Principal AI Engineer, AI Security
About the role
NSPM-11 directs the national security enterprise to adopt AI fast and assure it across the full stack, down to the data pipeline. This role is located in Colorado Springs, CO.
Responsibilities
- Serve as the AI Security technical authority on captures and bids.
- Translate mission-owner AI and AI-security requirements into solutions that win.
- Build credibility with technical buyers across the IC, DoD, and partners.
- Own AI-assurance/security roadmap for the platform, spanning model security, runtime protection, and threat modeling for AI built on Bluestaq data.
- Partner with engineering to embed assurance by design.
- Design and assure AI for the environments mission owners operate in, including disconnected, classified, and air-gapped settings where assurance cannot depend on continuous cloud connectivity.
- Threat-model AI systems against the attacks that matter at this level: adversarial inputs, model extraction and distillation, data and supply-chain poisoning, and agentic or tool-use abuse.
- Establish and carry the external voice on secure AI for national security through talks, writing, and demonstrated technical work.
- Ensure delivered AI meets the assurance, TEVV, and supply-chain standards mission owners depend on, so trust drives expansion and renewal.
- Connect AI-security work into Bluestaq's broader AI platform, so evaluation frameworks, model registries, and pipelines serve the whole program instead of a security-only silo.
- Stay ahead of AI/ML advances and bring in the ones that offer real advantage here, not the ones that just make headlines.
- Coach mission owners and non-technical stakeholders on what AI can realistically do, so expectations match reality before a program commits.
- Spot gaps in Bluestaq's AI tooling, skills, or process before they become blockers, and drive the proposals that close them.
- Hire and lead a small AI team as the pipeline grows.
Requirements
- Five or more years across AI security architecture, AI/ML engineering, or a closely related combination, with demonstrated specialization at the intersection of the two.
- Hands-on experience securing modern AI systems: LLMs, retrieval-augmented generation, and agentic or tool-using architectures, including MCP-style integrations.
- Working command of the AI threat landscape and practical countermeasures, including where those countermeasures are weak and you compensate with architecture.
- Cloud security depth, AWS preferred, including identity and workload isolation for model and inference traffic, preferably supporting large-scale Intelligence Community programs.
- Ability to translate AI risk so a customer accreditor, a security auditor, and an engineer each understand it in their own terms.
- The seniority to own a domain, set standards, and influence engineering decisions without direct authority.
- U.S. citizenship and the ability to obtain and maintain a U.S. government security clearance.
Preferred Qualifications
- Active TS/SCI.
- A public technical record in AI security: research, conference talks, open tooling, red-team writeups, or sustained content.
- Experience delivering and assuring AI in regulated or government environments.
- Familiarity with the federal AI assurance landscape, including NIST AI RMF, TEVV, and the NSPM-11 mandate.
- Secure AI/ML supply-chain experience: model and dataset provenance, third-party model risk, and the equivalent of an SBOM for models.
- Experience standing up an AI or AI-security capability from zero and growing a team into it.
Education
Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent experience. Advanced degree preferred.
Required Location & Travel
This position is remote, open to candidates based in Colorado or Virginia, with up to 12 trips per year to customer, partner, or government sites, including secure facilities.
Pay
$200,000—$300,000 USD
Clearance Requirement
This position may require the ability to obtain a TS/SCI Clearance. To be eligible for a security clearance, U.S. citizenship is required, and an employee must agree to participate in a background screen and credit check. Eligibility for a TS/SCI Clearance will be assessed as part of the onboarding process or based on programmatic needs.