AI Security Automation Engineering - Lead

Responsibilities:

• Design review templates ("archetypes") for every major AI deployment pattern: agentic AI, conversational platforms, IoT AI, contact center AI, and enterprise SaaS.
• Build intake questionnaires that auto-route submissions to the right control checklists based on deployment model (SaaS, on-prem, hybrid, multi-cloud, API-integrated).
• Define complexity weighting models and set measurable cycle-time targets per review type.
• Build LLM-powered tools that auto-draft threat models from architecture descriptions, map controls to findings, and surface cross-review risk patterns.
• Develop automated intake and triage pipelines - intent classification, complexity scoring, archetype detection, priority assignment - integrated with ServiceNow or Jira.
• Own the operational dashboards: cycle time, queue depth, completion rate, rework rate.
• Design and maintain a labeled property graph ontology connecting AI patterns, controls, threats, standards, deployment paradigms, and risk tiers.
• Implement graph traversal queries for gap analysis (risk dimension unaddressed controls), tier compliance, and cross-pattern coverage.
• Export graph data to support executive reporting and audit evidence packages.
• Build control mapping pipelines that link review findings to AI risk dimensions and OSCAL-aligned compliance attestations.
• Drive alignment with EU AI Act obligations: risk classification, quality management traceability, and risk management documentation.
• Coordinate with assurance and risk teams on scoring handoff criteria and independent verification.

Must-Have Experience

• 10 years building and operating complex data models, knowledge graphs, or system architectures - especially in compliance, policy, or regulatory domains.
• 2 years in cybersecurity: security assessments, threat modeling, control mapping, or risk analysis in enterprise or regulated environments.
• Proven track record converting manual review processes into repeatable, metrics-driven, AI-assisted operations.
• Experience building AI/ML automation for security, compliance, or GRC workflows - not just using tools, but engineering them.
• Production-grade delivery: automation systems running at enterprise scale, not proof-of-concept only.
• Strong executive communication: able to present pipeline metrics upward and threat models to architecture review boards.

Technical Skills

• Python and Go for building automation tooling, API integrations, and data pipelines.
• Graph databases: Neo4j, KuzuDB, NetworkX, openCypher, or GraphML - including ontology design and graph-based reasoning.
• LLM and agent frameworks: PydanticAI, LangChain, or equivalent; experience with Claude (Bedrock), Azure OpenAI, or similar foundation model APIs.
• AI system architecture depth: LLMs, RAG pipelines, MCP, vector stores, agent orchestration.
• Security frameworks: NIST AI RMF, ISO 42001, NIST CSF, OWASP LLM Top 10, OWASP Agentic Top 10, MITRE ATLAS, OSCAL.
• Workflow platform APIs: ServiceNow, Jira, or equivalent for end-to-end process automation.

Education

• Master's or Ph.D. in Computer Science, Cybersecurity, Information Systems, or related STEM field - or equivalent experience demonstrated in role.