AI Security Engineer
The AI Security Engineer is a critical role within the [x team], focused on securing AI workloads, managing data risks, and ensuring that AI capabilities meet regulatory and governance requirements. You'll work alongside the DevOps Engineer, backend engineers, and compliance stakeholders to build security into every layer of the platform. This role is ideal for someone who understands that security and innovation aren't opposed - they're complementary. You'll help the team move fast while staying secure, and you'll be instrumental in proving to regulators and stakeholders that Flutter is building AI responsibly.
- Conduct threat modeling for AI workloads.
- Identify risks specific to LLMs (prompt injection, data leakage, model poisoning, adversarial inputs).
- Develop mitigation strategies.
- Establish secure prompt engineering practices.
- Implement safeguards against prompt injection, jailbreaking, and other attacks.
- Review prompts for security and responsible AI concerns.
- Ensure sensitive data is protected throughout the AI pipeline - in transit, at rest, and during processing.
- Implement data masking, encryption, and access controls.
- Secure LLM APIs and model access.
- Implement authentication, authorization, rate limiting, and anomaly detection.
- Protect against model extraction and abuse.
- Implement audit logging for AI workloads.
- Ensure immutable audit trails of model decisions, data access, and system changes.
- Support compliance with UKGC, ICO, and other regulations.
- Establish responsible AI practices - bias detection, fairness monitoring, explainability, human oversight.
- Ensure AI decisions can be audited and explained.
- Conduct security assessments and penetration testing of the AI platform.
- Identify and remediate vulnerabilities.
- Manage dependencies and patch management.
- Create security documentation, threat models, and security runbooks.
- Educate the team on AI-specific security risks.
- Participate in incident response for security issues.
- Help the team understand what happened and how to prevent recurrence.
- Communicate security posture to compliance, audit, and leadership.
- Present security findings and recommendations.
- 5+ years of cybersecurity, application security, or infrastructure security experience (required)
- Strong understanding of cloud security (AWS security services, IAM, encryption, networking) (required)
- Experience with threat modeling and risk assessment (required)
- Knowledge of secure coding practices and common vulnerabilities (OWASP) (required)
- Understanding of authentication and authorization patterns (OAuth 2.0, JWT, IAM) (required)
- Experience with security testing and vulnerability assessment (required)
- Strong communication skills - ability to explain security concepts to non-security audiences (required)
- Experience working in regulated or compliance-driven environments (required)
- Familiarity with incident response and security operations (required)
- Experience with AI/ML security and responsible AI (nice-to-have)
- Knowledge of LLM-specific risks (prompt injection, jailbreaking, data leakage) (nice-to-have)
- Familiarity with prompt engineering and LLM APIs (nice-to-have)
- Experience with data privacy regulations (GDPR, CCPA, ICO) (nice-to-have)
- Knowledge of gaming or iGaming industry regulations (nice-to-have)
- Experience with security automation and Infrastructure as Code security (nice-to-have)
- Background in penetration testing or ethical hacking (nice-to-have)
- Experience with bias detection and fairness monitoring in ML systems (nice-to-have)
- Competitive salary.
- Comprehensive health insurance.
- Generous paid time off.
- Opportunities for professional development and training.
- Flexible working arrangements.
- Relocation assistance may be available.
Flutter UK & Ireland is the UK and Ireland division of Flutter Entertainment, the world's leading online sports betting and iGaming company. It brings together some of the biggest brands in the betting and gaming industry, including Betfair, Paddy Power, Sky Betting & Gaming and tombola. The division employs thousands of colleagues across hundreds of teams, creating entertainment for millions of customers each week. Headquartered in Leeds, it operates as part of the wider Flutter group, which is listed on the New York and London stock exchanges.
