Job Description

Job Title: AI Security Engineer (GRC)

Location: Remote

Employment Type: W2 Only (No OPT)

We are seeking an experienced AI Security Engineer (GRC) to lead secure AI adoption within a HIPAA-regulated healthcare environment. This role will act as a subject matter expert at the intersection of AI and cybersecurity, focusing on vendor risk assessment, secure implementation, and governance of AI/LLM platforms.

Key Responsibilities:

• Conduct security assessments of AI vendors and tools prior to adoption

• Evaluate data handling, model transparency, and compliance posture of AI platforms

• Provide secure implementation guidance for AI tools including Copilot Studio, Azure AI, Snowflake Cortex, and LLM-based systems

• Review and secure AI integrations such as APIs, MCP servers, agentic workflows, and CLIs

• Enforce secure configurations, authentication standards, and least-privilege access controls

• Perform AI threat modeling, risk assessments, and red-team exercises

• Maintain AI risk register aligned with NIST AI RMF

• Ensure compliance with HIPAA, HITECH, and security policies

• Review AI architecture for data security, PHI protection, and trust boundaries

• Support governance, security approvals, and CAB processes for AI deployments

• Develop security policies, standards, and training for AI adoption

Required Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, or related field

• 7+ years of experience in Information Security

• 2+ years of experience in AI/ML security or AI technology evaluation

• Hands-on experience with AI tools such as Azure AI, Copilot, OpenAI/Claude APIs, or similar

• Strong knowledge of AI/LLM security risks (prompt injection, data leakage, model attacks)

• Experience with vendor risk assessments and security documentation

• Understanding of frameworks: NIST AI RMF, HITRUST, OWASP (LLM Top 10)

• Experience in HIPAA-regulated environments (Healthcare preferred)

Technical Skills:

• Identity & Access Management (OAuth2, OIDC, SAML)

• API and Network Security

• AI/LLM frameworks (LangChain, AutoGen, Semantic Kernel)

• Threat modeling (STRIDE, PASTA)

• Cloud security (Azure preferred)

• SIEM/SOAR and logging practices

Nice to Have:

• Experience with AI red-teaming tools (Garak, PyRIT, PromptBench)

• Knowledge of MITRE ATT&CK / ATLAS

• Familiarity with EU AI Act and healthcare AI regulations

• Experience securing AI CLIs and agentic workflows