AI Security Engineer

IMO Health is seeking an experienced AI Security Engineer to lead the security of our AI and machine learning platforms. This role combines expertise in AI/ML security with DevSecOps best practices to protect our models, data, and infrastructure end-to-end. You will design and implement robust security controls across containerized and serverless deployments in the cloud, ensure compliance with healthcare and financial data regulations, and champion Responsible AI principles.  

WHAT YOU'LL DO:

• Lead the safe deployment of large language models (LLMs) in our infrastructure, including local/on-premise deployments. Ensure the underlying infrastructure is hardened – enforcing encryption and strict access controls to protect sensitive model data and outputs. 
• Implement and enforce data protection measures for sensitive data (e.g. PHI, PII, financial information) used by AI models. Ensure all AI solutions comply with relevant regulations and standards, including healthcare HIPAA requirements for safeguarding Protected Health Information. 
• Embed Responsible AI practices into everything we build. You’ll deploy safeguards against misuse, including techniques to detect and prevent LLM jailbreaking and other adversarial threats. 
• Identify and mitigate AI/ML risks throughout the model lifecycle—from development and training to deployment and operations—prioritizing proactive risk management and resilience. 
• Secure containerized environments by managing network policies, hardening container images and registries, configuring security controls (e.g., RBAC, Pod Security Policies), and monitoring incidents. 
• Develop and implement security measures to protect AI/ML models from attacks such as data poisoning, model extraction, adversarial attacks, model inversion, and jailbreaking. 
• Enforce strong data security practices by leveraging data encryption, access controls, anonymization, and de-identification techniques to keep our AI/ML pipelines secure. 
• Collaborate across teams—from data science to DevOps to IT security—to embed security into the fabric of our AI development. You'll provide guidance on secure MLOps and empower teams with training and best practices. 
• Promote a culture of security awareness throughout the AI lifecycle by leading security reviews, influencing secure design decisions, and communicating risks clearly to both technical and non-technical audiences.  
• Stay ahead of emerging threats and opportunities in the rapidly evolving AI/ML landscape by tracking the latest in open-source innovations, cloud services, and AI security research. 

WHAT YOU'LL NEED:

• 5+ years of experience in information security, DevSecOps, or related roles, with a strong track record of securing cloud-based and/or AI/ML systems. 
• Deep knowledge of industry standards and frameworks like the OWASP Top Ten, NIST Cybersecurity Framework, and ISO/IEC 27001. Bonus points for hands-on experience with SAST, DAST, and SCA tools – especially Snyk. 
• Proficient in coding and scripting (Python preferred) with working knowledge of machine learning frameworks and libraries such as TensorFlow, PyTorch, or scikit-learn. You know how to review ML notebooks and code for vulnerabilities and integrate security within MLOps platforms, pipelines, and CI/CD workflows. 
• Experienced in threat modeling and embedding security into developer toolchains, with a strong grasp of how to secure fast-moving development environments. 
• Comfortable working with sensitive data in regulated environments. You understand the ins and outs of data privacy and protection standards (HIPAA, GDPR, CCPA, financial data regulations) and can implement controls to stay compliant. 
• Familiar with Responsible AI practices – including content filtering, bias mitigation, and establishing guardrails to prevent model misuse – ensuring ethical and secure use of AI technologies. 
• Exposure to Agile workflows and an ability to thrive in fast-paced, iterative development cycles. 
• Exceptional communication and collaboration skills, with the ability to explain complex security topics to both technical teams and non-technical stakeholders. You're someone who can influence cross-functional teams and build trust through clarity.