NextGen HealthcareRemote
Staff Engineer Security
United States of America
Full Time
1 week ago
H1B Sponsor Likely
Key skills
AI securityApplication securityProduct securitySecurity engineeringAI/ML systems securityLLM-based applications securityAI security frameworksNIST AI RMFOWASP Top 10 for LLMsSecure SDLC practicesThreat modelingSASTDASTPenetration testingAI/ML conceptsCloud platformsAWSAzureCI/CDDevSecOpsPrivacy and compliance requirementsHIPAASOC2HITRUSTSecurity tooling for AI platformsAIArtificial IntelligenceMachine LearningMLLLMSDLCLeadershipRisk ManagementCommunicationCollaborationOWASPPenetration Testing
About this role
NextGen Healthcare is a company focused on innovative healthcare solutions, and they are seeking a Staff Engineer Security to enhance the security of their artificial intelligence and machine learning systems. This role involves defining and implementing security measures throughout the development lifecycle while collaborating with various teams to ensure compliance with industry standards.
Responsibilities:
- Identify, assess, and mitigate AI-specific security risks, including model poisoning, adversarial attacks, prompt injection, model inversion, data leakage, and supply chain vulnerabilities
- Conduct threat modeling and security architecture reviews for AI/ML systems, APIs, and third-party AI services
- Define and operationalize AI security standards, controls, and guardrails aligned with industry frameworks (e.g., NIST AI RMF, OWASP Top 10 for LLMs)
- Support development and enforcement of AI governance policies, risk management frameworks, and compliance requirements
- Partner with engineering, data science, and product teams to embed security controls into AI systems throughout the development lifecycle
- Evaluate and govern third-party AI vendors, platforms, and open-source models
- Provide subject matter expertise and mentorship to security engineers, ML engineers, and product teams
- Influence secure AI practices and drive adoption of best practices across the organization
- Translate AI security risks into business impact and communicate effectively with senior leadership
- Support strategic decision-making by providing risk-based recommendations and trade-off analysis
- Stay current on emerging AI threats, vulnerabilities, and defense techniques
- Contribute to long-term AI security strategy, roadmap development, and organizational readiness
Requirements:
- Bachelor's degree in computer science, Information Security, Engineering, or a related field (or equivalent practical experience)
- 10+ years of experience in application security, product security, or security engineering
- Direct experience securing AI/ML systems, LLM-based applications, or data science platforms
- Familiarity with AI security frameworks (e.g., NIST AI RMF, OWASP Top 10 for LLMs)
- Hands-on experience with secure SDLC practices (e.g., threat modeling, SAST, DAST, and penetration testing)
- Strong understanding of AI/ML concepts and associated security risks
- Experience with cloud platforms (e.g., AWS, Azure) and modern development practices (CI/CD, DevSecOps)
- Knowledge of privacy, regulatory, and compliance requirements applicable to AI systems (e.g., HIPAA, SOC2, HITRUST)
- Experience building or deploying security tooling for AI platforms
- Experience translating technical risks into business context and influencing stakeholders
- Excellent communication, collaboration, and problem-solving skills