AI Security Engineer

ABOUT US

tms unites technology, marketing, and sourcing to drive transformational change for the world’s leading brands. With more than 1,400 employees across 28 countries., we offer an impressive range of solutions – from inspiration and innovation to category management and delivery. 

Operating as a creative agency, a strategic consultancy, a sourcing business, and a technology provider, we engage with over 110 million customers every single day for our clients, including McDonald’s, T-Mobile, O2, Starbucks, and adidas.

Most importantly, we're a place where you can achieve great things, and be recognized as the best.

WHAT MATTERS THE MOST

Breakthrough, business-driving ideas come from extraordinary people with the freedom to be their most authentic selves at work. Authenticity and diversity are critical elements of our business. They can only be realized when we create access and equity for all. We foster a culture of inclusion and belonging and aspire to be ever-evolving.

tms is a place where brilliant people are better together. If you want your ideas to be heard and to contribute to a culture of inclusion and authenticity, bring us your voice! Visit us at tmsw.com. 

WHY WE THINK YOU WILL LOVE THIS ROLE

We believe you'll love being an AI Security Engineer at tms because you'll play a pivotal role in shaping the security landscape for world-renowned brands within a culture that values innovation, authenticity, and inclusion. Here, you'll have the autonomy to lead impactful initiatives, collaborate with diverse, cross-functional teams, and see your ideas recognized and celebrated. If you thrive in environments that encourage growth, continuous learning, and the freedom to be yourself while making a difference, this role offers the challenge and support to help you excel.

WHAT YOU WILL BRING TO THE AGENCY

This role sits at the intersection of traditional security engineering and modern AI-driven tooling, requiring a practitioner who can evaluate emerging AI capabilities through a security lens while executing core engineering functions across SaaS application reviews, architecture assessments, and third-party plugin governance.

The ideal candidate brings hands-on coding proficiency, a working knowledge of secure software development practices, and direct experience securing marketing technology stacks, AI-integrated platforms, and enterprise SaaS environments.

Roles and Responsibilities 

AI Engineering Security

• Evaluate AI tools, models, and platforms for security risk, including prompt injection vulnerabilities, data leakage, model output integrity, and supply chain risks.
• Develop and enforce security standards for AI-assisted development workflows, including LLM-integrated CI/CD pipelines and code generation tools.
• Assess AI API integrations and third-party model usage for data handling compliance, authorization controls, and audit logging.
• Participate in the design and review of AI-powered internal tooling and automation, ensuring security requirements are embedded from inception.
• Stay current on evolving AI security threats including adversarial prompting, model poisoning, and emerging OWASP LLM Top 10 guidance.

Secure Coding & Application Security

• Conduct secure code reviews across multiple languages and frameworks, with an emphasis on Python, JavaScript/TypeScript, and cloud-native applications.
• Apply OWASP principles and industry-standard secure development lifecycle (SDLC) practices to engineering workflows.
• Perform static and dynamic application security testing (SAST/DAST) and triage findings with development teams through to remediation.
• Collaborate with software engineers to embed security controls into code pipelines, authentication flows, and data handling routines.

SaaS Application Security Reviews

• Lead third-party SaaS application security assessments, evaluating vendor security posture, data handling practices, access control models, and contractual compliance.
• Maintain a SaaS application inventory and risk register, conducting periodic reviews and ensuring ongoing controls alignment.
• Evaluate browser-based plugins, marketplace extensions, and integrations for privilege scope, data exfiltration risk, and policy adherence.
• Partner with Procurement and Legal during the vendor onboarding process to communicate security requirements and assess residual risk.

Marketing Technology Security

• Assess the security posture of marketing platforms including CRMs, CDPs, ad tech stacks, campaign automation tools, and analytics platforms.
• Evaluate data flows between marketing systems and core enterprise infrastructure, identifying excessive data sharing, weak authentication, and shadow IT exposure.
• Support the review and governance of marketing API keys, OAuth tokens, and webhook configurations.
• Partner with Marketing and Digital teams to align platform configuration with data privacy requirements (GDPR, CCPA) and organizational policy.

Architecture & Standards

• Participate in architecture review boards (ARB) to assess new systems and integration patterns for security risk.
• Develop and maintain security reference architectures for SaaS integrations, AI platform connections, and plugin frameworks.
• Contribute to security policies, standards, and playbooks relevant to AI security, SaaS governance, and third-party risk.
• Support threat modeling exercises for new platform deployments and significant system changes.

SKILLS AND EXPERIENCE WE WOULD LIKE YOU TO HAVE

Required Experience

• Minimum of 5 years of hands-on experience in information technology, with a focus on risk management and compliance.
• Comprehensive knowledge of industry market structures and associated regulatory compliance frameworks, such as ISO 27001, SOC 2, NIST, NIS2, and GDPR.
• Demonstrated expertise in identity management standards, as well as cloud-based storage and disaster recovery strategies.
• Proficiency in utilizing security assessment tools, including but not limited to Rapid7.
• Familiarity with Governance, Risk, and Compliance (GRC) platforms and best practices, such as ZenGRC, OneTrust, and Archer.
• Documented success in coordinating and executing multiple risk and compliance initiatives.
• Proven ability to manage third-party audits, including compiling audit evidence and organizing comprehensive audit responses.
• Exceptional attention to detail and accuracy in all aspects of work.
• Strong written and verbal communication skills, with the ability to collaborate effectively across cross-functional teams.
• Well-developed analytical and problem-solving skills, with a track record of driving initiatives that support organizational objectives.

Preferred Qualifications

Required

• 3–5 years of progressive experience in security engineering, application security, or a closely related role.
• Hands-on experience with secure coding practices in one or more languages (Python, JavaScript/TypeScript, Go, or similar).
• Demonstrated knowledge of OWASP Top 10, OWASP LLM Top 10, and common application security vulnerabilities.
• Experience conducting SaaS application security reviews or third-party vendor security assessments.
• Familiarity with AI/ML platforms, LLM integrations, or AI-assisted development tooling from a security perspective.
• Understanding of OAuth 2.0, SAML, API security patterns, and modern identity and access management concepts.
• Experience with SAST, DAST, or SCA tooling (e.g., Semgrep, Checkmarx, Snyk, Burp Suite).
• Strong written and verbal communication skills, with the ability to convey technical risk to non-technical stakeholders.

Preferred

• Experience securing marketing technology platforms such as Salesforce, HubSpot, Adobe Experience Cloud, or similar.
• Familiarity with browser extension security, plugin frameworks, and marketplace governance.
• Exposure to cloud security principles on AWS, Azure, or GCP relevant to SaaS and AI workloads.
• Relevant certifications such as CSSLP, CEH, GWAPT, AWS Security Specialty, or equivalent.
• Experience contributing to security architecture review processes or developing reference security patterns.
• Knowledge of data privacy regulations (GDPR, CCPA, HIPAA) as they apply to marketing and analytics platforms.

Starting salary between $110,000-$140,000

TOTAL REWARDS

Our total rewards philosophy integrates programs for compensation, benefits, recognition, learning and development, corporate culture, corporate citizenship and work-life balance. While individual program components may differ by country, some things remain constant:

• Our commitment to rewarding results
• Opportunities to work with talented and driven individuals at every level of our company who respect each other, treat each other fairly and hold one another accountable for our customers’—and our company’s—success

There's more ...

Generous medical, dental, vision and other great benefits

Paid parental and medical leave programs

401(k) with a company match component and profit sharing

15 days of paid time off plus company holidays

Hybrid work model

Tuition reimbursement and student loan repayment assistance

Inclusive employee resource groups

EQUAL OPPORTUNITY EMPLOYER

We are an equal opportunity employer, and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

RECRUITING AGENCIES

tms does not accept agency resumes submitted by third-party vendors unless a valid agreement has been signed and the tms Talent Acquisition Team has granted authorization for submissions for a specified position. Please do not submit or forward resumes to our site, tms employees, or any other company location. tms is not responsible for any fees related to unsolicited resumes.