Senior AI Security Engineer

Highmark Health

Olympia, WA(remote)

Apply

JOB DETAILS

SKILLS

Access Control, Amazon Web Services (AWS), Analysis Skills, Application Programming Interface (API), Applications Security, Artificial Intelligence (AI), Artificial Intelligence (AI) Agents, CISSP - Certified Information Systems Security Professional, Cloud Computing, CompTIA Security+, Computer Engineering, Computer Science, Computer Security, Continuous Deployment/Delivery, Continuous Integration, Corporate Policies, English Language, Equity Securities, Federal Laws and Regulations, Financial Services, GCP (Good Clinical Practices), HIPAA (Health Insurance Portability and Accountability Act), Health Insurance, Healthcare, Hybrid Cloud, Identity Data Management, Information Technology & Information Systems, Information/Data Security (InfoSec), Injections, Internet Security, Leadership, Legal Standards, Machine Tool, Matrix Management, Memory Hardware, Microsoft Product Family, Microsoft Windows Azure, Presentation/Verbal Skills, Production Systems, Python Programming/Scripting Language, Regulations, Regulatory Compliance, Risk, Sales Pipeline, Security Architecture, Security Infrastructure, Security Policy, Software Engineering, Software as a Service (SaaS), State Laws and Regulations, Telemetry, Test Automation, Test Design, Test Harness, Testing, U.S. National Institute of Standards and Technology (NIST), Willing to Travel, Writing Skills

LOCATION

Olympia, WA

POSTED

Today

**Company :** enGen **Job Description :** **JOB SUMMARY** This job secures AI/ML, Generative AI, and agentic systems across the enterprise by designing, testing, and operating controls that protect these systems at scale in a regulated healthcare environment. They combine hands on adversarial testing, deep understanding of LLM and agent architectures, and production security expertise to prevent, detect, and contain AI driven risk involving PHI while advising engineering and security leadership on emerging AI threats and regulatory exposure. **ESSENTIAL RESPONSIBILITIES** + Design, implement, and operate security controls for AI/ML, GenAI, and agentic systems - spanning model-level, data-level, and platform-level protections across Azure, GCP, AWS, and SaaS. + Engineer and enforce guardrails that mitigate prompt injection, unsafe outputs, unauthorized tool execution, data leakage, and insecure agentic workflow behavior, with explicit focus on PHI/PII exposure. + Design and execute AI red-team exercises targeting LLMs and AI agents including prompt injection (direct and indirect), jailbreaking, tool and memory poisoning, behavioral drift, unsafe autonomy, and emergent privilege escalation. + Analyze agent logic, tool graphs, and multi-step workflows to identify systemic security weaknesses beyond prompt-level attacks; translate findings into reusable attack libraries and actionable engineering fixes. + Build and maintain monitoring, logging, and alerting for AI systems covering prompt behavior, tool invocation patterns, output anomalies, and workflow execution - and implement detection content for policy-violating AI behavior. + Embed security controls into CI/CD pipelines and agentic delivery workflows; partner with AI platform, data engineering, and application teams to integrate security requirements from design through deployment gate. + Apply NIST AI RMF, MITRE ATLAS, and OWASP LLM Top 10 to assess and manage AI security risks; contribute to enterprise AI security standards, reference architectures, and governance policy; advise leadership on AI cybersecurity risk and regulatory considerations specific to healthcare AI deployment. + Other duties as assigned or requested. **EXPERIENCE** **Required** + 5 years of experience in Cybersecurity engineering, application security, or platform security + 3 years of experience in AI/ML or Generative AI security (prompt injection defense, unsafe output handling, tool-use abuse, data leakage) **Preferred** + 5 years of experience in Securing production systems in enterprise environments + 3 years of experience in Hybrid multi-cloud security (Azure, GCP, AWS) + 2 years of experience in Detection engineering, monitoring, and alerting for complex application or workflow environments + 2 years of experience in AI red-team execution (jailbreaking, behavioral drift, misuse-case validation; tools such as PyRIT, Promptfoo, AgentDojo + 2 years of experience in Securing agentic systems, multi-step AI workflows, or tool-calling architectures + 2 years of experience in Highly regulated industry (healthcare, financial services) with HIPAA or equivalent compliance obligations + 1 year of experience in Identity, access management, secrets handling, and runtime policy enforcement for AI workloads **SKILLS** + Deep working knowledge of AI/LLM security risks: prompt injection, unsafe outputs, tool-use abuse, data leakage, identity misuse, and agentic workflow escalation + Hands-on proficiency with AI security frameworks: NIST AI RMF, MITRE ATLAS, OWASP LLM Top 10 + Cloud security fluency across Azure, GCP, and AWS, including native security tooling (Defender for Cloud, Wiz, GCP SCC) + Adversarial testing experience with AI red-team tooling (PyRIT, Promptfoo, AgentDojo, or custom harnesses) + Detection engineering - building monitoring logic, alerting pipelines, and telemetry for AI system behavior + Proficiency in Python (or equivalent) for security automation, test harness development, and pipeline integration + Secure API design, access controls, secrets management, and environment-based deployment controls for AI workloads + HIPAA data handling requirements and PHI/PII protection considerations in AI pipelines and agentic workflows + Strong written and verbal communication - capable of producing technical findings, remediation guidance, and executive security narratives + Ability to operate effectively as a senior individual contributor in a large, matrixed healthcare organization **EDUCATION** **Required** + Bachelor's degree in Computer Science, Computer Engineering, Information Technology, Cybersecurity, or closely related discipline or relevant experience and/or education as determined by the company in lieu of bachelor's degree. **Preferred** + Master's degree in Cybersecurity, Computer Science, or a related field **LICENSES or CERTIFICATIONS** **Required** + None **Preferred** + Certified Information Security Professional (CISSP) + AWS Certified Security Specialty, Microsoft AZ-500, or Google Professional Cloud Security Engineer + AI security credentials or coursework (SANS AI Security, NIST AI RMF practitioner training) **Language (Other than English):** None **Travel Required:** 0% - 25% **PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS** **Position Type** Office-Based or Remote Position **Physical work site required** Occasionally **_Disclaimer:_** _The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job._ **_Compliance Requirement_** _: This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies._ _As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company's Handbook of Privacy Policies and Practices and Information Security Policy._ _Furthermore, it is every employee's responsibility to comply with the company's Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements._ **Pay Range Minimum:** $94,200.00 **Pay Range Maximum:** $151,000.00 _Base pay is determined by a variety of factors including a candidate's qualifications, experience, and expected contributions, as well as internal peer equity, market, and business considerations. The displayed salary range does not reflect any geographic differential Highmark may apply for certain locations based upon comparative markets._ Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law. We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below. For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org California Consumer Privacy Act Employees, Contractors, and Applicants Notice Req ID: J282128

About the Company

Highmark Health

INDUSTRY

Other/Not Classified

Resume Resources

Free Resume Templates Free Resume Builder