Sr. AI Security Engineer
Backblaze
Job Description
<p><a href="https://himalayas.app/companies/backblaze">Backblaze</a> is the object storage leader in the open cloud movement, fueling customer success with cloud storage built purposefully to unlock budgets, unburden administrators, and unleash innovators. Together with our partners, we’re helping customers break free from the restrictive, overpriced legacy solutions that hold them back, and blaze forward with the full power of the open cloud in their hands.</p><p>Founded in 2007, we scaled the business with less than $3 million in outside funding until 2021, when we did a traditional IPO on the Nasdaq stock exchange. Today, <a href="https://himalayas.app/companies/backblaze">Backblaze</a> generates over $100m in revenue and is the leading specialized storage cloud - managing over three billion gigabytes of data storage for 500K+ customers in 175+ countries, including businesses, developers, IT professionals, and individuals.<br><br>But while there is a lot to celebrate in our past, there is almost as much opportunity ahead of us. We are seeking a<strong> Sr. AI Security Engineer </strong>to join our team!</p><h3>About The Role</h3><p><a href="https://himalayas.app/companies/backblaze">Backblaze</a> is seeking a <strong>Senior AI Security Engineer</strong> to design and implement safeguards for <strong>internal AI usage</strong>, with a focus on <strong>agentic systems, developer protection, and runtime security</strong>.</p><p>This is a hands-on role for a practitioner who has <strong>built and deployed security controls</strong>, not just defined policy. You will enable teams to safely use AI by creating <strong>enforcement layers, identity controls, and detection capabilities</strong> that constrain and monitor AI-driven activity.</p><h3><strong>What You’ll Do:</strong></h3><h4><strong>Agentic AI Safeguards</strong></h4><ul><li>Architect and implement <strong>guardrails for tool-using AI systems</strong>, including:</li><ul><li>Tool access controls and allowlists</li><li>Context and memory isolation</li><li>Step-level validation of agent actions</li></ul><li>Apply mitigations aligned to the <strong>OWASP Agentic AI Top 10</strong> (e.g., prompt injection, unsafe tool use, data leakage, excessive autonomy)</li></ul><h4><strong>Runtime Security Controls</strong></h4><ul><li>Build <strong>enforcement mechanisms</strong> that govern AI behavior at execution time:</li><ul><li>Interceptors, proxies, or middleware for tool/API calls</li><li>Policy decision and enforcement layers</li><li>Rate limits, execution bounds, and kill-switches</li></ul><li>Prevent unsafe or unauthorized actions initiated by AI systems</li></ul><h4><strong>Non-Human Identity (NHI)</strong></h4><ul><li>Design and implement <strong>identity and access controls for agents and automation</strong>, including:</li><ul><li>Short-lived credentials and scoped permissions</li><li>Clear separation between human and non-human access</li><li>Strong binding of identity to task context and e