AI Engineer

The role will define and build the agentic AI harness, control plane, model evaluation framework, AI-to-system interface layer, memory and knowledge architecture, guardrails, observability model and production standards needed to deploy AI agents safely across cyber functions.

Cybersecurity knowledge is useful, but not the primary requirement. The core requirement is deep experience building production-grade LLM, agentic AI, ML, automation or platform systems. Cyber domain expertise will be provided by SOC, incident response, vulnerability management, AppSec, cloud security, IAM, GRC, threat intelligence, red-team and security engineering SMEs.

The candidate should also have prior experience operating or supporting production systems, so they can design systems that are reliable, observable, auditable, recoverable and supportable. Day-to-day operations may sit with a separate AI platform, engineering or operations team.

Scope of Role

The role will support agentic AI capabilities across cybersecurity, including security operations, incident response, threat intelligence, detection engineering, vulnerability management, application security, cloud security, identity and access management, GRC, control testing, red teaming, purple teaming, security engineering, email security, data security and executive cyber reporting.

The role is expected to turn AI agents and frontier models from isolated experiments into safe, reusable and measurable operational capabilities.

Key Responsibilities

1. Design and build agentic AI system architecture

Design and implement LLM-based agent systems using planning, reasoning, tool use, task decomposition, memory, retrieval, model routing, multi-agent coordination and human-in-the-loop workflows.

The architecture should support single-agent and multi-agent patterns, including supervisor-agent models, specialist agents, shared state, task delegation, context transfer, controlled escalation and reusable workflow patterns.

2. Build the agentic AI harness and control plane

Create the core harness that governs how agents reason, call tools, access data, use memory, hand off tasks, request approvals, log actions and operate within defined safety boundaries.

The control plane should include autonomy levels, policy enforcement, approval workflows, immutable audit logging, rollback paths, action limits, kill switches and separation between read-only, recommendation-only and action-capable agents.

3. Build the AI-to-cyber tool interface layer

Design and implement the controlled interface layer between AI agents and enterprise cyber systems, including SIEM, SOAR, EDR, NDR, IAM, PAM, CMDB, ITSM, vulnerability scanners, cloud security platforms, code repositories, CI/CD pipelines, ticketing systems, knowledge bases, email security tools and collaboration platforms.

This includes APIs, connectors, webhooks, queues, MCP-style interfaces, service accounts, scoped credentials, session controls, rate limits, error handling and production support patterns.

4. Implement secure tool mediation

Define and build the mechanisms by which agents retrieve information, call tools, trigger workflows and request operational actions.

The role must enforce clear boundaries between what agents can read, recommend, draft, test, execute or escalate. High-risk actions such as containment, identity changes, production patching, exploit execution, destructive testing, red-team activity or changes to security controls must require explicit approval and clear rules of engagement.

5. Design agent identity and non-human access controls

Define identity, authentication, authorisation and privilege boundaries for agents, sub-agents, tools, connectors and model workflows.

Implement least privilege, just-in-time access, scoped credentials, secrets isolation, approval-bound permissions, session boundaries and full auditability for non-human agent identities.

6. Secure the agentic AI supply chain

Define controls for prompts, tools, connectors, MCP servers, plugins, skills, packages, containers, model artefacts, evaluation datasets, and retrieval sources.

Establish provenance, allowlisting, signing, dependency scanning, sandboxing, version control, change approval and security review for agent components before they are used in production workflows.

7. Engineer the cyber data, memory, and knowledge layer

Design and build RAG, vector search, structured knowledge, knowledge graphs, case memory and context stores for cyber workflows.

Relevant data may include assets, identities, vulnerabilities, alerts, incidents, detections, controls, playbooks, tickets, service ownership, business criticality, threat intelligence, code, dependencies, prior investigations, and lessons learned.

8. Design evidence provenance and source-trust controls

Ensure agent outputs are grounded in traceable evidence.

Agent recommendations should reference source systems, alert IDs, log records, code locations, tickets, vulnerability findings, threat intelligence sources or case notes where appropriate. The design should include confidence indicators, freshness checks, data classification, source trust levels and clear separation between trusted instructions and untrusted content.

9. Develop reusable cyber agent patterns

Create reusable templates and design patterns for agents across alert triage, investigation support, threat intelligence summarisation, vulnerability analysis, secure code review, detection drafting, incident reporting, GRC evidence collection, control testing, red-team planning and remediation support.

The goal is not isolated demos, but repeatable patterns that can be adapted safely across cyber functions.

10. Evaluate frontier and open-source models

Assess frontier and open-source models for reasoning quality, coding ability, tool use, cyber-task performance, reliability, hallucination rate, latency, cost, context handling, multimodal capability, safety behaviour, and deployment constraints.

The role should establish when to use frontier models, smaller specialised models, local models, model routing, or hybrid approaches.

11. Design for model portability and model churn

Build model-agnostic patterns that support frontier models, open-source models, local models, specialised models, and future model providers.

Define model routing, fallback, regression testing, cost controls, latency targets, safety comparisons, and graceful degradation when models, providers, APIs, safety policies, or deployment options change.

12. Build AI evaluation and test harnesses

Design benchmark suites, regression tests, adversarial tests, scenario simulations, historical incident replay, human review workflows, and acceptance criteria before agents are allowed into operational use.

Testing should cover accuracy, false positives, false negatives, hallucination, unsafe tool use, prompt injection, data leakage, excessive agency, memory poisoning, failure recovery, and operational reliability.

13. Build cyber simulation and replay capability

Create controlled test environments for evaluating agents against historical incidents, synthetic SOC cases, vulnerable code, cloud attack paths, phishing scenarios, detection engineering tasks, GRC evidence workflows and red-team simulations.

These environments should allow agent behaviour to be tested safely before deployment into live cyber workflows.

14. Design against prompt injection and untrusted input manipulation

Build controls for direct and indirect prompt injection, malicious documents, poisoned tickets, hostile webpages, compromised retrieval sources, tool-output manipulation and memory poisoning.

External content should be treated as untrusted input. Critical policy enforcement should sit outside the model, not rely only on model obedience.

15. Build AI-assisted cyber assessment capability

Use frontier models in controlled environments for source code review, vulnerability discovery, exploitability validation, patch suggestion, test generation, penetration testing support, red-team planning, attack-path analysis and control testing.

All such work must be authorised, scoped, logged and reviewed, with appropriate sandboxing, evidence handling and rules of engagement.

16. Define human decision rights and accountability

Specify who owns each agent, who approves access, who approves high-impact actions, who reviews incidents, who monitors behaviour and who can pause or disable the system.

The design must make clear where AI can assist, where humans must decide and where autonomy is not permitted.

17. Design for production operations and handover

Ensure agentic AI systems are built with clear monitoring, logging, alerting, rollback, runbooks, service ownership, access reviews, cost controls and operational support requirements.

The role does not need to run day-to-day operations, but must design systems that can be handed over safely to an AI platform, engineering or operations team.

18. Implement LLMOps and agent lifecycle management

Define how prompts, agents, tools, model versions, evaluations, telemetry, observability, release management, drift monitoring, cost controls and continuous improvement will be managed.

The role must help turn prototypes into maintainable services with clear ownership, support models and change-control processes.

19. Work with cyber SMEs to transform workflows

Partner with cyber teams to understand workflows, pain points, decision points, data sources and failure modes, then convert them into safe, measurable and production-grade AI capabilities.

The role should be able to translate messy operational processes into agent-ready workflows with clear inputs, outputs, controls, metrics and escalation paths.

Required Experience

1. Strong hands-on experience building production-grade LLM, agentic AI, ML, automation or platform systems.
2. Deep understanding of agent architecture, orchestration frameworks, tool calling, memory design, RAG, model routing and multi-agent workflows.
3. Experience with frontier models, open-source models or both, including evaluation, benchmarking and model comparison.
4. Strong software engineering background, including Python, APIs, backend services, cloud platforms, containers, CI/CD, authentication, logging and production observability.
5. Experience integrating AI systems with enterprise APIs, identity systems, data platforms, workflow engines, ticketing systems, code repositories and operational tools.
6. Prior experience operating or supporting production systems, including monitoring, alerting, incident response, rollback, release management, access control, cost management and post-incident review.
7. Practical understanding of production failure modes such as model drift, prompt regressions, broken tool calls, API failures, retrieval errors, permission issues, latency problems, data quality gaps, cost spikes and unsafe outputs.
8. Practical understanding of AI safety risks, including hallucination, prompt injection, insecure tool use, excessive agency, sensitive data leakage, memory poisoning, adversarial manipulation and unsafe autonomous behaviour.
9. Experience designing human-in-the-loop workflows for high-risk, regulated or security-sensitive environments.
10. Ability to design for operational handover, including runbooks, support models, service ownership, observability, change control and measurable service health.

Preferred Experience

1. Experience building AI agents for software engineering, code review, test generation, vulnerability discovery, workflow automation or enterprise operations.
2. Experience with LangGraph, AutoGen, CrewAI, Semantic Kernel, AgentSea, OpenAI Agents SDK, MCP, vector databases, graph databases or similar agentic AI tooling.
3. Experience with RAG pipelines, knowledge graphs, structured retrieval, event schemas, data contracts and context engineering.
4. Experience with secure connector patterns, permission boundaries, service accounts, API gateways, immutable audit logging and tool mediation.
5. Experience with AI red teaming, model evaluation, AI governance, secure-by-design AI or regulated-sector AI deployment.
6. Experience designing or operating simulation environments, cyber ranges, replay systems, benchmark suites or adversarial test harnesses.
7. Exposure to cybersecurity, AppSec, cloud security, DevSecOps, vulnerability management, SOC operations, incident response, threat intelligence, GRC or offensive security testing.

Cybersecurity Knowledge

Cybersecurity knowledge is a bonus, not the core requirement.

The candidate does not need to be a SOC analyst, incident responder, penetration tester or security architect. However, they should be able to learn cyber workflows quickly, work closely with cyber SMEs and understand enough about security tools, vulnerabilities, logs, identity, cloud, code, tickets, and incidents to build safe AI systems around them.

Initial Deliverables

Within the first 6 to 9 months, the role is expected to help deliver:

1. Agentic AI reference architecture
   A clear architecture covering models, orchestration, memory, tool access, data flows, logging, approvals, evaluation, deployment, and governance.
2. Cyber agent control plane prototype
   A working harness that can run bounded cyber agents with controlled tool access, human approvals, audit trails and defined autonomy levels.
3. Tool interface and mediation layer
   Initial controlled connectors to selected enterprise and cyber systems, with scoped credentials, read/write boundaries, logging, error handling and approval gates.
4. Agent identity and access model
   A defined approach for agent identities, sub-agent identities, scoped credentials, just-in-time access, secrets handling and approval-bound permissions.
5. Cyber knowledge and memory prototype
   A working context layer using selected cyber data sources such as assets, vulnerabilities, alerts, incidents, playbooks, code repositories or tickets.
6. Evidence and source-trust model
   A repeatable approach for grounding agent outputs in traceable evidence, with source references, confidence indicators, freshness checks and trust boundaries.
7. Model evaluation framework
   A repeatable way to test frontier and open-source models against cyber-relevant tasks before operational use.
8. Simulation and replay environment
   A controlled environment for testing agents against synthetic cases, historical incidents, vulnerable code, cloud scenarios or red-team workflows.
9. Initial production pilots
   Two to three bounded pilots, such as secure code review, alert enrichment, threat intelligence summarisation, incident report drafting, vulnerability triage or GRC evidence collection.
10. AI safety and operating guardrails
    A practical control model covering data access, prompt injection risk, tool permissions, autonomy levels, approvals, escalation, rollback and prohibited actions.
11. Production handover model
    Runbooks, service ownership model, monitoring requirements, alerting thresholds, rollback approach, cost-control model, access review process and post-incident review process.
12. Reusable build standards
    Templates, coding standards, prompt standards, evaluation standards, connector standards and deployment patterns so future agents can be built consistently.

Success Measures

1. Reduction in analyst or engineer toil for selected workflows.
2. Measured improvement in triage, review, investigation, reporting or validation speed.
3. Reliable model evaluation results before deployment.
4. Clear auditability of prompts, tool calls, data access, outputs and actions.
5. Safe integration with enterprise tools without excessive privilege.
6. Useful adoption by cyber SMEs, not just impressive demonstrations.
7. No high-impact autonomous action without explicit approval and rollback.
8. Reusable patterns that allow additional cyber agents to be built faster and more safely.
9. Systems are designed with sufficient observability, runbooks, controls and ownership for safe production handover.
10. Agent outputs are grounded in traceable evidence, not unsupported assertions.
11. Agent access, identity, tool use and memory are governed consistently.
12. The architecture remains portable across models, tools and providers as AI capability changes.

Thanks, and Best Regards

Lini

Recruitment Consultant

R22108463