h2>\n\n\n\n

                                                                                                                                  Tasks that can be automated (now and increasingly)<\/h3>\n\n\n\n
                                                                                                                                    \n
                                                                                                                                  • Static checks and policy enforcement:<\/strong> automated CI gates for dependency risk, secrets scanning, IaC misconfigurations.<\/li>\n
                                                                                                                                  • Prompt injection regression runs:<\/strong> scheduled or per-PR security test harness execution.<\/li>\n
                                                                                                                                  • Alert enrichment:<\/strong> automated correlation of AI service logs, tool traces, and deployment metadata.<\/li>\n
                                                                                                                                  • Documentation scaffolding:<\/strong> generating initial threat model templates and control narratives (requires human review).<\/li>\n
                                                                                                                                  • Triage assistance:<\/strong> ML-assisted grouping of similar alerts and recommending likely causes.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                                    Tasks that remain human-critical<\/h3>\n\n\n\n
                                                                                                                                      \n
                                                                                                                                    • Risk decisions and tradeoffs:<\/strong> determining acceptable risk given business context and user impact.<\/li>\n
                                                                                                                                    • Architecture and control design:<\/strong> selecting pragmatic patterns that teams will adopt and that actually reduce risk.<\/li>\n
                                                                                                                                    • Adversarial thinking:<\/strong> creating novel abuse cases specific to product workflows and tools.<\/li>\n
                                                                                                                                    • Incident leadership:<\/strong> coordinated decision-making, stakeholder communication, and mitigation strategy.<\/li>\n
                                                                                                                                    • Governance alignment:<\/strong> translating external expectations into workable engineering requirements.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                                      How AI changes the role over the next 2\u20135 years<\/h3>\n\n\n\n
                                                                                                                                        \n
                                                                                                                                      • Greater emphasis on agent\/tool security<\/strong> as autonomy increases (capability-based security, sandboxing, verifiable boundaries).<\/li>\n
                                                                                                                                      • More standardization around evaluation-driven security<\/strong> (security becomes a measurable test suite that blocks releases).<\/li>\n
                                                                                                                                      • Growth of model provenance and integrity controls<\/strong> as model supply chains become more complex (fine-tunes, adapters, model marketplaces).<\/li>\n
                                                                                                                                      • Increased need for privacy-safe observability<\/strong>: balancing telemetry for detection with privacy and regulatory constraints.<\/li>\n
                                                                                                                                      • Expansion of AI security engineering as a platform capability<\/strong>, not a one-off review function.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                                        New expectations caused by AI, automation, or platform shifts<\/h3>\n\n\n\n
                                                                                                                                          \n
                                                                                                                                        • Ability to contribute to continuous assurance<\/strong>: security posture measured continuously, not via annual reviews.<\/li>\n
                                                                                                                                        • Familiarity with LLM security testing frameworks and custom harness design<\/strong>.<\/li>\n
                                                                                                                                        • Stronger partnership with product and platform teams on secure defaults<\/strong> and guardrail usability<\/strong>.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                          \n\n\n\n

                                                                                                                                          19) Hiring Evaluation Criteria<\/h2>\n\n\n\n

                                                                                                                                          What to assess in interviews<\/h3>\n\n\n\n
                                                                                                                                            \n
                                                                                                                                          1. AI threat modeling depth<\/strong>\n – Can the candidate identify threats across prompts, retrieval, tools, model providers, and logging?<\/li>\n
                                                                                                                                          2. Security engineering pragmatism<\/strong>\n – Do they propose implementable controls, not just theoretical risks?<\/li>\n
                                                                                                                                          3. Cloud\/app security fundamentals<\/strong>\n – IAM, network segmentation, secrets management, secure APIs.<\/li>\n
                                                                                                                                          4. Testing mindset<\/strong>\n – Ability to convert risks into automated regression tests and release gates.<\/li>\n
                                                                                                                                          5. Operational readiness<\/strong>\n – Incident response thinking, detection\/telemetry awareness, runbook clarity.<\/li>\n
                                                                                                                                          6. Stakeholder influence<\/strong>\n – Communicating risk, negotiating timelines, enabling engineers.<\/li>\n<\/ol>\n\n\n\n

                                                                                                                                            Practical exercises or case studies (recommended)<\/h3>\n\n\n\n
                                                                                                                                              \n
                                                                                                                                            1. \n

                                                                                                                                              Case study: Secure a RAG-based support assistant<\/strong>\n – Inputs: architecture diagram + brief product requirements (multi-tenant, connectors to internal KB, optional ticket creation tool).\n – Candidate outputs:<\/p>\n

                                                                                                                                                \n
                                                                                                                                              • Threat model (top threats + mitigations)<\/li>\n
                                                                                                                                              • Security requirements checklist<\/li>\n
                                                                                                                                              • Proposal for logging\/monitoring with privacy constraints<\/li>\n
                                                                                                                                              • A minimal set of \u201cmust-pass\u201d security tests<\/li>\n<\/ul>\n<\/li>\n
                                                                                                                                              • \n

                                                                                                                                                Hands-on exercise: Build a prompt injection regression plan<\/strong>\n – Provide sample prompts, tool schema, and retrieval examples.\n – Ask for:<\/p>\n

                                                                                                                                                  \n
                                                                                                                                                • Test cases that would catch tool abuse and data exfil attempts<\/li>\n
                                                                                                                                                • Pass\/fail criteria<\/li>\n
                                                                                                                                                • CI integration approach<\/li>\n<\/ul>\n<\/li>\n
                                                                                                                                                • \n

                                                                                                                                                  Design review simulation<\/strong>\n – Candidate explains tradeoffs to a mock PM\/engineering lead:<\/p>\n

                                                                                                                                                    \n
                                                                                                                                                  • What to block vs what to accept with mitigations<\/li>\n
                                                                                                                                                  • How to phase controls without halting delivery<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n

                                                                                                                                                    Strong candidate signals<\/h3>\n\n\n\n
                                                                                                                                                      \n
                                                                                                                                                    • Clearly separates security boundaries<\/strong> from best-effort instructions<\/strong> (e.g., understands prompts are not a boundary).<\/li>\n
                                                                                                                                                    • Demonstrates knowledge of least-privilege tool access<\/strong>, allowlists, and sandboxing for agents.<\/li>\n
                                                                                                                                                    • Understands the importance of tenant isolation<\/strong> and document-level ACLs in RAG.<\/li>\n
                                                                                                                                                    • Uses measurable outcomes<\/strong> (tests, gates, telemetry) rather than only policy statements.<\/li>\n
                                                                                                                                                    • Can explain security decisions in business terms (risk, impact, likelihood, mitigations).<\/li>\n<\/ul>\n\n\n\n

                                                                                                                                                      Weak candidate signals<\/h3>\n\n\n\n
                                                                                                                                                        \n
                                                                                                                                                      • Treats AI security as only content moderation or only adversarial ML robustness.<\/li>\n
                                                                                                                                                      • Proposes \u201cjust add a system prompt\u201d or \u201cjust filter output\u201d as primary defense.<\/li>\n
                                                                                                                                                      • Lacks fundamentals in IAM, secrets, secure APIs, or production operations.<\/li>\n
                                                                                                                                                      • Cannot translate threats into concrete controls and test plans.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                                                        Red flags<\/h3>\n\n\n\n
                                                                                                                                                          \n
                                                                                                                                                        • Suggests logging everything (including sensitive prompts) without data minimization or retention controls.<\/li>\n
                                                                                                                                                        • Ignores multi-tenant risks and access control boundaries in retrieval systems.<\/li>\n
                                                                                                                                                        • Dismisses incident response needs (\u201cwe\u2019ll handle it later\u201d) for customer-facing AI.<\/li>\n
                                                                                                                                                        • Overconfidence without validation\u2014claims solutions without testing or measurement.<\/li>\n<\/ul>\n\n\n\n

                                                                                                                                                          Scorecard dimensions (interview evaluation rubric)<\/h3>\n\n\n\n
                                                                                                                                                          \n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                          Dimension<\/th>\nWhat \u201cmeets bar\u201d looks like<\/th>\nWeight<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                          AI security threat modeling<\/td>\nIdentifies major LLM\/RAG\/agent threats + mitigations<\/td>\nHigh<\/td>\n<\/tr>\n
                                                                                                                                                          AppSec & cloud fundamentals<\/td>\nStrong IAM\/authn\/z, secure API patterns, secrets<\/td>\nHigh<\/td>\n<\/tr>\n
                                                                                                                                                          Secure MLOps\/LLMOps understanding<\/td>\nSecures artifacts, pipelines, deployments<\/td>\nMedium<\/td>\n<\/tr>\n
                                                                                                                                                          Testing & automation<\/td>\nConverts risks into tests, gates, and repeatable checks<\/td>\nHigh<\/td>\n<\/tr>\n
                                                                                                                                                          Incident readiness & monitoring<\/td>\nTelemetry design, triage thinking, runbooks<\/td>\nMedium<\/td>\n<\/tr>\n
                                                                                                                                                          Communication & influence<\/td>\nClear, pragmatic, collaborative risk communication<\/td>\nHigh<\/td>\n<\/tr>\n
                                                                                                                                                          Practical engineering ability<\/td>\nCan implement\/PR changes and build tooling<\/td>\nMedium<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                          \n\n\n\n

                                                                                                                                                          20) Final Role Scorecard Summary<\/h2>\n\n\n\n
                                                                                                                                                          \n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                          Category<\/th>\nSummary<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                          Role title<\/td>\nAI Security Engineer<\/td>\n<\/tr>\n
                                                                                                                                                          Role purpose<\/td>\nSecure AI\/ML systems end-to-end by designing AI-specific threat mitigations, embedding controls into MLOps\/LLMOps and SDLC, and operating monitoring\/incident readiness for AI services.<\/td>\n<\/tr>\n
                                                                                                                                                          Top 10 responsibilities<\/td>\n1) AI threat modeling 2) Secure reference architectures (RAG\/agents\/inference) 3) Secure MLOps\/LLMOps pipelines 4) AI security testing & red-team style evaluations 5) Runtime monitoring & detection rules 6) Data protection controls (PII\/logging\/retention) 7) Incident playbooks & response support 8) Third-party\/model provider risk assessment 9) Standards\/guardrails with automation 10) Enablement (training, templates, PR guidance)<\/td>\n<\/tr>\n
                                                                                                                                                          Top 10 technical skills<\/td>\n1) Cloud security (IAM, network, encryption) 2) AppSec fundamentals (OWASP, secure APIs) 3) AI\/LLM security (prompt injection, tool abuse, RAG risks) 4) Threat modeling 5) CI\/CD security gates 6) Kubernetes\/container security 7) Python + engineering scripting 8) Logging\/SIEM and detection basics 9) Supply-chain security (SBOM\/signing) 10) Data security\/privacy engineering basics<\/td>\n<\/tr>\n
                                                                                                                                                          Top 10 soft skills<\/td>\n1) Risk-based prioritization 2) Influence without authority 3) Systems thinking 4) Clear technical communication 5) Developer empathy 6) Continuous learning 7) Incident calm and rigor 8) Stakeholder management 9) Bias for automation\/pragmatism 10) Structured problem-solving<\/td>\n<\/tr>\n
                                                                                                                                                          Top tools or platforms<\/td>\nCloud platforms (AWS\/Azure\/GCP), Kubernetes, GitHub\/GitLab CI, Snyk\/Dependabot, CodeQL\/Semgrep, SIEM (Splunk\/Sentinel\/Elastic), Secrets managers (Vault\/cloud), Observability (Datadog\/Prometheus\/Grafana), MLOps (MLflow\/Kubeflow\/SageMaker\/Azure ML), LLM security testing harnesses (promptfoo\/garak\/custom).<\/td>\n<\/tr>\n
                                                                                                                                                          Top KPIs<\/td>\nAI security review coverage, threat model completion, critical finding escape rate, critical TTR, prompt injection regression pass rate, sensitive data leakage rate, MTTD\/MTTR for AI abuse events, model artifact integrity coverage, secrets exposure rate, stakeholder satisfaction.<\/td>\n<\/tr>\n
                                                                                                                                                          Main deliverables<\/td>\nAI security reference architectures, threat models, security requirements checklists, CI security gates, AI security test suites, runtime monitoring dashboards\/alerts, runbooks\/playbooks, risk register and mitigation plans, vendor risk assessments, training and secure patterns documentation.<\/td>\n<\/tr>\n
                                                                                                                                                          Main goals<\/td>\n30\/60\/90-day: baseline and integrate reviews + implement initial tests\/controls; 6\u201312 months: standardize controls, measurable posture gains, audit-ready evidence, improved incident readiness; long-term: enable safe agentic systems and scalable continuous assurance.<\/td>\n<\/tr>\n
                                                                                                                                                          Career progression options<\/td>\nSenior AI Security Engineer \u2192 AI Security Architect \u2192 Staff\/Principal Product Security (AI focus) \u2192 AI Platform Security Lead \/ AI Red Team Lead \/ Responsible AI governance-adjacent paths.<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"

                                                                                                                                                          The **AI Security Engineer** designs, implements, and operates security controls that protect AI\/ML systems across the full lifecycle\u2014data, training, evaluation, deployment, inference, and monitoring. The role focuses on preventing and detecting AI-specific threats (e.g., data poisoning, model theft, prompt injection, insecure tool use in agents, supply-chain compromise) while integrating with standard application and cloud security practices.<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[24452,24475],"tags":[],"class_list":["post-73613","post","type-post","status-publish","format-standard","hentry","category-ai-ml","category-engineer"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/73613","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=73613"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/73613\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=73613"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=73613"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=73613"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}