Jobs · Information Technology · Washington

Staff AI Security Engineer

Spring Health · Seattle, WA · 2 wk ago
Information Technology$208k–$251k/yrFull-time

What you’ll do

  • Define and evolve our AI security strategy to protect highly sensitive mental health data across both product and corporate environments
  • Lead secure design and threat modeling for AI systems including LLMs, agentic workflows, and retrieval pipelines
  • Identify and mitigate risks such as prompt injection, data exfiltration, model abuse, and privilege escalation
  • Build scalable AI security guardrails and tooling that enable safe experimentation across engineering and business teams
  • Establish AI-specific governance frameworks covering identity, access control, auditability, and observability
  • Take ownership of and lead our AI Red Team to proactively identify vulnerabilities
  • Design and implement AI observability pipelines to detect anomalous model behavior and policy violations in near real-time
  • Develop and operationalize AI incident response playbooks to ensure rapid containment of security events
  • Partner with product and engineering teams to enable responsible AI innovation in a hyper-growth environment
  • Champion a culture of secure AI development by mentoring engineers and defining high standards for the organization

What success looks like in this role

  • 80% of new AI product features are threat modeled prior to GA
  • 80% of AI features are tested by the AI Red Team or equivalent adversarial testing before GA
  • Achieve >=70% coverage of production AI features with automated LLM vulnerability testing
  • Grow participation in the AI Red Team by 10% YoY
  • Develop AI incident response playbooks and conduct at least one AI-focused tabletop or live simulation per year

What you’ll bring

  • 10+ years experience in a software engineering discipline, with at least 5+ years focused on security
  • Hands-on experience securing AI/ML systems, including practical AI red teaming against LLMs, agentic workflows, or RAG systems
  • Experience developing or implementing automated LLM vulnerability testing for prompt injection and data exfiltration
  • Strong foundation in application security principles, threat modeling, secure design, and identity and access control
  • Demonstrated ability to build tools and automation with a developer mindset
  • Experience influencing senior engineers and cross-functional stakeholders across product, legal, and compliance
  • Proven track record of mentoring engineers and cultivating a strong security culture across an organization
  • Strong working knowledge of modern developer tooling, CI/CD pipelines, and git-based collaboration
  • Ability to operate in ambiguity and translate emerging AI risks into pragmatic, scalable security controls
  • Deep personal ownership and a passion for advancing AI security through continuous learning

Similar jobs