orbital - AI Security Engineer
Requirements
• AI and LLM security experience: agentic systems, prompt injection, SSRF in agent fetch tools, sandbox escaping, and tool-use threat modelling. This is the most unusual and compelling part of the brief • Experience with high-bar compliance frameworks (FedRAMP, NIST): SOC 2 will feel straightforward if you have done these • Data residency and multi-region architecture experience across UK and US • Experience securing LLM API integrations (OpenAI, Anthropic, AWS Bedrock) • ISO 27001 familiarity: we are already certified • 🔒 Security is everyone’s responsibility at Orbital. We ask all team members to follow our security policies, complete regular awareness training, and handle sensitive data with care in line with ISO 27001 standards. Spot something unusual? Reporting risks or incidents quickly helps us maintain the strong culture of security and compliance we all depend on. • 💡 At Orbital, we’re committed to building a diverse and inclusive team. We especially welcome applications from people who are traditionally underrepresented in tech. Even if you don’t meet every single requirement, or if the right role isn’t listed yet, we’d still love to hear from you. • 💰 This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on several factors, which may include job-related knowledge, skills, experience, and business requirements.
Responsibilities
• AWS security posture from the ground up: account structure, IAM, RBAC, logging, and monitoring within the AWS Well-Architected Framework • SOC 2 Type II controls and evidence for the Greenfield Product on AWS, ensuring the new platform meets the same compliance bar as our existing certified platform • Application-level hardening: authentication (JumpCloud SSO/OIDC), API rate limiting, web security headers, CSRF, CORS, and file-upload validation • AI and agentic security: hardening a sandboxed agent environment including shell execution controls, SSRF/DNS rebinding prevention, prompt injection defences, and tool-use guardrails • Penetration test management: working alongside our external pen test firm (first engagement scoped for early July), triaging findings, and closing them rapidly • Continuous security validation: putting automated processes in place so that security posture does not erode after this engagement ends • Data residency: ensuring US and UK data residency requirements are met from the start given our law firm customer base • Vendor security due diligence: assessing third-party integrations including LLM API providers (OpenAI, Anthropic via AWS Bedrock) • Security status reporting: concise updates to Graham and wider leadership • You should apply if • You have deep, hands-on security engineering experience: you build and implement controls, you do not just advise • You have strong AWS security knowledge: IAM, account structure, Well-Architected Framework, CloudTrail, GuardDuty, Config, and Security Hub • You have driven a real SOC 2 Type II engagement: controls, evidence collection, and audit preparation, not just policy documentation • You have application security experience: auth, RBAC, common web vulnerabilities, and the ability to implement fixes directly in code and config • You have managed external pen test engagements: scoping, triaging findings, and closing them • You are comfortable working at pace with minimal hand-holding in a small, senior team • You are available immediately or within days, not weeks
Apply in one click
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT