AI Security Engineer (GRC)

SCAN Health InsuranceLong Beach, CA
$125,400 - $215,975Hybrid
Match Resume

About The Position

The AI Security Engineer (GRC) serves as the organization's dedicated subject matter expert at the intersection of artificial intelligence and cybersecurity within a regulated healthcare environment. This role is responsible for evaluating AI vendors and technologies, establishing and enforcing secure AI implementation standards, and providing hands-on guidance to development and engineering teams adopting AI platforms such as Microsoft Copilot Studio, Azure AI Foundry, Snowflake Cortex, Claude Code, and other large language model (LLM)-powered tooling. Operating within the HIPAA-regulated landscape, this analyst will ensure AI integrations — including Model Context Protocol (MCP) servers, agentic workflows, command-line interfaces (CLIs), APIs, and third-party AI extensions — are architected and deployed in a manner consistent with NIST AI RMF, HITRUST, and organizational security policies. The role acts as a trusted advisor, security gatekeeper, and enabler for responsible AI adoption across the enterprise.

Requirements

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a closely related field.
  • 7+ years of progressive experience in information security, with a minimum of 2 years focused on AI/ML security or applied AI technology evaluation.
  • Demonstrated hands-on experience with one or more of the following: Copilot Studio, Azure AI Foundry, Claude / Anthropic APIs, OpenAI API, GitHub Copilot, or LLM agentic frameworks (LangChain, AutoGen, Semantic Kernel).
  • Experience working in a HIPAA-regulated environment; healthcare industry background strongly preferred.
  • Proven track record conducting vendor risk assessments and producing executive-level risk documentation.
  • Deep understanding of LLM attack surface: prompt injection, indirect prompt injection, system prompt extraction, and model manipulation.
  • Familiarity with AI red-teaming methodologies and tools (Garak, PyRIT, PromptBench).
  • Knowledge of OWASP Top 10 for LLM Applications.
  • Understanding of AI model lifecycle risks: training data poisoning, supply chain risks in model registries (Hugging Face, Azure Model Catalog).
  • Ability to audit and secure Model Context Protocol (MCP) server implementations including: Reviewing tool definitions and permissions for least-privilege violations, Validating authentication mechanisms (no hardcoded credentials, proper token scoping), Assessing stdio vs. SSE transport security implications, Identifying SSRF and command injection risks in custom MCP tool implementations.
  • Experience securing AI CLIs including credential storage, environment variable exposure, and shell integration risks.
  • Knowledge of agentic permission models — understanding when AI agents should require human-in-the-loop approval.
  • Ability to evaluate multi-step AI workflow chains for unintended capability escalation.
  • Microsoft Copilot Studio: Plugin manifest security review, connector authentication, sensitivity label enforcement.
  • Azure AI Foundry: Managed identity configuration, private endpoints, content filtering policy management, model deployment governance.
  • Snowflake Cortex: Securing AI-generated SQL and Cortex LLM functions, Snowpark container security, column-level data masking, network policy enforcement, and OAuth integration for service accounts.
  • Claude Code: System prompt construction, tool-use permission hardening, CLI credential isolation, API key scoping.
  • GitHub Copilot Enterprise: Telemetry settings, suggestion filtering for secrets, IDE extension trust policies.
  • Strong grounding in identity and access management — OAuth 2.0, OIDC, SAML, managed identities, workload identity federation.
  • API security: authentication schemes, rate limiting, input validation, and output sanitization for AI endpoints.
  • Network security: micro-segmentation, private endpoints, WAF configuration for AI service ingress.
  • SIEM/SOAR integration for AI audit log ingestion, anomaly detection, and automated response.
  • Threat modeling methodologies: STRIDE, PASTA, and application of MITRE ATT&CK and ATLAS frameworks.
  • Thorough understanding of HIPAA Security Rule requirements and how they apply to AI data processing pipelines.
  • Experience with HITRUST CSF controls relevant to AI and cloud-based processing of ePHI.
  • Practical knowledge of NIST AI Risk Management Framework (AI RMF) — Govern, Map, Measure, Manage functions.
  • Familiarity with EU AI Act classifications and their implications for healthcare AI systems (high-risk AI designation).
  • Experience reviewing BAAs and DPAs for AI vendor engagements.

Nice To Haves

  • Master’s degree preferred; equivalent professional experience considered.

Responsibilities

  • Lead structured security assessments of AI vendors, platforms, and tools prior to organizational adoption or renewal.
  • Evaluate vendor data handling practices, model training transparency and data residency.
  • Assess the security posture of AI platforms including: Microsoft Copilot Studio, Azure AI Foundry, Snowflake Cortex, Claude Code & Anthropic APIs, GitHub Copilot, Cursor, and other AI-assisted development tools.
  • Produce written Vendor Security Assessment Reports (VSARs) including risk ratings, compensating controls, and recommendations.
  • Maintain an AI technology registry with risk classifications and review cadence schedules.
  • Serve as the embedded security advisor to software engineering, data science, and clinical informatics teams adopting AI tooling.
  • Define and enforce secure-by-default configurations for AI development environments and agentic systems.
  • Review and approve MCP server configurations, ensuring tool definitions follow least-privilege principles, server authentication uses OAuth 2.0 / mTLS, and transport layer security (TLS 1.2+) is enforced.
  • Establish CLI security standards for AI-assisted development tools, including credential hygiene, shell history scrubbing, and token scope minimization.
  • Conduct secure code review for AI integration code — with focus on prompt injection, insecure deserialization, and unsafe agentic action chains.
  • Develop and maintain a library of reference architectures, secure configuration templates, and implementation checklists for approved AI platforms.
  • Maintain the organization's AI Risk Register aligned with NIST AI RMF (Govern, Map, Measure, Manage).
  • Ensure AI deployments comply with HIPAA Security Rule (45 CFR §164), HITECH Act obligations, and applicable state privacy laws.
  • Conduct AI-specific Threat Modeling (STRIDE / PASTA) and red-team exercises targeting prompt injection, jailbreak scenarios, indirect prompt injection, model inversion, and membership inference attacks.
  • Track emerging AI threats and threat actor TTPs relevant to healthcare AI systems via MITRE ATLAS and sector ISACs.
  • Participate in AI governance committee meetings and contribute AI security perspectives to organizational AI policies.
  • Review AI integration architectures for network segmentation, data flow, and trust boundary enforcement.
  • Validate that PHI is never transmitted to external AI models without de-identification or explicit BAA coverage.
  • Assess retrieval-augmented generation (RAG) architectures for unauthorized data access and embedding extraction risks.
  • Evaluate agentic AI workflows and multi-agent orchestration systems for privilege escalation and uncontrolled action chains.
  • Provide security sign-off on AI infrastructure as part of the Change Advisory Board (CAB) process.
  • Develop AI security training curricula for developers, data engineers, clinical staff, and IT personnel.
  • Author and maintain AI security policies including: Acceptable Use of Generative AI, AI Vendor Onboarding Standards, MCP and Agentic System Security Policy, and Sensitive Data Handling in AI Contexts.
  • Publish internal guidance and threat intelligence briefings tailored to clinical and technical audiences.

Benefits

  • Base Pay Range: $125,400 to $215,975 annually
  • An annual employee bonus program
  • Robust Wellness Program
  • Generous paid-time-off (PTO)
  • 11 paid holidays per year, 1 floating holiday, birthday off, and 2 volunteer days
  • Excellent 401(k) Retirement Saving Plan with employer match
  • Robust employee recognition program
  • Tuition reimbursement
  • An opportunity to become part of a team that makes a difference to our members and our community every day!
  • A competitive compensation and benefits program
  • Excellent Retirement Savings program
  • A work-life balance

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Job Search Resources

Similar AI Security Engineer (GRC) job opportunities

Senior Security Engineer, GRC
Temporal Technologies
Temporal Technologies • Reston, VA5d • $180,000 - $225,000 • Remote
SAP Security Engineer (GRC – Technical)
Bright Vision Technologies
Bright Vision Technologies • Allen, TX5d • $100,000 - $150,000 • Remote
SAP Security Engineer (GRC – Technical)
Bright Vision Technologies
Bright Vision Technologies • Missouri City, TX5d • $100,000 - $150,000 • Remote
SAP Security Engineer (GRC – Technical)
Bright Vision Technologies
Bright Vision Technologies • Hoffman Estates, IL7d • $100,000 - $150,000 • Remote
SAP Security Engineer (GRC – Technical)
Bright Vision Technologies
Bright Vision Technologies • Lawrenceville, GA5d • $100,000 - $150,000 • Remote
SAP Security Engineer (GRC – Technical)
Bright Vision Technologies
Bright Vision Technologies • Monroe Township, MI4d • $100,000 - $150,000 • Remote

Tools

Templates & Examples

Resources

Comparisons

Company

Over 4 Million Users
Free AI tools and resources to help you land your next job, faster
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service