AI Security Automation Engineering – Lead

Job Description

Company: Kanor Systems

Location: Bethesda, US

Role Level

Lead/Manager- AI Security Automation Engineering

Role Type

Individual Contributor

Location

Remote-friendly / Marriott HQ

Core Stack

Python Go Neo4j LLM APIs Graph Databases

Frameworks

NIST AI RMF OWASP LLM Top 10 ISO 42001 OSCAL

Responsibilities:
• Design review templates (“archetypes”) for every major AI deployment pattern: agentic AI, conversational platforms, IoT+AI, contact center AI, and enterprise SaaS.
• Build intake questionnaires that auto-route submissions to the right control checklists based on deployment model (SaaS, on-prem, hybrid, multi-cloud, API-integrated).
• Define complexity weighting models and set measurable cycle-time targets per review type.
• Build LLM-powered tools that auto-draft threat models from architecture descriptions, map controls to findings, and surface cross-review risk patterns.
• Develop automated intake and triage pipelines – intent classification, complexity scoring, archetype detection, priority assignment – integrated with ServiceNow or Jira.
• Own the operational dashboards: cycle time, queue depth, completion rate, rework rate.
• Design and maintain a labeled property graph ontology connecting AI patterns, controls, threats, standards, deployment paradigms, and risk tiers.
• Implement graph traversal queries for gap analysis (risk dimension unaddressed controls), tier compliance, and cross-pattern coverage.
• Export graph data to support executive reporting and audit evidence packages.
• Build control mapping pipelines that link review findings to AI risk dimensions and OSCAL-aligned compliance attestations.
• Drive alignment with EU AI Act obligations: risk classification, quality management traceability, and risk management documentation.
• Coordinate with assurance and risk teams on scoring handoff criteria and independent verification.

Must-Have Experience
• 10+ years building and operating complex data models, knowledge graphs, or system architectures – especially in compliance, policy, or regulatory domains.
• 2+ years in cybersecurity: security assessments, threat modeling, control mapping, or risk analysis in enterprise or regulated environments.
• Proven track record converting manual review processes into repeatable, metrics-driven, AI-assisted operations.
• Experience building AI/ML automation for security, compliance, or GRC workflows – not just using tools, but engineering them.
• Production-grade delivery: automation systems running at enterprise scale, not proof-of-concept only.
• Strong executive communication: able to present pipeline metrics upward and threat models to architecture review boards.

Technical Skills
• Python and Go for building automation tooling, API integrations, and data pipelines.
• Graph databases: Neo4j, KuzuDB, NetworkX, openCypher, or GraphML – including ontology design and graph-based reasoning.
• LLM and agent frameworks: PydanticAI, LangChain, or equivalent; experience with Claude (Bedrock), Azure OpenAI, or similar foundation model APIs.
• AI system architecture depth: LLMs, RAG pipelines, MCP, vector stores, agent orchestration.
• Security frameworks: NIST AI RMF, ISO 42001, NIST CSF, OWASP LLM Top 10, OWASP Agentic Top 10, MITRE ATLAS, OSCAL.
• Workflow platform APIs: ServiceNow, Jira, or equivalent for end-to-end process automation.

Education
• Master’s or Ph.D. in Computer Science, Cybersecurity, Information Systems, or related STEM field – or equivalent experience demonstrated in role.

Source: Dice