Archer · 2 days ago
Sr. Staff Vulnerability & AI Security Engineer (Hybrid)
San Jose, CA
Full-time
Hybrid
Senior Level, Lead/Staff
$182K/yr - $241K/yr
8+ years expArcher is an aerospace company based in San Jose, California, focused on advancing sustainable air mobility through innovative aircraft design. They are seeking a Sr. Staff Vulnerability & AI Security Engineer to lead the enterprise vulnerability management strategy and establish secure practices for AI adoption, playing a pivotal role in enhancing the company's security posture.
AerospaceAir TransportationElectric VehicleManufacturing
No H1B
Responsibilities
Architect Enterprise Strategy: Design and own the end-to-end vulnerability management architecture—from discovery and coverage to automated validation and executive reporting
Risk-Based Prioritization: Establish a sophisticated prioritization model that integrates asset criticality, threat intelligence, and exploitability to ensure engineering teams focus on the "critical few" over the "noisy many."
Technical AI Governance: Lead the technical implementation of AI security; design and deploy guardrails for GenAI usage, detect "Shadow AI," and build technical controls to prevent IP leakage into public LLMs
Attack Surface Engineering: Partner with Cloud and Infrastructure teams to integrate CNAPP/CSPM findings and build automated workflows that reduce configuration-driven exposure in AWS/Azure
Shift-Left Leadership: Drive DevSecOps excellence by embedding SAST/DAST/SCA and secrets scanning into CI/CD pipelines, preventing vulnerabilities from reaching production
Metrics & Storytelling: Define and operationalize technical KPIs (MTTR, risk burn-down, coverage) that translate raw technical data into business risk for executive leadership
Tactical Response: Lead high-severity vulnerability response efforts, providing technical validation, containment strategies, and verification of remediation
Technical Mentorship: Act as a "multiplier" by setting engineering standards, mentoring security analysts, and leading cross-functional remediation initiatives through technical influence rather than just authority
Qualification
Required
8+ years of security engineering experience with a heavy focus on vulnerability management, AppSec, or cloud security
Staff-Level Influence: Proven track record of leading complex, enterprise-wide security programs and driving technical change across diverse engineering organizations
Cloud Depth: Strong hands-on experience in AWS, GCP, or Azure, specifically regarding identity, secure configuration, and automated telemetry
Tooling Mastery: Deep expertise in the modern security stack (SAST/DAST/SCA, scanners, and automated ticketing workflows)
Regulatory Fluency: Practical understanding of how vulnerability evidence supports compliance in regulated environments (NIST SP 800-171, CMMC Level 2, ITAR)
Communication: Exceptional ability to translate a complex CVE into a business risk narrative for non-technical stakeholders
Preferred
AI Security Practitioner: Experience implementing technical enforcement (not just policy) for AI usage and data leakage prevention
Automation Specialist: Experience building automated triage and enrichment workflows to reduce 'security friction' for developers
Aerospace/Defense Background: Prior experience in high-stakes, auditable environments where 'checkbox security' isn't an option
Company
Archer
Archer is an aerospace company that developed an electric vertical takeoff and landing aircraft tailored for urban air mobility systems.
1001-5000 employees
Funding
Current Stage
Public CompanyTotal Funding
$3.48BKey Investors
BlackRockStellantis
2025-11-06Post Ipo Equity· $650M
2025-06-12Post Ipo Equity· $850M
2025-02-11Post Ipo Equity· $300M
Leadership Team
Adam Goldstein
Founder and CEO
Tom Muniz
Chief Technology Officer
Recent News
2026-01-19
News Powered by Cision
2026-01-16
Company data provided by crunchbase