JobTarget Logo

Senior AI Security Engineer in Washington, District of Columbia at CAQH

NewJob Function: Engineering
CAQH
Washington, District of Columbia, 20006, United States
Posted on
New job! Apply early to increase your chances of getting hired.

Explore Related Opportunities

Job Description

CAQH


Position Summary
The Senior AI Security Engineer is the organizational authority on securing AI-driven technology. As end-to-end application delivery has shifted to large language model (LLM)-driven development, the traditional SDLC security model no longer applies. This role designs and enforces security across the full AI delivery surface: model configuration and risk, prompt pipelines, agentic workflows, data ingestion and ETL, cloud-native infrastructure, and the identity and access controls that underpin all of it. The AI Security Engineer embeds security into the build process itself, partners across engineering and data teams, and translates AI-specific threat knowledge into practical, enforceable controls.

The Senior AI Security Engineer is a full-time, remote, exempt position and reports to the Sr. Director, Security Architecture and Operations.

Specific Responsibilities

This role spans the full security lifecycle for AI systems from architecture and identity design through build, runtime, and incident response.

  • Threat modeling and risk assessment: Lead threat modeling for AI capabilities, agentic features, and integrations. Maintain a living threat model aligned to OWASP Top 10 for LLMs, MITRE ATLAS, and NIST AI RMF, and translate findings into prioritized, actionable controls.
  • Secure architecture: Own and maintain the AI security reference architecture covering model hosting, orchestration, tool use, MCP server deployments, and observability. Establish security patterns for new capabilities before they reach production.
  • AI model and pipeline security: Evaluate foundation models for data-leakage risk and supply-chain provenance. Harden prompt pipelines against injection, jailbreaking, and context poisoning. Secure fine-tuning pipelines, RAG architectures, and embedding stores with appropriate access controls and poisoning detection.
  • Agentic AI security: Define trust boundaries, tool call authorization, privilege scoping, and human-in-the-loop escalation policies for multi-agent systems. Ensure agents operate under least-privilege identities with revocable, short-lived credentials.
  • AI-generated code and build security: Establish review, testing, and gating processes for AI-generated code across frontend, backend, IaC, and CI/CD. Embed security requirements and policy-as-code checks directly into Claude system prompts and project instructions used for development. Enforce SCA/SBOM generation, dependency allowlisting, and secrets management for all LLM-driven build outputs.
  • Identity and access management: Define and enforce identity patterns for both human and non-human (agent) identities. Apply zero-trust principles to all model API calls, vector store queries, and external tool invocations. Every request must be authenticated, authorized, and logged. Architect OAuth/OIDC delegation patterns for agentic flows with bounded scopes and session limits.
  • Data protection and ETL security: Classify and control data flowing into LLM context windows, vector databases, and training pipelines. Secure ETL and ingestion pipelines against poisoning and schema drift. Enforce masking, tokenization, and access controls to prevent regulated data (PII, PHI, PCI) from appearing in model inputs, outputs, or logs. Extend DLP coverage to LLM prompt submissions and completions.
  • Detection, monitoring, and response: Instrument AI infrastructure with behavioral telemetry. Write detection rules for prompt injection attempts, anomalous agent behavior, and data exfiltration through LLMs. Serve as SME for AI-related security incidents, including model abuse, pipeline compromise, and agentic runaway actions.
  • Compliance and audit: Support SOC 2, HIPAA, ISO 27001, and NIST AI RMF compliance as applied to AI systems. Maintain control mappings, evidence, and audit documentation. Evaluate and deploy AI-specific security tooling (LLM firewalls, guardrail frameworks, agent monitoring) and integrate with SIEM/SOAR.

Skills

  • Secure coding knowledge across languages commonly produced by AI-driven workflows: Python, TypeScript/JavaScript, SQL, and IaC (Terraform/Bicep).
  • Strong command of identity protocols: OAuth 2.0, OIDC, SAML, SCIM, and their application to non-human identities.
  • Prompt engineering sufficient to construct and evaluate adversarial prompts for testing.
  • Experience with SIEM, CSPM, and runtime application security tools; ability to write detection logic and correlation rules.
  • Data security controls: encryption, tokenization, DLP, and secrets management (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault).
  • Scripting and automation skills for building internal security tooling (Python preferred).
  • Custom CI/CD security gate development — policy checks written from scratch, not scanner configuration
  • Vector database internals (pgvector, Pinecone, Weaviate) — access controls, audit logging, poisoning detection.
  • Red team automation for LLMs — adversarial prompt generation and evasion testing at scale
  • Deep familiarity with AI orchestration frameworks (LangChain, LangGraph, AutoGen, Claude Agent SDK, or similar) and their security characteristics.
  • Engineer programmatic agent kill-switch and rollback mechanisms triggered by behavioral thresholds
  • Track record delivering security architecture artifacts: threat models, reference architectures, security requirements, and control frameworks.
  • Build secure memory and context management layers for multi-agent systems — encryption, access scoping, and TTL enforcement

Experience & Education

  • 8+ years of progressive information security experience across architecture, application security, identity, and data domains.
  • Hands-on use of Claude for application development, including system prompt design, tool-use configuration, and multi-agent orchestration.
  • Experience with the Model Context Protocol (MCP) ecosystem and securing MCP server deployments.
  • Red team or adversarial AI testing experience: model evasion, adversarial examples, jailbreak research.
  • Background in a regulated industry with data sensitivity requirements, healthcare a plus.
  • Contributions to AI security open-source projects, published research, or conference presentations (DEF CON AI Village, Black Hat, NeurIPS).
  • Demonstrated success securing AI/ML systems, LLM applications, or agentic AI platforms in a production environment.
  • Demonstrated experience building or securing applications developed substantially through LLM-assisted code generation (Claude, Copilot, Cursor, or equivalent).
  • Cloud-native security experience on at least one major provider (AWS, Azure, GCP), including IAM policy design, network segmentation, and secrets management.
  • Demonstrated success automating adversarial testing infrastructure include jailbreak suites, prompt injection harnesses, and regression pipelines tied to model and prompt changes
  • Relevant certifications: CISSP, CCSP, OSCP, AWS/Azure Security Specialty, or emerging AI security credentials.

Who We Are

DataSpring is the trusted data connector at the core of healthcare. For more than 25 years, we have powered the industry with the largest and most complete healthcare data foundation in the U.S., including more than 4.8 million provider data records sourced directly from providers and member data representing 75% of covered lives supplied by health plans. By improving how essential information flows across the system, DataSpring helps healthcare operate more efficiently, accurately, and with greater confidence.

What You Get

At DataSpring, you will do meaningful work at the intersection of healthcare, data, and technology, helping solve complex problems that make the healthcare system work better. You will collaborate with experienced professionals who care deeply about accuracy, trust, and meaningful impact in a fully remote environment.

DataSpring offers competitive compensation and a comprehensive benefits package for full-time employees, including medical, dental, and vision coverage, a 401(k) with company contributions and matching, paid parental leave, tuition assistance, and generous paid time off. We are committed to investing in our people and supporting professional growth over time.

Equal Opportunity Employer

DataSpring is proud to be an equal opportunity employer and is committed to fostering a workplace where all individuals are valued, respected, and empowered.

Employment decisions at DataSpring are made without regard to race, color, religion, sex, national origin or ancestry, age, marital status, disability, protected veteran status, personal appearance, sexual orientation, gender identity or expression, familial status, family responsibilities, matriculation, political affiliation, genetic information, source of income, place of residence, or any other characteristic protected by law. DataSpring does not tolerate unlawful discrimination or harassment of any kind.

Applicants have rights under the Family and Medical Leave Act (FMLA), Equal Employment Opportunity (EEO), and the Employee Polygraph Protection Act (EPPA). If you need a reasonable accommodation to apply for a posted position, please contact the DataSpring People & Culture team at Careers@dataspring.org or 202-517-0436.


The pay range for this role is:
180,000 - 195,000 USD per year(Remote (United States))Equal Employment Opportunity/M/F/disability/protected veteran status

Job Location

Washington, District of Columbia, 20006, United States

Frequently asked questions about this position

Similar Jobs In Washington, District of Columbia

Urgently Hiring

Senior Copier Account Executive

Canon U.S.A., Inc.
Arlington, Virginia
Hot Job

Electronic Security Service Technician

Active Security Consulting LLC
Sterling, Virginia

Homeland Security and Policy Planner ll or lll

Metropolitan Washington Council of Governments
Washington, District of Columbia

Executive Support Specialist

Cogent Security LLC
Washington, District of Columbia

Security Specialist - Industrial

Protection Strategies Inc
Springfield, Virginia

Apply NowYour application goes straight to the hiring team