Staff AI Agentic Security Engineer

About Bridgewater


Bridgewater Associates is a premier asset management firm, focused on delivering unique insight and partnership for the most sophisticated global institutional investors.


Our investment process is driven by a tireless pursuit to understand how the world's markets and economies work - using cutting edge technology to validate and execute on timeless and universal investment principles.


Founded in 1975, we are a community of independent thinkers who share a commitment for excellence. By fostering a culture of openness, transparency, and inclusion, we strive to unlock the most complex questions in investment strategy, management, and corporate culture.


Explore more information about Bridgewater on our website here.


Our Culture


Bridgewater's unique success is the direct result of our unique way of being. We want an idea meritocracy in which meaningful work and meaningful relationships are pursued through radical truth and radical transparency. We require people to be extremely open, air disagreements, test each other's logic, and view discovering mistakes and weaknesses as a good thing that leads to improvement and innovation. It is by continually striving together for the highest levels of truth and excellence that we create meaningful work and meaningful relationships. Within this culture, Diversity and Inclusion is a top priority because it is essential to finding the best talent in the world, enabling our idea meritocracy, and creating an environment where all types of people can thrive. We have a full-time team as well as affinity networks that work on these issues - If you would like to learn more, please let your Bridgewater recruiter know.


Explore more information about Bridgewater's culture on our website here.


About the Security Group


The Security Department's mission is to protect Bridgewater. We constantly evolve our cyber, physical, and staff security practices to meet business needs and stay ahead of the changing threat landscape


About Your Role

This person needs to know how to build and how to protect. We're not looking for someone who reviews architectures from the sideline. We need someone in the arena - writing agents, shipping code, deploying guardrails, and setting the standard for how an entire firm adopts AI securely.

This is a 50/50 role with two equally critical mandates:

PILLAR 1 (50%) - AI Thought Leader in Security: Build It

You will be the hands-on AI leader inside the Security Department, a builder who ships. You will design and implement AI agents that modernize security operations in an AI-native way: automating threat detection, vulnerability triage, incident response, compliance monitoring, and developer security tooling. You will set the vision for what a modern, agent-powered security organization looks like and then build it yourself.

• Build Security Operations Agents: Design, develop, and deploy autonomous agents for threat detection, alert triage, vulnerability management, and incident response - to transform the way those teams operate.
• Modernize Workflows AI-Natively: Reimagine existing security processes through the lens of agentic AI. Replace manual runbooks with intelligent agents that reason, act, and escalate. Build agent-powered security copilots for engineering teams that perform real-time code review, suggest secure patterns, and catch vulnerabilities before they ship.
• Own the Security AI Stack: Evaluate, select, and implement the right mix of frameworks, orchestration tools, and infrastructure for the department's agent platform. You should have strong opinions - backed by hands-on experience - on LangGraph, LangChain, CrewAI, AutoGen, OpenAI Agents SDK, Google ADK, Semantic Kernel, Dify, n8n, and the broader ecosystem.
• Governance and framework Automation: Build agents that continuously validate configurations, access policies, and data handling against regulatory and internal frameworks of the agents deployed by our investment teams.
• Be the agentic security thought leader: Be the person the department looks to for what's possible. Stay deeply current on the AI landscape - enterprise and open-source - and translate that knowledge into real capability.

PILLAR 2 (50%) - Forward-Deployed AI Security Architect: Protect It

Equally important - if not more important - you will embed directly with Bridgewater's technology and investment teams as they build and deploy their own AI agents. You are the security expert who sits shoulder-to-shoulder with engineers and researchers, helping them ship agentic workflows that are secure by design. This is not a gate-keeping role. This is a partnership role where you bring deep architectural expertise to the teams building the future of the firm.

• Deep Architecture & Sandboxing: Design secure deployment architectures for AI agents across the firm. Define sandboxing strategies, execution boundaries, network isolation, and blast-radius controls that let teams move fast without exposing the organization to unacceptable risk.
• Identity & Authorization for Agents: Architect identity strategies for a world where agents act on behalf of humans. Define how agents authenticate, what permissions they hold, how credentials are scoped and rotated, and how to enforce least-privilege across multi-agent systems and MCP server integrations.
• AI Supply Chain Security: Own the security posture of the AI supply chain end to end. Evaluate the security of agent frameworks, MCP servers, skills/plugins, model providers, embedding pipelines, vector databases, and every dependency in between. Understand the attack surface of tools like LangGraph, LangFlow, Dify, n8n, Open Interpreter, Claude Code, Cursor, and similar agentic development environments.
• Prompt Injection & Model Manipulation Defense: Be the firm's leading expert on prompt injection, jailbreaking, data poisoning, indirect injection via tool outputs, and agent manipulation attacks. Design and deploy runtime defenses using tools like NeMo Guardrails, LlamaFirewall, LLM Guard, OpenGuardrails, Guardrails AI, and custom detection layers.
• Runtime Safety & Governance: Build monitoring, kill switches, escalation triggers, and anomaly detection for AI agents in production. Design human-in-the-loop checkpoints calibrated to risk tolerance and action severity. Implement policy-as-code that governs agent behavior, tool access, data exposure, and output validation.
• Secure Agent-to-Agent Communication: Architect trust boundaries and communication protocols for multi-agent systems - ensuring orchestration, tool use, and data sharing follow least-privilege principles and are resilient to injection and manipulation.
• Security Reviews & Red Teaming: Conduct deep-dive security architecture reviews of agentic systems before they go to production. Red-team LLM integrations and agent workflows to find weaknesses before adversaries do.

What We Expect

You need to have a deep understanding and pulse of the AI market - both enterprise and open-source. This space moves weekly. We need someone who's already in it, not someone planning to catch up.

We expect this person to be fluent across the full AI stack. Not at a surface level - at the level of someone who has built with these tools, broken them, and understands their security implications from the inside. This includes:

AI Foundations & Model Layer

• LLM APIs and SDKs (OpenAI, Anthropic, Google Vertex AI, Azure OpenAI, Bedrock, Mistral, Cohere) - authentication, token management, rate limiting, data handling, and model routing.
• Retrieval-Augmented Generation (RAG) pipelines end to end: embedding models, chunking strategies, vector databases (Pinecone, Weaviate, Chroma, pgvector, Qdrant), retrieval patterns, and the security implications of each.
• Fine-tuning, prompt engineering, and system prompt design - and how each creates or mitigates attack surface.

Agent Frameworks & Orchestration

• Deep, hands-on experience with modern agent frameworks: LangGraph, LangChain, CrewAI, AutoGen, OpenAI Agents SDK, Google ADK, Semantic Kernel, Pydantic AI, Strands Agents, LlamaIndex, and Agno.
• Visual and low-code agent platforms: Dify, LangFlow, Flowise, n8n (AI Agent nodes), and their security tradeoffs.
• Agentic coding tools and environments: Claude Code, Cursor, Windsurf, Open Interpreter, Aider, and similar - understanding how these tools interact with codebases, filesystems, and APIs, and the risks they introduce.
• Model Context Protocol (MCP): Deep understanding of MCP server architecture, tool registration, trust boundaries, and the emerging attack surface around MCP-based integrations.

AI Security Tooling & Defense

• Runtime guardrail frameworks: NVIDIA NeMo Guardrails, Meta LlamaFirewall, LLM Guard, OpenGuardrails, Guardrails AI, Rebuff, and custom detection pipelines.
• AI-specific attack vectors: prompt injection (direct and indirect), jailbreaking, data exfiltration via tool use, agent goal hijacking, training data poisoning, model inversion, and supply chain attacks on model weights and plugins.
• AI governance and compliance standards: OWASP Top 10 for LLMs, NIST AI RMF, EU AI Act, ISO 42001 - and practical implementation of these frameworks.
• AI red-teaming tools and methodologies for testing agents, models, and end-to-end agentic workflows in adversarial conditions.

Minimum Qualifications

• 10+ years of experience in software engineering, security engineering or application security with demonstrated impact at a senior or staff level.
• 3+ years of hands-on experience building, deploying, or securing AI/ML systems, including LLM-based applications and agentic workflows.
• Proven track record of building production-grade AI agents or agent-powered tools - not just evaluating or advising on them.
• Deep, current knowledge of the AI agent ecosystem across enterprise and open-source: frameworks, orchestration tools, model providers, RAG infrastructure, and developer tooling.
• Demonstrated expertise in AI-specific security threats, including prompt injection defense, agent sandboxing, identity for autonomous systems, and supply chain security for AI toolchains.
• Experience securing cloud-native applications and infrastructure (AWS, Azure, or GCP) with strong understanding of identity, networking, and data protection.
• Expert in Python and/or TypeScript with the ability to build production-grade security tooling, agents, and automation.
• Proven ability to work as an embedded partner with engineering and research teams - influencing through expertise and trust, not mandates.
• Exceptional communication skills: able to translate complex AI security concepts into clear, actionable guidance for engineers, researchers, and leadership.
• Strong judgment in balancing security risk, business velocity, and the realities of a fast-moving AI landscape.

Preferred Qualifications

• Contributions to open-source AI security projects or frameworks.
• Background in financial services or other highly regulated industries.
• Experience red-teaming LLMs and agentic systems in adversarial settings.
• Familiarity with AI observability and tracing tools (LangSmith, Langfuse, Helicone, Arize) for monitoring agent behavior in production.

Physical Requirements


This role is offered as hybrid with options to work out of our NYC or CT offices.


Compensation


The wage range for this role is $450,000 - $600,000 inclusive of base salary and discretionary target bonus. The expected base salary for this role is between 65 - 75% of this wage range.


Why Choose Bridgewater?


It takes all types to make Bridgewater great. We seek a diverse group of innovative thinkers and push them to engage in rigorous and thoughtful inquiry. We develop people through an honest examination of their abilities and performance, enabling personal growth and professional development. We strive to provide you opportunities that will challenge you and unlock your potential.


One of our core priorities at Bridgewater is to enable our employees to build a great life and career, and we believe our benefits are an important extension of that philosophy. As such, currently Bridgewater offers a competitive suite of benefits.


Explore more information about Bridgewater's benefits on our website here.


Bridgewater reserves the right to change its current benefits program at any time, in a manner that is consistent with applicable federal and state regulations.


This job description is not a contract and confers no contractual rights, privileges, or benefits on any applicant or potential applicant. Bridgewater has the right to change any and all terms of this job description, including, but not limited to, job responsibilities, qualifications and benefits. Nothing in this job description constitutes an offer or guarantee of employment. Please note that we do not provide immigration sponsorship for this position.


Bridgewater Associates, LP is an Equal Opportunity Employer