Staff Engineer Security

Job Description: Staff product security engineer will be responsible for defining, implementing, and scaling security across the full lifecycle of artificial intelligence and machine learning systems. This role will lead the design of secure AI architectures, identifies and mitigates AI-specific risks, and partners with cross-functional teams to ensure AI capabilities are developed and deployed securely and in compliance with industry standards and regulatory requirements.

Responsibilities

Identify, assess, and mitigate AI-specific security risks, including model poisoning, adversarial attacks, prompt injection, model inversion, data leakage, and supply chain vulnerabilities. Conduct threat modeling and security architecture reviews for AI/ML systems, APIs, and third-party AI services. Define and operationalize AI security standards, controls, and guardrails aligned with industry frameworks (e.g., NIST AI RMF, OWASP Top 10 for LLMs). Support development and enforcement of AI governance policies, risk management frameworks, and compliance requirements. Partner with engineering, data science, and product teams to embed security controls into AI systems throughout the development lifecycle. Evaluate and govern third-party AI vendors, platforms, and open-source models. Provide subject matter expertise and mentorship to security engineers, ML engineers, and product teams. Influence secure AI practices and drive adoption of best practices across the organization. Translate AI security risks into business impact and communicate effectively with senior leadership. Support strategic decision-making by providing risk-based recommendations and trade-off analysis. Stay current on emerging AI threats, vulnerabilities, and defense techniques. Contribute to long-term AI security strategy, roadmap development, and organizational readiness.

Qualifications

Bachelor's degree in computer science, Information Security, Engineering, or a related field (or equivalent practical experience). 10+ years of experience in application security, product security, or security engineering. Direct experience securing AI/ML systems, LLM-based applications, or data science platforms. Familiarity with AI security frameworks (e.g., NIST AI RMF, OWASP Top 10 for LLMs). Hands-on experience with secure SDLC practices (e.g., threat modeling, SAST, DAST, and penetration testing). Strong understanding of AI/ML concepts and associated security risks. Experience with cloud platforms (e.g., AWS, Azure) and modern development practices (CI/CD, DevSecOps). Knowledge of privacy, regulatory, and compliance requirements applicable to AI systems (e.g., HIPAA, SOC2, HITRUST). Experience building or deploying security tooling for AI platforms. Experience translating technical risks into business context and influencing stakeholders. Excellent communication, collaboration, and problem-solving skills. The company has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the company reserves the right to change this job description and/or assign tasks for the employee to perform, as the company may deem appropriate. NextGen Healthcare is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.