The Opportunity
We are seeking a visionary Director of Security Engineering to lead our global Application and Cloud Security programs. This is a high-impact leadership role responsible for securing
Our next-generation Agentic AI platforms and our Zero Data enterprise ecosystem.
As we shifts from conversational AI to autonomous agents that execute multi-step business processes, the security challenge evolves from protecting data to protecting intent, execution, and identity. You will lead a world-class team of engineers distributed across the USA and India, deeply integrated with our core engineering hub in HQ to ensure security is a business accelerator, not a bottleneck.
What You Will Do (Key Responsibilities)
- Set the global multi-year roadmap for Product and Cloud Security, specifically tailored to protect autonomous agent workflows, Model Context Protocols (MCP), and RAG pipelines.
- Design and implement runtime guardrails to prevent prompt injection, goal hijacking, and unauthorized tool-calling by autonomous agents.
- Oversee the security architecture for agent sandboxing and isolated execution to ensure untrusted code/tool outputs cannot compromise the host.
- Evolve standard VAPT into a continuous Adversarial Red Teaming program focused on LLM vulnerabilities, training data poisoning, and membership inference attacks.
- Drive security standards across AWS, GCP, and Azure, with a focus on enforcing Zero Data principlesensuring sensitive customer data is never cached or logged within the AI cloud.
- Architect robust workload identity and Agent Identity federation to ensure agents operate with the least-privilege necessary to fulfill their specific tasks across multi-cloud environments.
- Enforce Infrastructure as Code (IaC) security and Cloud Security Posture Management (CSPM) to maintain a consistent security posture across global regions (North America, APJ, EMEA).
- Lead and scale high-performing teams in the USA and India. Bridge the gap between Palo Alto's rapid research cycles and India's engineering scale, ensuring 24/7 security coverage.
- Build and maintain an automated security paved road, providing developers with self-service tools for SAST/DAST, SCA, and automated threat modeling that integrates seamlessly with CI/CD.
- Operationalize a Unified Control Framework (SOC 2, ISO 27001, ISO 42001, and the EU AI Act) into automated checks, moving away from manual audits toward continuous compliance.
Required Qualifications
- 12+ years in security engineering, with 5+ years leading global teams (experience managing USA and India-based teams is highly preferred).
- Deep technical understanding of the OWASP Top 10 for LLMs and the unique risks of Agentic AI (e.g., insecure output handling, indirect prompt injection).
- Proven track record of securing distributed Python, Go, and Node.js environments at enterprise scale.
- Expert-level knowledge of Kubernetes (EKS/GKE/AKS), serverless security, and cross-cloud identity management.
- Ability to code or deeply review automation scripts (Python, Terraform, etc.) to ensure security is integrated into the developer workflow.
- Exceptional ability to translate Agentic Risk or Technical Topics into business impact for the executive leadership team.
- Proven ability to manage distributed teams and penetrate high-velocity engineering cultures to build lasting security partnerships.
Preferred Qualifications
- Demonstrated contributions to the security community are a plus.
- Advanced Certifications such as CISSP, CCSP, or specialized AWS/GCP Security certifications.
- Experience implementing the NIST AI Risk Management Framework or ISO 42001 in a production environment.
- Experienced with risk-based prioritization methodologies such as the Security Prioritization Framework (SPF) to align security remediation with business velocity.
