Senior AI Security Engineer

About The Position

Requirements

• 5 years of experience in Cybersecurity engineering, application security, or platform security
• 3 years of experience in AI/ML or Generative AI security (prompt injection defense, unsafe output handling, tool-use abuse, data leakage)
• Bachelor’s degree in Computer Science, Computer Engineering, Information Technology, Cybersecurity, or closely related discipline or relevant experience and/or education as determined by the company in lieu of bachelor's degree.
• Deep working knowledge of AI/LLM security risks: prompt injection, unsafe outputs, tool-use abuse, data leakage, identity misuse, and agentic workflow escalation
• Hands-on proficiency with AI security frameworks: NIST AI RMF, MITRE ATLAS, OWASP LLM Top 10
• Cloud security fluency across Azure, GCP, and AWS, including native security tooling (Defender for Cloud, Wiz, GCP SCC)
• Adversarial testing experience with AI red-team tooling (PyRIT, Promptfoo, AgentDojo, or custom harnesses)
• Detection engineering — building monitoring logic, alerting pipelines, and telemetry for AI system behavior
• Proficiency in Python (or equivalent) for security automation, test harness development, and pipeline integration
• Secure API design, access controls, secrets management, and environment-based deployment controls for AI workloads
• HIPAA data handling requirements and PHI/PII protection considerations in AI pipelines and agentic workflows
• Strong written and verbal communication — capable of producing technical findings, remediation guidance, and executive security narratives
• Ability to operate effectively as a senior individual contributor in a large, matrixed healthcare organization

Nice To Haves

• 5 years of experience in Securing production systems in enterprise environments
• 3 years of experience in Hybrid multi-cloud security (Azure, GCP, AWS)
• 2 years of experience in Detection engineering, monitoring, and alerting for complex application or workflow environments
• 2 years of experience in AI red-team execution (jailbreaking, behavioral drift, misuse-case validation; tools such as PyRIT, Promptfoo, AgentDojo
• 2 years of experience in Securing agentic systems, multi-step AI workflows, or tool-calling architectures
• 2 years of experience in Highly regulated industry (healthcare, financial services) with HIPAA or equivalent compliance obligations
• 1 year of experience in Identity, access management, secrets handling, and runtime policy enforcement for AI workloads
• Master's degree in Cybersecurity, Computer Science, or a related field
• Certified Information Security Professional (CISSP)
• AWS Certified Security Specialty, Microsoft AZ-500, or Google Professional Cloud Security Engineer
• AI security credentials or coursework (SANS AI Security, NIST AI RMF practitioner training)

Responsibilities

• Design, implement, and operate security controls for AI/ML, GenAI, and agentic systems — spanning model-level, data-level, and platform-level protections across Azure, GCP, AWS, and SaaS.
• Engineer and enforce guardrails that mitigate prompt injection, unsafe outputs, unauthorized tool execution, data leakage, and insecure agentic workflow behavior, with explicit focus on PHI/PII exposure.
• Design and execute AI red-team exercises targeting LLMs and AI agents including prompt injection (direct and indirect), jailbreaking, tool and memory poisoning, behavioral drift, unsafe autonomy, and emergent privilege escalation.
• Analyze agent logic, tool graphs, and multi-step workflows to identify systemic security weaknesses beyond prompt-level attacks; translate findings into reusable attack libraries and actionable engineering fixes.
• Build and maintain monitoring, logging, and alerting for AI systems covering prompt behavior, tool invocation patterns, output anomalies, and workflow execution — and implement detection content for policy-violating AI behavior.
• Embed security controls into CI/CD pipelines and agentic delivery workflows; partner with AI platform, data engineering, and application teams to integrate security requirements from design through deployment gate.
• Apply NIST AI RMF, MITRE ATLAS, and OWASP LLM Top 10 to assess and manage AI security risks; contribute to enterprise AI security standards, reference architectures, and governance policy; advise leadership on AI cybersecurity risk and regulatory considerations specific to healthcare AI deployment.
• Other duties as assigned or requested.

Benefits

• Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law.