Sr AI Security Engineer

Job Title: Sr AI Security Engineer

Job Summary

We are seeking an experienced AI Security Engineer to ensure AI systems built on AWS and Azure are secure compliant and resilient with Microsoft Copilot as the primary user experience layer. The role is responsible for implementing data protection threat detection guardrails and ongoing risk monitoring across the full AI lifecycle from model development and RAG pipeline construction through to production deployment and Copilot-integrated workflows. The candidate will work closely with AI Architects AI Engineers and enterprise security teams to embed security and responsible AI principles at every layer of the AI stack.

Key Responsibilities

AI Threat Modelling & Risk Assessment

• Conduct threat modelling and security risk assessments across the AI lifecycle covering data ingestion model training RAG pipelines agent workflows and Copilot-integrated surfaces.

• Identify and mitigate AI-specific attack vectors including prompt injection jailbreaking data poisoning model inversion and adversarial inputs.

• Maintain a risk register for AI systems and drive remediation planning in collaboration with AI Architects and Engineers.

• Evaluate third-party AI components APIs and integrations for security posture before onboarding into the enterprise AI stack.

Data Protection & Privacy

• Design and enforce data protection controls across AI data pipelines on AWS and Azure including encryption at rest and in transit data masking and access controls.

• Ensure personally identifiable information (PII) and sensitive enterprise data is handled in accordance with regulatory requirements (GDPR HIPAA and equivalents).

• Implement data lineage tracking and audit logging across RAG pipelines and LLM interactions to support compliance and forensic investigations.

• Define and enforce data retention deletion and anonymisation policies for AI training data and model outputs.

Guardrails & Responsible AI

• Design and implement input and output guardrails for LLM-powered systems and Microsoft Copilot-integrated workflows to prevent harmful biased or non-compliant AI outputs.

• Configure and manage content filtering refusal policies and trust boundaries across AWS Bedrock and Azure AI Foundry AI safety controls.

• Define human-in-the-loop controls and escalation policies for high-risk AI decisions within agent workflows.

• Collaborate with AI Engineers to embed responsible AI principles including fairness transparency and accountability into deployed systems.

Cloud Security & Platform Hardening

• Harden AI infrastructure on AWS (Bedrock SageMaker IAM VPC CloudTrail) and Azure (Azure AI Foundry Azure ML Entra ID Azure Policy Defender for Cloud) against misconfigurations and unauthorised access.

• Enforce least-privilege access controls for AI services model endpoints vector databases and Copilot connectors.

• Implement network security controls including private endpoints VNet integration and API gateway policies for AI service exposure.

• Conduct regular security configuration reviews and cloud security posture assessments for AI workloads on AWS and Azure.

Threat Detection & Incident Response

• Implement monitoring and alerting for anomalous AI system behaviour including unusual query patterns prompt injection attempts and data exfiltration signals.

• Integrate AI security monitoring with enterprise SIEM and SOAR platforms using AWS CloudTrail Azure Monitor and Microsoft Sentinel.

• Lead incident response activities for AI-related security events including root cause analysis containment and post-incident review.

• Define and test business continuity and disaster recovery procedures for critical AI systems and Copilot-integrated workflows.

Compliance & Governance

• Ensure AI systems comply with relevant regulatory frameworks enterprise security policies and responsible AI standards across the full deployment lifecycle.

• Support internal and external audits of AI systems by maintaining comprehensive security documentation control evidence and risk assessment records.

• Define and maintain AI security policies standards and guidelines in alignment with AWS Well-Architected Framework and Microsoft Azure Security Benchmark.

• Collaborate with governance and compliance teams to track regulatory changes affecting AI deployments and implement timely remediation measures.

Collaboration & Security Enablement

• Partner with AI Architects and AI Engineers to embed security controls into AI solution designs and engineering pipelines from the outset.

• Provide security guidance and training to AI delivery teams on secure development practices prompt safety and data handling.

• Work with enterprise security teams to align AI security controls with the broader organisational security framework and risk appetite.

• Evaluate emerging AI security threats tools and frameworks and guide their strategic adoption within the enterprise AI programme.

Required Qualifications

• 6-10 years of experience in cybersecurity with 3 years focused on AI/ML security cloud security or data security in production environments.

• Hands-on experience securing AI workloads on AWS (Bedrock SageMaker IAM CloudTrail GuardDuty) and Azure (Azure AI Foundry Azure ML Defender for Cloud Microsoft Sentinel Entra ID).

• Strong understanding of AI-specific threats and mitigations: prompt injection data poisoning model theft adversarial attacks and LLM output risks.

• Experience designing and implementing guardrails content filtering and responsible AI controls for LLM-powered and Copilot-integrated systems.

• Knowledge of data protection regulations and frameworks including GDPR HIPAA and ISO 27001 as they apply to AI systems and data pipelines.

• Familiarity with AI governance frameworks such as NIST AI RMF EU AI Act principles and Microsoft Responsible AI Standard.

• Experience with cloud security posture management IAM policy design network security controls and SIEM/SOAR integration on AWS and Azure.

• Strong collaboration and communication skills to work effectively with AI Engineers Architects and enterprise security and compliance teams.