Job Description
Role Level Lead/Manager- AI Security Automation Engineering Role Type Individual Contributor Location Remote-friendly / Marriott HQ Core Stack Python Go Neo4j LLM APIs Graph Databases Frameworks
NIST AI RMF OWASP LLM
Top 10 ISO 42001 OSCAL Responsibilities:
Design review templates ("archetypes") for every major AI deployment pattern: agentic AI, conversational platforms, IoT+AI, contact center AI, and enterprise SaaS. Build intake questionnaires that auto-route submissions to the right control checklists based on deployment model (SaaS, on-prem, hybrid, multi-cloud, API-integrated). Define complexity weighting models and set measurable cycle-time targets per review type. Build LLM-powered tools that auto-draft threat models from architecture descriptions, map controls to findings, and surface cross-review risk patterns. Develop automated intake and triage pipelines - intent classification, complexity scoring, archetype detection, priority assignment - integrated with ServiceNow or Jira. Own the operational dashboards:
cycle time, queue depth, completion rate, rework rate. Design and maintain a labeled property graph ontology connecting AI patterns, controls, threats, standards, deployment paradigms, and risk tiers. Implement graph traversal queries for gap analysis (risk dimension unaddressed controls), tier compliance, and cross-pattern coverage. Export graph data to support executive reporting and audit evidence packages. Build control mapping pipelines that link review findings to AI risk dimensions and OSCAL-aligned compliance attestations. Drive alignment with EU AI Act obligations: risk classification, quality management traceability, and risk management documentation. Coordinate with assurance and risk teams on scoring handoff criteria and independent verification. Must-Have Experience 10+ years building and operating complex data models, knowledge graphs, or system architectures - especially in compliance, policy, or regulatory domains. 2+ years in cybersecurity: security assessments, threat modeling, control mapping, or risk analysis in enterprise or regulated environments. Proven track record converting manual review processes into repeatable, metrics-driven, AI-assisted operations. Experience building AI/ML automation for security, compliance, or GRC workflows - not just using tools, but engineering them. Production-grade delivery:
automation systems running at enterprise scale, not proof-of-concept only. Strong executive communication:
able to present pipeline metrics upward and threat models to architecture review boards. Technical Skills Python and Go for building automation tooling, API integrations, and data pipelines. Graph databases:
Neo4j, KuzuDB, NetworkX, openCypher, or GraphML - including ontology design and graph-based reasoning. LLM and agent frameworks:
PydanticAI, LangChain, or equivalent; experience with Claude (Bedrock), Azure OpenAI, or similar foundation model APIs. AI system architecture depth:
LLMs, RAG pipelines, MCP, vector stores, agent orchestration. Security frameworks:
NIST AI RMF, ISO 42001, NIST CSF, OWASP LLM
Top 10, OWASP Agentic Top 10, MITRE ATLAS, OSCAL.
Workflow platform APIs:
ServiceNow, Jira, or equivalent for end-to-end process automation. Education Master's or Ph.D. in Computer Science, Cybersecurity, Information Systems, or related STEM field - or equivalent experience demonstrated in role.
