EMCOR Group

EMCOR Group is a Fortune 500 company self-described as a leader in the construction and facilities services industry. The team of 33,000+ associates spanning 17

AI Security Engineer

Location

United States

Posted

4 days ago

Salary

$134K - $171K / year

Seniority

Mid Level

Job Description

AI Security Engineer

EMCOR Group

Role Description EMCOR Group, Inc. seeks an AI Security Engineer who will be responsible for securing the organization’s artificial intelligence capabilities—including GenAI systems, ML pipelines, model hosting, AI integrations, and AI-enabled business processes—through a combination of security architecture, governance, risk management, and hands-on engineering. This role designs and implements security controls to reduce risks such as prompt injection, data leakage, model exfiltration, supply-chain compromise, unauthorized use, and AI-driven abuse, while enabling safe adoption across the enterprise. - Adopt and maintain the Enterprise AI Security Reference Architecture - Establish security patterns and guardrails for AI use cases including approved data sources, allowed tools, etc. - Conduct threat modeling for AI systems and integrations and translate threats into technical controls - Operationalize AI governance with EMCOR Legal and Risk - Work with EMCOR Security Governance, Risk and Compliance (GRC) to maintain the AI risk assessment process - Implement and maintain controls to prevent data leakage and sensitive information exposure in AI prompts, outputs, logs, and training sets - Work with EMCOR Security Identity and Access Management (IAM) and GRC to deploy and tune protections like DLP, data classification, prompt and response filtering, RAG hardening and model endpoint security - Integrate and maintain AI security testing capabilities such as prompt injection, model behavior evaluations, adversarial testing, etc. - Work with EMCOR Security Operations to define and implement logging and monitoring requirements, create detection use cases, and playbooks for AI related incidents - Assist with AI vendor and cloud services assessments Qualifications - Seven years minimum experience in cybersecurity, security engineering and security architecture - Three years minimum experience securing cloud platforms, APIs, and CI/CD - Working knowledge of AI/ML concepts - Experience with security monitoring and detection, and incident response - CISSP, CCSP, or GIAC or equivalent certification preferred - Ability to effectively communicate and interact with personnel at all levels - Must be capable of delivering a very high level of customer service Benefits - Comprehensive benefits package including medical, dental, and vision coverage - Health savings and flexible spending accounts - Life insurance and disability coverage - 401(k) Savings Plan - College Coach and employee assistance program Compensation - Compensation Range: $134,000 - $171,000 - This position is bonus eligible

Related Categories

Related Job Pages

More Security Engineer Jobs

Full TimeRemoteTeam ,H1B Sponsor

• Advise security and technical clients on storytelling and market navigation. • Build credibility with key audiences. • Shape strategy and pressure-test messaging. • Build reporter relationships and drive execution across various projects such as launches and thought leadership.

United States
IHG Hotels & Resorts logo

Project Manager – Security Governance, Risk & Compliance (SGRC)

IHG Hotels & Resorts

IHG Hotels & Resorts is one of the world’s leading hotel companies with a purpose to provide True Hospitality for Good.

Full TimeRemoteTeam 10,001+Since 2003H1B No Sponsor

• Lead status reporting and executive communications, producing clear, executive-ready updates • Manage the coordination of deliverables across multiple P&T priority programs • Drive cross-functional execution and alignment, ensuring dependencies, prerequisites, and critical deliverables are identified, tracked, and delivered on time • Manage financial planning and tracking across security workstreams • Coordinate delivery across internal teams, product teams, vendors, and service providers • Facilitate meetings, driving accountability, and ensure clear documentation of actions, timelines, and outcomes • Proactively identify and escalate risks, gaps, and delivery blockers

Philippines
Full TimeRemoteTeam 1,001-5,000H1B Sponsor

• Lead client engagements and project execution providing information security consultation and assessment services, helping our clients meet their compliance obligations by evaluating their business, technology, and operations against industry security standards • Educate, mentor, advise, and share your expertise with clients and colleagues to aid in making decisions on topics like Artificial Intelligence, organizational security strategy and services scope as well provide consultative guidance on complex projects • Providing clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance • Consult/advise with C-level Security Leaders (CISO, CSO, CIO, etc.) and the Board of Directors with our most valued and strategic clients • Develop strategic, operational, and tactical recommendations tailored to each client with the intent to improve a client’s security posture and compliance position • Create detailed strategic security roadmaps with short-term, mid-term, and long-term goals that prioritize remediation recommendations and address all instances of non-compliance with applicable regulatory, statutory, contractual, and organizational obligations • Lead large security engagements in concert with other cybersecurity practices and Presidio teams • Develop security policies, standards, and procedures that are custom-tailored to each client’s unique culture, security goals, and organizational objectives using industry best practices and compliance requirements • Review, analyze, and assess key factors, including inherent risk, mitigating controls, business impact, likelihood and other key elements to determine organizational security risk • Ensure and assess client alignment to, and/or compliance with, applicable regulatory, federal, state, local, contractual, and organizational requirements and best practices standards such as ISO 27001, NIST Cyber Security Framework (CSF), PCI DSS, HIPAA, FERPA, NIST 800-171, CMMC, etc. • Work closely with organizations to conduct security program development by establishing the foundation for a best of breed security program architecture reference model using industry frameworks and standards such as ISO 27001, NIST 800-53, NIST CSF, etc. • Work with other seasoned Principal Security Consultants in a collaborative setting to support and assist on the execution and delivery of key services such as Cloud Governance, Advisory Services, security program development, documentation review, and security consulting services • Execute tabletop exercises after collaborating with client stakeholders to select the scenario then create an After-Action Report • Deliver PCI Advisory Services, including PCI Gap Analysis, SAQs, ROCs and AOCs • Deliver CMMC Advisory Services, including CMMC Readiness Assessments • Assist leadership in cybersecurity administrative functions, such as documentation maintenance, documentation creation, peer review, and other internal cybersecurity activities

United States
Lumen Technologies logo

LEAD INFORMATION SECURITY ENGINEER

Lumen Technologies

Lumen Technologies is self-described as a global company of 40,000+ professionals empowering businesses, government, and communities to “produce amazing thing

Role Description At Lumen, the Lead Information Security Engineer owns the development, maintenance, and defensibility of the security authorization package for assigned systems, ensuring compliance with federal requirements and readiness for assessment. In this role, you apply and refine your RMF expertise through end-to-end execution, working directly with customers and stakeholders to validate controls, surface risk, and drive remediation. Your impact is measured through the successful sustainment of Authorization to Operate (ATO) outcomes, the strength of the system’s security posture, and the ability to support secure, compliant delivery of mission-critical services. The Lead ISSO may operate independently for smaller or less complex environments or in alignment with a Senior Lead (ISSM) for larger programs. The successful candidate will demonstrate the ability to: - Serve as the primary ISSO for assigned systems, accountable for end-to-end RMF execution and ATO outcomes - Execute the full RMF lifecycle, including categorization, control implementation, assessment readiness, authorization support, and continuous monitoring - Develop, maintain, and ensure accuracy of authorization artifacts (e.g., SSP, POA&M, control evidence) - Ensure systems remain ATO-compliant, audit-ready, and aligned with federal requirements (e.g., FedRAMP, FISMA, DoD) - Track, prioritize, and drive remediation of vulnerabilities, audit findings, and control deficiencies - Provide system-level risk assessments and actionable recommendations, including impact and remediation considerations - Monitor vulnerability, audit, and continuous monitoring data to maintain awareness of system risk posture - Coordinate with engineering, operations, and program teams to ensure security controls are implemented effectively and sustainably - Support security assessments, audits, and inspections as the ISSO representative, including direct interaction with assessors and customer stakeholders - Evaluate products, services, and proposed architectures for compliance, risk, and implementation feasibility within customer authorization environments - Support customer integration of managed services by defining control responsibilities, inheritance boundaries, and implementation expectations - Provide input grounded in RMF execution and ATO processes to support solution design, capture efforts, and delivery alignment Qualifications - Bachelor’s degree in information assurance, cybersecurity, or a related field, or equivalent experience - Minimum of 5 years of relevant experience in information assurance, with demonstrated responsibility for RMF execution and ATO support - Proven experience developing and maintaining authorization artifacts (e.g., SSP, POA&M) and supporting security assessments - Experience operating in customer-facing or services-based environments supporting federal or regulated clients is strongly preferred - Relevant certifications in governance, risk, and compliance (e.g., CGRC, CISA) are strongly preferred or equivalent demonstrated RMF experience - Broad security certifications (e.g., CISSP, CCSP) are preferred and may supplement GRC experience - Proficiency with technologies, tools, and processes supporting GRC, vulnerability management, and continuous monitoring Requirements - Strong working knowledge of NIST RMF (SP 800-37) and NIST SP 800-53 control framework - Demonstrated experience executing RMF activities and supporting or leading ATO outcomes for federal or DoD systems - Experience with FedRAMP and/or FISMA authorization processes, including artifact development and assessment readiness - Ability to independently execute RMF activities and manage system-level security posture with minimal oversight - Strong understanding of control implementation, inheritance, and shared responsibility models within complex or hybrid environments - Ability to assess and communicate security risk in complex architectures, translating regulatory requirements into actionable guidance - Experience evaluating security, compliance, and delivery feasibility of products, services, and architectures - Working knowledge of cryptographic principles and emerging standards, including post-quantum cryptography (PQC), and ability to assess vendor solutions for compliance, risk, and implementation considerations - Strong collaboration skills across engineering, operations, program management, and security teams - Effective written and verbal communication skills for both technical and non-technical audiences - Demonstrates Lumen leadership behaviors (teamwork, trust, transparency, clarity, courage, customer focus, growth mindset, respect) Benefits - Comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing

United States
$105.8K - $155.2K / year