Senior AI Security Engineer

JOB SUMMARY

This job secures AI/ML, Generative AI, and agentic systems across the enterprise by designing, testing, and operating controls that protect these systems at scale in a regulated healthcare environment. They combine hands on adversarial testing, deep understanding of LLM and agent architectures, and production security expertise to prevent, detect, and contain AI driven risk involving PHI while advising engineering and security leadership on emerging AI threats and regulatory exposure.

ESSENTIAL RESPONSIBILITIES

• Design, implement, and operate security controls for AI/ML, GenAI, and agentic systems spanning model-level, data-level, and platform-level protections across Azure, GCP, AWS, and SaaS.

• Engineer and enforce guardrails that mitigate prompt injection, unsafe outputs, unauthorized tool execution, data leakage, and insecure agentic workflow behavior, with explicit focus on PHI/PII exposure.

• Design and execute AI red-team exercises targeting LLMs and AI agents including prompt injection (direct and indirect), jailbreaking, tool and memory poisoning, behavioral drift, unsafe autonomy, and emergent privilege escalation.

• Analyze agent logic, tool graphs, and multi-step workflows to identify systemic security weaknesses beyond prompt-level attacks; translate findings into reusable attack libraries and actionable engineering fixes.

• Build and maintain monitoring, logging, and alerting for AI systems covering prompt behavior, tool invocation patterns, output anomalies, and workflow execution and implement detection content for policy-violating AI behavior.

• Embed security controls into CI/CD pipelines and agentic delivery workflows; partner with AI platform, data engineering, and application teams to integrate security requirements from design through deployment gate.

• Apply NIST AI RMF, MITRE ATLAS, and OWASP LLM Top 10 to assess and manage AI security risks; contribute to enterprise AI security standards, reference architectures, and governance policy; advise leadership on AI cybersecurity risk and regulatory considerations specific to healthcare AI deployment.

• Other duties as assigned or requested.

EXPERIENCE

Required

• 5 years of experience in Cybersecurity engineering, application security, or platform security

• 3 years of experience in AI/ML or Generative AI security (prompt injection defense, unsafe output handling, tool-use abuse, data leakage)

Preferred

• 5 years of experience in Securing production systems in enterprise environments

• 3 years of experience in Hybrid multi-cloud security (Azure, GCP, AWS)

• 2 years of experience in Detection engineering, monitoring, and alerting for complex application or workflow environments

• 2 years of experience in AI red-team execution (jailbreaking, behavioral drift, misuse-case validation; tools such as PyRIT, Promptfoo, AgentDojo

• 2 years of experience in Securing agentic systems, multi-step AI workflows, or tool-calling architectures

• 2 years of experience in Highly regulated industry (healthcare, financial services) with HIPAA or equivalent compliance obligations

• 1 year of experience in Identity, access management, secrets handling, and runtime policy enforcement for AI workloads

SKILLS

• Deep working knowledge of AI/LLM security risks: prompt injection, unsafe outputs, tool-use abuse, data leakage, identity misuse, and agentic workflow escalation

• Hands-on proficiency with AI security frameworks: NIST AI RMF, MITRE ATLAS, OWASP LLM Top 10

• Cloud security fluency across Azure, GCP, and AWS, including native security tooling (Defender for Cloud, Wiz, GCP SCC)

• Adversarial testing experience with AI red-team tooling (PyRIT, Promptfoo, AgentDojo, or custom harnesses)

• Detection engineering building monitoring logic, alerting pipelines, and telemetry for AI system behavior

• Proficiency in Python (or equivalent) for security automation, test harness development, and pipeline integration

• Secure API design, access controls, secrets management, and environment-based deployment controls for AI workloads

• HIPAA data handling requirements and PHI/PII protection considerations in AI pipelines and agentic workflows

• Strong written and verbal communication capable of producing technical findings, remediation guidance, and executive security narratives

• Ability to operate effectively as a senior individual contributor in a large, matrixed healthcare organization

EDUCATION

Required

• Bachelors degree in Computer Science, Computer Engineering, Information Technology, Cybersecurity, or closely related discipline or relevant experience and/or education as determined by the company in lieu of bachelor's degree.

Preferred

• Master's degree in Cybersecurity, Computer Science, or a related field

LICENSES or CERTIFICATIONS

Required

• None

Preferred

• Certified Information Security Professional (CISSP)

• AWS Certified Security Specialty, Microsoft AZ-500, or Google Professional Cloud Security Engineer

• AI security credentials or coursework (SANS AI Security, NIST AI RMF practitioner training)

Language (Other than English):

None

Travel Required:

0% - 25%

PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS

Position Type

Office-Based or Remote Position

Physical work site required

Occasionally

Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.

Compliance Requirement : This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.

As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Companys Handbook of Privacy Policies and Practices and Information Security Policy.

Furthermore, it is every employees responsibility to comply with the companys Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.

Pay Range Minimum:

Pay Range Maximum:

Base pay is determined by a variety of factors including a candidates qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations. The displayed salary range does not reflect any geographic differential Highmark may apply for certain locations based upon comparative markets.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law.

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below.

For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org

California Consumer Privacy Act Employees, Contractors, and Applicants Notice