Staff AI Security Engineer
Spring Health · Seattle, WA · 2 wk ago
Information Technology$208k–$251k/yrFull-time
What you’ll do
- Define and evolve our AI security strategy to protect highly sensitive mental health data across both product and corporate environments
- Lead secure design and threat modeling for AI systems including LLMs, agentic workflows, and retrieval pipelines
- Identify and mitigate risks such as prompt injection, data exfiltration, model abuse, and privilege escalation
- Build scalable AI security guardrails and tooling that enable safe experimentation across engineering and business teams
- Establish AI-specific governance frameworks covering identity, access control, auditability, and observability
- Take ownership of and lead our AI Red Team to proactively identify vulnerabilities
- Design and implement AI observability pipelines to detect anomalous model behavior and policy violations in near real-time
- Develop and operationalize AI incident response playbooks to ensure rapid containment of security events
- Partner with product and engineering teams to enable responsible AI innovation in a hyper-growth environment
- Champion a culture of secure AI development by mentoring engineers and defining high standards for the organization
What success looks like in this role
- 80% of new AI product features are threat modeled prior to GA
- 80% of AI features are tested by the AI Red Team or equivalent adversarial testing before GA
- Achieve >=70% coverage of production AI features with automated LLM vulnerability testing
- Grow participation in the AI Red Team by 10% YoY
- Develop AI incident response playbooks and conduct at least one AI-focused tabletop or live simulation per year
What you’ll bring
- 10+ years experience in a software engineering discipline, with at least 5+ years focused on security
- Hands-on experience securing AI/ML systems, including practical AI red teaming against LLMs, agentic workflows, or RAG systems
- Experience developing or implementing automated LLM vulnerability testing for prompt injection and data exfiltration
- Strong foundation in application security principles, threat modeling, secure design, and identity and access control
- Demonstrated ability to build tools and automation with a developer mindset
- Experience influencing senior engineers and cross-functional stakeholders across product, legal, and compliance
- Proven track record of mentoring engineers and cultivating a strong security culture across an organization
- Strong working knowledge of modern developer tooling, CI/CD pipelines, and git-based collaboration
- Ability to operate in ambiguity and translate emerging AI risks into pragmatic, scalable security controls
- Deep personal ownership and a passion for advancing AI security through continuous learning