Information Security Engineer; AI & Data Privacy

Build the future, spark innovation and align your career with purpose.

McKinstry is innovating the waste and climate harm out of the built environment and creating lasting impact. Together, we’re building a thriving planet.

Buildings are a leading contributor to the climate crisis, generating nearly 40% of total global energy-related carbon emissions. We’re making a lasting impact on our industry and within our communities by addressing the climate, affordability and equity crises through:

• renewables and energy services
• engineering and design
• construction and facility services

To get where we’re going, we need big thinkers, problem solvers and collaborative mindsets. Does that sound like you?

McKinstry is actively integrating artificial intelligence across our business and client solutions—and we’re looking for an Information Security Engineer to help ensure this adoption is secure, responsible, and defensible.

This role sits at the intersection of AI security, data privacy, and enterprise governance
. You’ll play a key role in securing AI systems, guiding AI tool adoption, and ensuring compliance with data protection agreements and privacy regulations as AI becomes embedded in how we operate.

You’ll have the opportunity to shape how AI is adopted responsibly across a complex, real‑world enterprise—working alongside security, legal, and engineering leaders to solve problems that truly matter. We value collaboration, integrity, and thoughtful risk‑taking, and we’re committed to building technology solutions that are secure, ethical, and future‑ready.

This role is based in our Seattle, WA corporate office and follows a hybrid schedule with three days onsite.

• Help design and implement security controls for AI/ML systems, GenAI tools, and LLM-based applications used across the enterprise
• Support development and maintenance of McKinstry’s AI security framework aligned with industry standards (e.g., NIST AI RMF, OWASP LLM Top 10)
• Participate in AI threat modeling and risk assessments across data ingestion, model use, and API integrations
• Help establish guardrails for enterprise AI adoption, including vendor onboarding and shadow AI detection

• Review and assess AI vendor Data Processing Agreements (DPAs) in partnership with Legal and Procurement
• Support ongoing compliance with data handling, retention, and residency obligations
• Assess AI tools against applicable privacy and compliance requirements (CCPA/CPRA, SOC 2, and similar frameworks)
• Contribute to data classification and handling standards for AI training, fine‑tuning, and inference

• Participate in security reviews for AI platforms and tools, including Microsoft Copilot and third‑party AI services
• Support AI risk assessments and vendor governance documentation for leadership visibility
• Assist with AI‑specific incident response planning and escalation scenarios
• Monitor changes in AI vendor security posture, data use policies, and sub‑processor disclosures

• Serve as a security partner to Legal, Compliance, IT, and Engineering teams on AI initiatives
• Help educate technical and business teams on secure AI usage, data minimization, and privacy‑by‑design principles
• Contribute to executive‑ready reporting on AI security posture and program maturity

• 2–3+ years of experience in cybersecurity, with exposure to AI/ML security, data privacy, or cloud security
• Hands‑on experience supporting vendor risk assessments, DPAs, or privacy reviews
• Understanding of common GenAI and LLM security risks (e.g., data leakage, prompt injection, model misuse)
• Familiarity with AI security frameworks such as NIST AI RMF, OWASP LLM Top 10, or similar
• Ability to explain security and privacy concepts to non‑technical stakeholders
• Experience working with privacy or compliance programs (CCPA/CPRA, SOC 2, or related frameworks)
• Familiarity with the Microsoft security and cloud ecosystem (Azure, Defender, Sentinel, Purview)
• Preferred certifications include: CISSP, CIPP/US, CIPM, CCSP, AZ‑500, SC‑200, or Security+