AI Infosec Engineer

Remote • Posted 1 hour ago • Updated 1 hour ago
Contract W2
Contract Independent
Contract Corp To Corp
No Travel Required
Remote
$50 - $60/hr
Company Branding Image
Fitment

Dice Job Match Score™

🤯 Applying directly to the forehead...

Job Details

Skills

  • API
  • ATLAS
  • Access Control
  • Artificial Intelligence
  • Auditing
  • Authentication
  • Autogen
  • Cadence
  • Cloud Computing
  • Code Review
  • Command-line Interface
  • Cyber Security
  • DLP
  • Data Flow
  • Data Masking
  • Data Processing
  • Data Retention
  • Health Informatics
  • Generative Artificial Intelligence (AI)
  • Hardening
  • HIPAA
  • Health Care
  • IDE
  • Data Science
  • Embedded Systems
  • Extraction
  • FOCUS
  • File Systems
  • GitHub
  • Identity Management
  • Information Security
  • Interfaces
  • LangChain
  • Large Language Models (LLMs)
  • Microsoft Certified Professional
  • Network Security
  • OIDC
  • Onboarding
  • Machine Learning (ML)
  • Management
  • Microsoft
  • Regulatory Compliance
  • Risk Assessment
  • Microsoft Azure
  • Network
  • OAuth
  • Orchestration
  • SAP GRC
  • SIEM
  • Policy Administration
  • RMF
  • Risk Management
  • Risk Management Framework
  • SAML
  • SQL
  • SSL
  • Security Analysis
  • Semantics
  • Servers
  • Shell
  • Snow Flake Schema
  • Software Engineering
  • Storage
  • Supply Chain Management
  • System Security
  • TLS
  • Technology Assessment
  • Threat Analysis
  • Threat Modeling
  • Training
  • WAF
  • Workflow

Summary

The Job

The AI Security Engineer (GRC) serves as the organization's dedicated subject matter expert at the intersection of artificial intelligence and cybersecurity within a regulated healthcare environment. This role is responsible for evaluating AI vendors and technologies, establishing and enforcing secure AI implementation standards, and providing hands-on guidance to development and engineering teams adopting AI platforms such as Microsoft Copilot Studio, Azure AI Foundry, Snowflake Cortex, Claude Code, and other large language model (LLM)-powered tooling.

Operating within the HIPAA-regulated landscape, this analyst will ensure AI integrations including Model Context Protocol (MCP) servers, agentic workflows, command-line interfaces (CLIs), APIs, and third-party AI extensions are architected and deployed in a manner consistent with NIST AI RMF, HITRUST, and organizational security policies. The role acts as a trusted advisor, security gatekeeper, and enabler for responsible AI adoption across the enterprise.

You Will

1. AI Vendor & Technology Evaluation

  • Lead structured security assessments of AI vendors, platforms, and tools prior to organizational adoption or renewal
  • Evaluate vendor data handling practices, model training transparency and data residency
  • Assess the security posture of AI platforms including:
  • Microsoft Copilot Studio plugin trust boundaries, connector authentication, Power Platform DLP policies
  • Azure AI Foundry model deployment pipelines, private endpoint configuration, managed identity usage
  • Snowflake Cortex data access controls in AI-generated SQL, Snowpark security, role-based privilege enforcement, Cortex function access policies, and query result exposure risks
  • Claude Code & Anthropic APIs system prompt injection risks, tool use / agentic permissions, data retention settings
  • GitHub Copilot, Cursor, and other AI-assisted development tools code telemetry and secret leakage exposure
  • Produce written Vendor Security Assessment Reports (VSARs) including risk ratings, compensating controls, and recommendations
  • Maintain an AI technology registry with risk classifications and review cadence schedules

2. Secure AI Implementation Guidance for Development Teams

  • Serve as the embedded security advisor to software engineering, data science, and clinical informatics teams adopting AI tooling
  • Define and enforce secure-by-default configurations for AI development environments and agentic systems
  • Review and approve MCP server configurations, ensuring:
  • Tool definitions follow least-privilege principles no excessive file system, network, or shell access
  • Server authentication uses OAuth 2.0 / mTLS and does not rely on static API keys stored in plaintext
  • Transport layer security (TLS 1.2+) is enforced on all MCP server communications
  • Prompt injection attack surfaces are identified and mitigated in tool descriptions and system prompts
  • Logging and audit trails are enabled for all MCP tool invocations touching PHI or sensitive data
  • Establish CLI security standards for AI-assisted development tools (Claude Code CLI, GitHub Copilot CLI, Azure Developer CLI), including credential hygiene, shell history scrubbing, and token scope minimization
  • Conduct secure code review for AI integration code with focus on prompt injection, insecure deserialization, and unsafe agentic action chains
  • Develop and maintain a library of reference architectures, secure configuration templates, and implementation checklists for approved AI platforms

3. AI Risk Management & Compliance

  • Maintain the organization's AI Risk Register aligned with NIST AI RMF (Govern, Map, Measure, Manage)
  • Ensure AI deployments comply with HIPAA Security Rule (45 CFR 164), HITECH Act obligations, and applicable state privacy laws
  • Conduct AI-specific Threat Modeling (STRIDE / PASTA) and red-team exercises targeting:
  • Prompt injection and jailbreak scenarios
  • Indirect prompt injection via external data sources (email, documents, web retrieval)
  • Model inversion and membership inference attacks on fine-tuned healthcare models
  • Data exfiltration through agentic tool chains
  • Track emerging AI threats and threat actor TTPs relevant to healthcare AI systems via MITRE ATLAS and sector ISACs
  • Participate in AI governance committee meetings and contribute AI security perspectives to organizational AI policies

4. Security Integration Reviews

  • Review AI integration architectures for network segmentation, data flow, and trust boundary enforcement
  • Validate that PHI is never transmitted to external AI models without de-identification or explicit BAA coverage
  • Assess retrieval-augmented generation (RAG) architectures for unauthorized data access and embedding extraction risks
  • Evaluate agentic AI workflows and multi-agent orchestration systems for privilege escalation and uncontrolled action chains
  • Provide security sign-off on AI infrastructure as part of the Change Advisory Board (CAB) process

5. Training, Awareness & Policy

  • Develop AI security training curricula for developers, data engineers, clinical staff, and IT personnel
  • Author and maintain AI security policies including: Acceptable Use of Generative AI, AI Vendor Onboarding Standards, MCP and Agentic System Security Policy, and Sensitive Data Handling in AI Contexts
  • Publish internal guidance and threat intelligence briefings tailored to clinical and technical audiences

Your Qualifications

  • Bachelor s degree in Cybersecurity, Computer Science, Information Systems, or a closely related field
  • Master s degree preferred; equivalent professional experience considered
  • 7+ years of progressive experience in information security, with a minimum of 2 years focused on AI/ML security or applied AI technology evaluation
  • Demonstrated hands-on experience with one or more of the following: Copilot Studio, Azure AI Foundry, Claude / Anthropic APIs, OpenAI API, GitHub Copilot, or LLM agentic frameworks (LangChain, AutoGen, Semantic Kernel)
  • Experience working in a HIPAA-regulated environment; healthcare industry background strongly preferred
  • Proven track record conducting vendor risk assessments and producing executive-level risk documentation
  • Deep understanding of LLM attack surface: prompt injection, indirect prompt injection, system prompt extraction, and model manipulation
  • Familiarity with AI red-teaming methodologies and tools (Garak, PyRIT, PromptBench)
  • Knowledge of OWASP Top 10 for LLM Applications
  • Understanding of AI model lifecycle risks: training data poisoning, supply chain risks in model registries (Hugging Face, Azure Model Catalog)
  • Ability to audit and secure Model Context Protocol (MCP) server implementations including:
  • Reviewing tool definitions and permissions for least-privilege violations
  • Validating authentication mechanisms (no hardcoded credentials, proper token scoping)
  • Assessing stdio vs. SSE transport security implications
  • Identifying SSRF and command injection risks in custom MCP tool implementations
  • Experience securing AI CLIs including credential storage, environment variable exposure, and shell integration risks
  • Knowledge of agentic permission models understanding when AI agents should require human-in-the-loop approval
  • Ability to evaluate multi-step AI workflow chains for unintended capability escalation
  • Microsoft Copilot Studio: Plugin manifest security review, connector authentication, sensitivity label enforcement
  • Azure AI Foundry: Managed identity configuration, private endpoints, content filtering policy management, model deployment governance
  • Snowflake Cortex: Securing AI-generated SQL and Cortex LLM functions, Snowpark container security, column-level data masking, network policy enforcement, and OAuth integration for service accounts
  • Claude Code: System prompt construction, tool-use permission hardening, CLI credential isolation, API key scoping
  • GitHub Copilot Enterprise: Telemetry settings, suggestion filtering for secrets, IDE extension trust policies
  • Strong grounding in identity and access management OAuth 2.0, OIDC, SAML, managed identities, workload identity federation
  • API security: authentication schemes, rate limiting, input validation, and output sanitization for AI endpoints
  • Network security: micro-segmentation, private endpoints, WAF configuration for AI service ingress
  • SIEM/SOAR integration for AI audit log ingestion, anomaly detection, and automated response
  • Threat modeling methodologies: STRIDE, PASTA, and application of MITRE ATT&CK and ATLAS frameworks
  • Thorough understanding of HIPAA Security Rule requirements and how they apply to AI data processing pipelines
  • Experience with HITRUST CSF controls relevant to AI and cloud-based processing of ePHI
  • Practical knowledge of NIST AI Risk Management Framework (AI RMF) Govern, Map, Measure, Manage functions
  • Familiarity with EU AI Act classifications and their implications for healthcare AI systems (high-risk AI designation)
  • Experience reviewing BAAs and DPAs for AI vendor engagements

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 91164179
  • Position Id: 9016204
  • Posted 1 hour ago

Company Info

About NEXIFY INFOSYSTEMS LLC

At Nexify InfoSystems, we go beyond the conventional definitions of consulting and staffing—we are the architects of transformation, shaping the future of businesses with innovation, precision, and impact. Our dedicated team of industry experts and certified professionals is committed to delivering cutting-edge IT solutions that span a broad spectrum of capabilities, including Automation, Artificial Intelligence, Data Engineering, Cloud Computing, Cybersecurity, Technology Consulting, and Advanced Talent Screening. With a foundation rooted in excellence and a relentless drive for innovation, we develop bespoke strategies designed to help businesses realize their full potential. Whether navigating complex challenges or seizing emerging opportunities, our approach ensures that every solution is aligned with your unique vision and objectives.

At Nexify, we believe in building lasting relationships anchored in trust, collaboration, and measurable impact. We don’t just address immediate needs or challenges; we create sustainable pathways to growth and success. By turning complexity into opportunity, we deliver solutions that not only solve problems but also position businesses for long-term resilience and leadership in their industries.

Our partnerships represent a legacy of success, a testament to our unwavering commitment to delivering enduring value. Together, let’s transform your aspirations into actionable outcomes and redefine what’s possible for your organization. With Nexify InfoSystems, the future isn’t just anticipated—it’s designed.

About_Company_OneAbout_Company_Two
Contact the job poster
BA

Barath Anantharaj

Recruiter @ NEXIFY INFOSYSTEMS LLC
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

It looks like there aren't any Similar Jobs for this job yet.

Search all similar jobs