Staff Security and AI Engineer

### Who you are
- 10+ years experience in a software engineering discipline, with at least 5+ years focused on security
- Hands-on experience securing AI/ML systems, including practical AI red teaming against LLMs, agentic workflows, or RAG systems
- Experience developing or implementing automated LLM vulnerability testing for prompt injection and data exfiltrationStrong foundation in application security principles, threat modeling, secure design, and identity and access control
- Demonstrated ability to build tools and automation with a developer mindset
- Experience influencing senior engineers and cross-functional stakeholders across product, legal, and complianceProven track record of mentoring engineers and cultivating a strong security culture across an organization
- Strong working knowledge of modern developer tooling, CI/CD pipelines, and git-based collaboration
- Ability to operate in ambiguity and translate emerging AI risks into pragmatic, scalable security controls
- Deep personal ownership and a passion for advancing AI security through continuous learning
- Not sure if you meet every requirement? If this role excites you, we encourage you to apply

### What the job involves
- We are actively seeking a Staff AI Security Engineer to join our team. Reporting to the CISO, you will define and evolve our AI security strategy to protect highly sensitive mental health data across both product and corporate environments
- Define and evolve our AI security strategy to protect highly sensitive mental health data across both product and corporate environments
- Lead secure design and threat modeling for AI systems including LLMs, agentic workflows, and retrieval pipelinesIdentify and mitigate risks such as prompt injection, data exfiltration, model abuse, and privilege escalation
- Build scalable AI security guardrails and tooling that enable safe experimentation across engineering and business teams
- Establish AI-specific governance frameworks covering identity, access control, auditability, and observability
- Take ownership of and lead our AI Red Team to proactively identify vulnerabilities
- Design and implement AI observability pipelines to detect anomalous model behavior and policy violations in near real-time
- Develop and operationalize AI incident response playbooks to ensure rapid containment of security eventsPartner with product and engineering teams to enable responsible AI innovation in a hyper-growth environment
- Champion a culture of secure AI development by mentoring engineers and defining high standards for the organization
- What success looks like in this role:
- 80% of new AI product features are threat modeled prior to GA
- 80% of AI features are tested by the AI Red Team or equivalent adversarial testing before GA
- Achieve >=70% coverage of production AI features with automated LLM vulnerability testingGrow participation in the AI Red Team by 10% YoY
- Develop AI incident response playbooks and conduct at least one AI-focused tabletop or live simulation per year

### Benefits
- Health, Dental, Vision benefits start on your first day at Spring Health. You and your dependents also receive an individual One Medical account which is valued at $199/year per user. HSA and FSA plans available
- A yearly allotment of no cost visits to the Spring Health network of therapists, coaches, and medication management providers for you and your dependents
- 10 allocated sick days per year
- Flexible paid time off in addition to 12 paid holidays throughout the year
- Access to Gympass, an on-demand virtual benefit that provides wellbeing coaching, and budget management
- Spring Renewal: When you hit your four-year Springaversary, you’ll be awarded a four week, fully paid, sabbatical leave to renew and recharge
- 4-4.5 months of fully paid parental leave
- Spring Health provides team members and their families with sponsored access to Bright Horizons® child care, back-up care, and elder care
- Access to fertility care support through Carrot, in addition to $4,000 reimbursement for related fertility expenses
- Our People team benchmarks all salaries using the Radford Global Compensation Database for technology and life sciences industries. Radford benchmarks salaries with 3,589 global firms, 6.5 million employees, and 98 countries across the globe. We do this to ensure all of our team members are paid equally and competitively
- On top of competitive and benchmarked salary, Spring Health offers incentive pay (based on role), and equity that begins vesting as we celebrate your first year with the company!
- Employer sponsored 401(k) match of up to 2% after 90 days of employment
- Flexible work arrangements: 66% of Spring Health team members work fully remote while 33% work in a hybrid model from our New York City offices
- Focus Fridays: no meetings, no distractions, just time for you to get work done
- Focus Weeks: In Spring 2023, we held our first ever Focus Week, we canceled all non-essential meetings, minimized distractions, and you, our team members, to dive into the key work that gets chopped up or deprioritized during the regular day-to-day. We saw a 36% jump in the average energized score after those five days of flow state work and are finalizing a plan for quarterly Focus Weeks for team members
- Up to $1,000 Professional Development Reimbursement per calendar year
- $200 per year donation matching to support your favorite causes