×
Register Here to Apply for Jobs or Post Jobs. X

AI Security Engineer; GRC

Job in Long Beach, Los Angeles County, California, 90899, USA
Listing for: SCAN Group
Full Time position
Listed on 2026-06-27
Job specializations:
  • IT/Tech
    AI Engineer (Applied/Software)
Salary/Wage Range or Industry Benchmark: 125400 - 215975 USD Yearly USD 125400.00 215975.00 YEAR
Job Description & How to Apply Below
Position: AI Security Engineer (GRC)

Founded in 1977 as the Senior Care Action Network, SCAN began with a simple but radical idea: that older adults deserve to stay healthy and independent. That belief was championed by a group of community activists we still honor today as the "12 Angry Seniors." Their mission continues to guide everything we do.

Today, SCAN is a nonprofit health organization serving more than 500,000 people across Arizona, California, Nevada, New Mexico, Texas, and Washington, with over $8 billion in annual revenue. With nearly five decades of experience, we have built a distinctive, values‑driven platform dedicated to improving care for older adults.

Our work spans Medicare Advantage, fully integrated care models, primary care, care for the most medically and socially complex populations, and next‑generation care delivery models. Across all of this, we are united by a shared commitment: combining compassion with discipline, innovation with stewardship, and growth with integrity.

At SCAN, we believe scale should strengthen‑not dilute‑our mission. We are building the future of care for older adults, grounded in purpose, accountability, and respect for the people and communities we serve.

The Job

The AI Security Engineer (GRC) serves as the organization's dedicated subject matter expert at the intersection of artificial intelligence and cybersecurity within a regulated healthcare environment. This role is responsible for evaluating AI vendors and technologies, establishing and enforcing secure AI implementation standards, and providing hands‑on guidance to development and engineering teams adopting AI platforms such as Microsoft Copilot Studio, Azure AI Foundry, Snowflake Cortex, Claude Code, and other large language model (LLM)-powered tooling.

Operating within the HIPAA-regulated landscape, this analyst will ensure AI integrations – including Model Context Protocol (MCP) servers, agentic workflows, command‑line interfaces (CLIs), APIs, and third‑party AI extensions – are architected and deployed in a manner consistent with NIST AI RMF, HITRUST, and organizational security policies. The role acts as a trusted advisor, security gatekeeper, and enabler for responsible AI adoption across the enterprise.

You

Will
  • AI Vendor & Technology Evaluation
    • Lead structured security assessments of AI vendors, platforms, and tools prior to organizational adoption or renewal.
    • Evaluate vendor data handling practices, model training transparency, and data residency.
    • Assess the security posture of AI platforms including:
      • Microsoft Copilot Studio – plugin trust boundaries, connector authentication, Power Platform DLP policies.
      • Azure AI Foundry – model deployment pipelines, private endpoint configuration, managed identity usage.
      • Snowflake Cortex – data access controls in AI‑generated SQL, Snowpark security, role‑based privilege enforcement, Cortex function access policies, and query result exposure risks.
      • Claude Code & Anthropic APIs – system prompt injection risks, tool use/agentic permissions, data retention settings.
      • Git Hub Copilot, Cursor, and other AI‑assisted development tools – code telemetry and secret leakage exposure.
    • Produce written Vendor Security Assessment Reports (VSARs) including risk ratings, compensating controls, and recommendations.
    • Maintain an AI technology registry with risk classifications and review cadence schedules.
  • Secure AI Implementation Guidance for Development Teams
    • Serve as the embedded security advisor to software engineering, data science, and clinical informatics teams adopting AI tooling.
    • Define and enforce secure‑by‑default configurations for AI development environments and agentic systems.
    • Review and approve MCP server configurations, ensuring:
      • Tool definitions follow least‑privilege principles—no excessive file system, network, or shell access.
      • Server authentication uses OAuth 2.0 / mTLS and does not rely on static API keys stored in plaintext.
      • Transport layer security (TLS 1.2+) is enforced on all MCP server communications.
      • Prompt injection attack surfaces are identified and mitigated in tool descriptions and system prompts.
      • Logging and audit trails are enabled for all MCP tool invocations touching PHI or sensitive…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary