AI Security Analyst

About The Position

Requirements

• Demonstrated understanding of AI and large language model security risks, including data leakage, prompt injection, excessive permissions, and shadow AI adoption.
• Experience with Microsoft 365 security and compliance tools, including Microsoft Purview (DLP, sensitivity labels, data classification), Defender for Cloud Apps, and Entra ID.
• Familiarity with OAuth 2.0, API permission models, and application consent frameworks in enterprise environments.
• Experience with data classification, sensitivity labeling, and data loss prevention concepts and implementation.
• Understanding of compliance frameworks (NIST CSF, SOC 2, NIST AI RMF) and the ability to map AI-related controls to framework requirements.
• Familiarity with cloud security principles in Microsoft Azure, including identity, access management, and data residency considerations.
• Strong research and analytical skills with the ability to evaluate emerging technologies and translate findings into actionable security recommendations.
• Clear written and verbal communication skills, including the ability to explain AI security risks and control rationale to both technical and non-technical stakeholders.
• Ability to work cross-functionally with engineering, operations, and business teams to embed security into AI adoption decisions.
• Comfort operating in a fast-moving environment where AI capabilities and associated risks are evolving rapidly.
• Ability to work effectively both independently and as part of a small, collaborative security team.
• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related discipline; or equivalent combination of education and experience.
• 2–4 years of experience in information security, cloud security, GRC, or a related field with demonstrated exposure to AI/ML technologies or SaaS security governance.

Nice To Haves

• Scripting or automation capability (PowerShell, Python, or similar) for reporting and administrative tasks is a plus.
• Security certifications preferred (Security+, SC-400, SC-300, CISSP, or AI-specific security certifications).

Responsibilities

• Develop and maintain the AI governance framework, including acceptable use policies, application approval workflows, and risk classification criteria for AI tools and integrations.
• Own the security review process for new AI and SaaS application requests, evaluating data handling, authentication, API permissions, and privacy implications before approval.
• Define and govern the sensitivity label taxonomy across Microsoft Purview and integrated AI platforms, ensuring a single source of truth for data classification.
• Research emerging AI security threats, vulnerabilities, and best practices to inform organizational policy and control decisions.
• Maintain a current inventory of approved and in-use AI tools across the organization, tracking ownership, data access scope, and review status.
• Support the security configuration and access control design for enterprise AI platforms including Claude Enterprise, Microsoft 365 Copilot, and Copilot Studio.
• Configure and manage pilot group membership, security group structures, and OAuth connector controls for AI tool rollouts using Entra ID.
• Coordinate with AI platform engineering to ensure platform-level data sensitivity labels and agent-level access controls align with centrally defined Purview classification standards.
• Monitor AI application usage and data flows using Microsoft Defender for Cloud Apps, identifying shadow AI adoption, excessive permission grants, and data exposure risks.
• Evaluate OAuth consent requests and API permission scopes for AI-related application registrations, coordinating with identity security resources on approval decisions.
• Assess data boundary and residency implications for AI platforms that process, store, or transmit organizational data.
• Support the GRC function with compliance evidence collection and control validation for SOC 2, NIST CSF, and other applicable frameworks.
• Assist with identity and access management reviews, including periodic access certifications and privileged access audits.
• Contribute to security policy development and maintenance as it relates to AI governance, data classification, and third-party risk management.
• Support internal security assessments and audits by providing documentation and analysis related to AI tool controls and data handling practices.
• Stay current on developments in AI security, including emerging threat vectors, regulatory guidance, and industry frameworks such as the OWASP AI Security and NIST AI Risk Management Framework.
• Evaluate and recommend improvements to AI security controls based on organizational adoption patterns, threat intelligence, and lessons learned from incidents or near-misses.
• Provide guidance and awareness training to staff on secure use of AI tools, data handling expectations, and organizational AI policies.
• Completion of Assigned Tasks and Deliverables on Time and on Budget
• Performs Other Related Duties as Assigned

Benefits

• Choice of comprehensive medical plans (including two PPO-style plans and a HDHP w/ HSA option)
• Flex spending accounts (FSA)
• Dental and vision plans
• Comprehensive medical, dental and vision benefits extended to spouse / domestic partner and dependent children up to age 26
• 401k with company match and self-directed brokerage account option
• PTO including additional paid time off during the last week of the year
• Company paid life insurance coverage for employees and their eligible dependents
• Short and long-term disability, AD&D coverage
• Professional development opportunities, tuition reimbursement and professional licensing assistance
• Paid parental leave after one year of employment