Job Description

This is a hybrid position that requires 3 days a week in our Boston office

Vertex is seeking an Associate Director, AI & Application Security to lead security for AI-enabled applications, platforms, and services across the enterprise. This role is responsible for securing AI throughout the full lifecycle—from design and development to deployment and ongoing operations—including generative AI, agentic workflows, traditional machine learning, and AI embedded in enterprise applications.

This leader will help define how Vertex securely adopts and scales AI across Azure, AWS, and GCP, as well as third-party and foundation model platforms such as Microsoft Copilot / Azure OpenAI, Anthropic, Google Gemini, and AWS Bedrock. The role will partner closely with technical and business stakeholders to establish pragmatic guardrails, strengthen secure development practices, and reduce risk without slowing innovation.

The ideal candidate brings deep expertise in cloud security and application security, along with strong judgment, technical credibility, and the ability to influence decisions in fast-moving, evolving environments. This role also requires practical experience applying security and risk frameworks relevant to AI and modern application environments.

Key Duties and Responsibilities

• Lead AI and application security across the full lifecycle of AI-enabled systems, from design and development through deployment and operations.
• Define and evolve security standards, guardrails, and control expectations for AI systems used across Vertex.
• Apply and operationalize industry-recognized security frameworks and control models, including:
  • NIST AI Risk Management Framework (AI RMF)
  • NIST Cybersecurity Framework (CSF)
  • OWASP Top 10
  • OWASP Top 10 for LLM and Generative AI Applications
• Secure AI workloads and AI-enabled applications across cloud and SaaS environments, with emphasis on:
  • policy enforcement
  • data protection
  • logging and telemetry
  • monitoring and operational visibility
• Lead threat modeling and misuse-case analysis for AI systems, including risks such as:
  • prompt injection and prompt abuse
  • sensitive data leakage
  • tool or action abuse
  • unsafe outputs
  • model misuse
• Define and mature AI guardrails, including monitoring, detection, logging, and misuse or negative testing practices.
• Establish secure development expectations for AI-enabled applications and services, including secure coding practices and appropriate separation of development and production environments.
• Build and lead application security testing practices for AI-enabled applications and supporting services, including SAST, DAST, automated scanning, and retesting processes.
• Partner with Cloud Security, Security Operations, Privacy, Legal, Data Science, and Engineering teams to align security controls with business, technical, and regulatory requirements.
• Influence architecture and platform decisions through practical, risk-based guidance that can scale with AI adoption.
• Communicate risks, tradeoffs, and recommendations clearly to both technical teams and senior leadership.

Knowledge and Skills

• Cloud security architecture and controls across Azure and AWS
• Familiarity with GCP security concepts and services
• Secure software development lifecycle (SDLC) practices
• Secure coding standards and code review practices
• SAST, DAST, automated security scanning, and remediation workflows
• OWASP Top 10 and common application and API security risks
• Familiarity with OWASP guidance for LLM/GenAI applications
• API security, identity and access management, secrets management, and service-to-service trust
• Logging, telemetry, monitoring, and detection for cloud-native environments
• Threat modeling and misuse-case analysis
• Familiarity with AI security risks, including:
  • prompt injection
  • data leakage
  • model misuse
  • tool or action abuse
  • unsafe outputs
  • policy enforcement
• Familiarity with AI platforms and providers such as:
  • Microsoft Copilot / Azure OpenAI
  • Anthropic
  • Google Gemini
  • AWS Bedrock
  • emerging AI platforms and services

Education and Experience

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field or equivalent experience.
• Significant experience in application security, product security, cloud security, or a related cybersecurity discipline.
• Strong experience securing cloud environments, particularly Azure and AWS; familiarity with GCP is a plus.
• Deep knowledge of application security fundamentals and secure software development practices.
• Experience securing APIs, platforms, and complex distributed systems.
• Experience leading threat modeling, architecture reviews, and risk-based security assessments.
• Experience applying security and risk frameworks in engineering environments, including familiarity with NIST AI RMF, NIST CSF, and common application security standards.
• Demonstrated ability to partner effectively with engineering and platform teams to embed security into design and delivery processes.
• Experience securing generative AI applications, agentic workflows, or machine learning-enabled services.
• Experience defining AI guardrails and monitoring strategies at scale.
• Excellent communication and influence skills, with the ability to engage both technical teams and senior leaders.

Preferred Qualifications

• Experience working in biopharmaceutical or other GxP-regulated environments with strong privacy and data protection requirements.

#LI-HYBRID

Pay Range:

Disclosure Statement:

The range provided is based on what we believe is a reasonable estimate for the base salary pay range for this job at the time of posting. This role is eligible for an annual bonus and annual equity awards. Some roles may also be eligible for overtime pay, in accordance with federal and state requirements. Actual base salary pay will be based on a number of factors, including skills, competencies, experience, and other job-related factors permitted by law.

At Vertex, our Total Rewards offerings also include inclusive market-leading benefits to meet our employees wherever they are in their career, financial, family and wellbeing journey while providing flexibility and resources to support their growth and aspirations. From medical, dental and vision benefits to generous paid time off (including a week-long company shutdown in the Summer and the Winter), educational assistance programs including student loan repayment, a generous commuting subsidy, matching charitable donations, 401(k) and so much more.

Flex Designation:

Flex Eligibility Status:

In this Remote-Eligible role, you can choose to be designated as:
1. Remote: work remotely five days per week and come into the office on occasion – you’re always welcome on-site; or select
2. Hybrid: work remotely up to two days per week; or select
3. On-Site: work five days per week on-site with ad hoc flexibility.

Note: The Flex status for this position is subject to Vertex’s Policy on Flex @ Vertex Program and may be changed at any time.

#LI-Remote

Company Information

Vertex is a global biotechnology company that invests in scientific innovation.

Vertex is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants without regard to a person's race, color, sex, gender identity or expression, age, religion, national origin, ancestry, ethnicity, disability, veteran status, genetic information, sexual orientation, marital status, or any characteristic protected under applicable law. Vertex is an E-Verify Employer in the United States. Vertex will make reasonable accommodations for qualified individuals with known disabilities, in accordance with applicable law.

Any applicant requiring an accommodation in connection with the hiring process and/or to perform the essential functions of the position for which the applicant has applied should make a request to the recruiter or hiring manager, or contact Talent Acquisition at [email protected]