AI Security Engineer

J.S. Held a global consulting firm providing specialized technical scientific financial and advisory services is seeking an AI Security Engineer is a senior handson technical role responsible for designing engineering and operationalizing AI security across J.S. Helds enterprise.

This role serves as the central Cyber Security owner for all AI Security ensuring AI technologies are securely designed implemented and operated across AIenabled thirdparty applications internal AI agents models MCP RAG architectures training and finetuning pipelines and supporting AI platforms.

The role balances handson engineering solution design and architectural leadership. While expected to influence standards patterns and roadmaps this is not a purely strategic rolethe engineer will actively design and enable controls.

Role weighting:

• 70% AI Security Engineering (primary)
• 30% Data Security Engineering (secondary) with emphasis on Microsoft Purview especially where enterprise data is used by AI systems.

Core Responsibilities

AI Security Engineering (Primary 70%)

AI Security Architecture & Guardrails

• Define and evolve the enterprise AI Security Architecture guardrails and security requirements aligned to business objectives.
• Establish securebydesign patterns across AI development deployment and operations including requirements for hardening hosting access control monitoring and testing.

Platform & Engineering Enablement (HandsOn)

• Design and engineer security controls for:
  • AIenabled SaaS applications
  • Internal AI agents and automation workflows
  • Model hosting inference services APIs and orchestration layers
  • RAG architectures vector databases and embeddings
  • Model training and finetuning pipelines
  • MCP and agenttoagent interaction patterns

AI Identity Authentication & Authorization

• Extend identity and access principles to nonhuman identities and autonomous agents.
• Treat AI agents as firstclass identities defining authentication authorization lifecycle management and revocation.
• Implement delegated and onbehalfof authorization patterns to distinguish humaninitiated actions from agentinitiated actions.
• Apply leastprivilege and scopelimiting controls to prevent privilege escalation in automated and multiagent workflows.

Threat Modeling & Risk Reduction

• Identify and mitigate AIspecific risks including data leakage prompt injection jailbreaks model abuse data poisoning model extraction and AI supplychain risk.
• Ensure appropriate security testing and validation is embedded into AI development and deployment workflows.

Monitoring & Incident Readiness

• Define logging monitoring and detection requirements for AI systems models and agent activity.
• Partner with SecOps to ensure AIrelated events are observable auditable and actionable.
• Support incident response and postincident analysis for AIrelated security events.

CrossFunctional Delivery

• Work closely with IAM SecOps AppSec GRC IT engineering AI platform teams and business stakeholders to embed security controls where they belong.

Data Security Engineering (Secondary 30%)

Data Protection & Governance

• Design and enhance enterprise data security controls with a focus on AIdriven data access.
• Implement and optimize Microsoft Purview including data classification sensitivity labeling DLP information protection and visibility.

AIAware Data Security

• Ensure data security controls are aligned to AI architectures reducing risk of sensitive data exposure via prompts agents outputs and downstream sharing.
• Support secure use of enterprise data in RAG pipelines AI workflows and training environments.

MultiPlatform Data Flows

• Contribute to data protection strategies across collaboration platforms cloud services and endpoints ensuring consistent enforcement where possible.

Qualifications :

Required Qualifications

• 8 years of experience in cybersecurity engineering cloud security application security or data security
• Direct handson experience with Azure AI Foundry and Copilot Studio in enterprise environments
• Strong experience securing cloud and SaaS platforms (Azure preferred)
• Deep understanding of identity access control data protection and secure application/API design
• Proven ability to translate security requirements into practical deployable controls

Preferred Qualifications

• Experience securing generative AI LLMbased systems and agentic architectures
• Experience with Microsoft Copilot Administration Anthropic and other AI platforms (e.g. OpenAI ecosystems)
• Experience with Microsoft Purview (sensitivity labels/information protection DLP Insider Risk Management)
• Familiarity with RAG architectures vector databases embeddings and MCP integrations
• Scripting or automation experience (e.g. Python or PowerShell) to integrate security controls into engineering workflows
• Strong crossfunctional communication and influence skills

Additional Information :

Some of the Benefits We Have Include

J.S. Held understands all our employees are people and sometimes life needs flexibility. We work to always provide an environment that best supports and suits our teams needs.

• Our flexible work environment allows employees to work remotely when needed
• Generous Annual Leave Policy
• Comprehensive Medical Insurance

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities duties or responsibilities required of the employee for this job. Duties responsibilities and activities may change at any time with or without notice.

By submitting your application you acknowledge that you have read the J.S. Held Online Privacy Notice and hereby freely and unambiguously give informed consent to the collection processing use and storage of your personal information as required and described therein. California residents can click here to learn more about the personal information we collect and here to learn about additional privacy rights that may be available.

Please explore what were all about at .

EEO and Job Accommodations

We embrace diversity and our commitment to building a team and environment that fosters professional and personal enrichment is unwavering. We are greater when we are equal!

J.S. Held is an equal opportunity employer that is committed to hiring a diverse workforce. All qualified applicants will receive consideration for employment without regard to sex gender identity sexual orientation race color religion national origin disability protected Veteran status age or any other characteristic protected by law.

If you are an individual with a disability and would like to request for a reasonable accommodation please email and include Applicant Accommodation within the subject line with your request and contact information.

#LI-SC1

Remote Work :

Yes

Employment Type :

Full-time