Principal AI Security Engineer

Overview

Job Description: The Principal Artificial Intelligence (AI) Security Engineer serves as the technical lead for securing machine learning (ML), generative artificial intelligence (GenAI), and agentic systems in production, with emphasis on healthcare and other regulated environments. This role creates security architecture, threat modeling, control design, and detection strategy across the AI lifecycle, including data ingestion, feature engineering, training and fine-tuning, evaluation, model serving, retrieval-augmented generation (RAG) pipelines, agent frameworks, API mediation, and post-deployment monitoring.

The Principal AI Security Engineer leads and partners throughout the organization to build enforceable guardrails for protected health information and electronic protected health information handling, identity and access control, secrets isolation, model and dataset provenance, output safety, and evidence collection for audits and investigations.

• Creates reference architectures, defines security requirements and patterns for model training, inference, retrieval-augmented generation (RAG), agent orchestration, tool calling, and multi-model pipelines across cloud and hybrid environments.
• Performs deep threat modeling for artificial intelligence (AI) systems, including prompt injection, indirect prompt injection, insecure output handling, excessive agency, system prompt leakage, vector and embedding weaknesses, data poisoning, model theft, model inversion, supply chain compromise, and denial-of-service.
• Defines guardrails for protected health information and electronic protected health information processing, including data minimization, de-identification, context scoping, encryption in transit and at rest, retention boundaries, and access paths into model context windows, vector stores, caches, and logs.
• Designs and implements secure machine learning operations (MLOps) controls for datasets, features, models, prompts, and policies: provenance tracking, artifact signing, environment separation, approval workflows, reproducible builds, rollback paths, and tamper-evident audit trails.
• Defines and sets standards for identity, service-to-service authentication, secrets management, token scoping, least privilege, just-in-time access, and network segmentation for AI services, model gateways, and external tool integrations.
• Leads offensive security activities for AI systems, including adversarial testing, AI red teaming, prompt and tool abuse simulation, fuzzing, jailbreak testing, attack path validation, and control verification against production-like workflows and third-party model providers.
• Leads defensive security and blue team capabilities for AI platforms, including telemetry design, prompt and response event logging, model gateway instrumentation, security information and event management/security orchestration, automation, and response (SIEM/SOAR) integration, detection engineering, exfiltration and jailbreak detections, anomalous agent action monitoring, incident triage playbooks, and continuous tuning based on observed attack patterns.
• Leads security reviews of RAG and agentic systems, including chunking and retrieval policies, vector store isolation, embedding pipeline validation, retrieval authorization, tool allow-listing, action confirmation, and human-in-the-loop controls for high-risk operations.
• Defines security requirements for model evaluation pipelines, benchmark data handling, canary tests, policy enforcement, and release gates so unsafe or noncompliant behavior is identified before promotion.
• Collaborates to ensure secure, compliant handling of sensitive and regulated data across AI systems and enterprise data platforms, including enforcement of data classification, retention, access controls, auditability, and secure data readiness for approved AI use cases.
• Collaborates on the design and implementation of AI and data governance frameworks, translating legal, regulatory, and compliance requirements into enforceable technical controls, security standards, and operational processes.
• Coordinates the development of secure data pipelines and control implementations, ensuring proper data sourcing, minimization, de-identification, and consistent application of enterprise data protection controls (e.g., DLP, encryption, retention) within AI architectures and workflows.
• Partner with application security, platform engineering, and data science teams to enable secure adoption of AI technologies.
• Jointly support investigations, incident response, and regulatory inquiries involving AI systems and enterprise data, including forensic analysis, evidence preservation, defensible documentation, and production of audit-ready artifacts for legal and compliance purposes.
• Develop and maintain integrated monitoring, detection, and response capabilities, aligning tools and processes (e.g., DSPM, eDiscovery, SIEM/SOAR, AI observability) to proactively identify and mitigate data leakage,…