EXPERIENCE** **Required** + 5 years of experience in Cybersecurity engineering, application security, or platform security + 3 years of experience in AI/ML or Generative AI security (prompt injection defense, unsafe output handling, tool-use abuse, data leakage) **Preferred** + 5 years of experience in Securing production systems in enterprise environments + 3 years of experience in Hybrid multi-cloud security (Azure, GCP, AWS) + 2 years of experience in Detection engineering, monitoring, and alerting for complex application or workflow environments + 2 years of experience in AI red-team execution (jailbreaking, behavioral drift, misuse-case validation; tools such as PyRIT, Promptfoo, AgentDojo + 2 years of experience in Securing agentic systems, multi-step AI workflows, or tool-calling architectures + 2 years of experience in Highly regulated industry (healthcare, financial services) with HIPAA or equivalent compliance obligations + 1 year of experience in Identity, access management, secrets handling, and runtime policy enforcement for AI workloads **SKILLS** + Deep working knowledge of AI/LLM security risks: prompt injection, unsafe outputs, tool-use abuse, data leakage, identity misuse, and agentic workflow escalation + Hands-on proficiency with AI security frameworks: NIST AI RMF, MITRE ATLAS, OWASP LLM Top 10 + Cloud security fluency across Azure, GCP, and AWS, including native security tooling (Defender for Cloud, Wiz, GCP SCC) + Adversarial testing experience with AI red-team tooling (PyRIT, Promptfoo, AgentDojo, or custom harnesses) + Detection engineering - building monitoring logic, alerting pipelines, and telemetry for AI system behavior + Proficiency in Python (or equivalent) for security automation, test harness development, and pipeline integration + Secure API design, access controls, secrets management, and environment-based deployment controls for AI workloads + HIPAA data handling requirements and PHI/PII protection considerations in AI pipelines and agentic workflows + Strong written and verbal communication - capable of producing technical findings, remediation guidance, and executive security narratives + Ability to operate effectively as a senior individual contributor in a large, matrixed healthcare organization **EDUCATION** **Required** + Bachelor's degree in Computer Science, Computer Engineering, Information Technology, Cybersecurity, or closely related discipline or relevant experience and/or education as determined by the company in lieu of bachelor's degree. **Preferred** + Master's degree in Cybersecurity, Computer Science, or a related field **LICENSES or CERTIFICATIONS** **Required** + None **Preferred** + Certified Information Security Professional (CISSP) + AWS Certified Security Specialty, Microsoft AZ-500, or Google Professional Cloud Security Engineer + AI security credentials or coursework (SANS AI Security, NIST AI RMF practitioner training) **Language (Other than English):** None **Travel Required:** 0% - 25% **PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS** **Position Type** Office-Based or Remote Position **Physical work site required** Occasionally **_Disclaimer:_** _The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title.