OverviewThe AI Security Specialist safeguards the firm's use of artificial intelligence — from Microsoft Copilot and generative AI tools to internal ML models and third-party AI services. This role establishes guardrails, monitors AI usage, evaluates emerging AI products, and ensures all AI deployments meet legal, regulatory, and client confidentiality obligations.
Responsibilities
- AI Risk Assessment — Evaluate security, privacy, and compliance risks of AI tools before adoption (Copilot, ChatGPT Enterprise, Anthropic Claude, e-discovery AI, etc.).
- Threat Detection — Monitor for AI-specific threats: prompt injection, model poisoning, data exfiltration via LLMs, and shadow AI usage.
- Vendor & Model Review — Conduct security reviews of AI vendors, including data residency, training data usage, retention, and SOC 2 / ISO 42001 posture.
- Data Protection — Partner with other business units to prevent privileged client data, work product, and PII from leaking into public or improperly governed AI systems.
- Incident Response — Lead investigation and response for AI-related incidents (data leakage, model abuse, compromised AI accounts).
- AI Red Teaming — Plan and execute adversarial testing programs against internal and vendor AI systems: prompt injection, jailbreaks, data exfiltration, model inversion, training data extraction, and agent abuse. Coordinate engagements with external red teams for high-risk deployments and translate findings into prioritized remediations.
- Training & Awareness — Build and deliver AI security training and advice on safe use of AI.
- Regulatory Alignment — Track and operationalize NIST AI RMF, EU AI Act, NY DFS Part 500, and client-specific AI requirements.
Compensation: -The anticipated base salary range offered for this role will be between $140,000 to $180,000 and represents the firm’s good faith and reasonable estimate of the range of possible base compensation. Actual base compensation will be dependent upon several factors, including but not limited to the candidate’s relevant experience, performance, qualifications, degrees, and location, well as the needs of the firm.
Qualifications
- 5+ years in information security, with 2+ years focused on AI/ML security or AI governance.
- Demonstrated hands-on AI red team experience — including prompt injection and jailbreak testing, adversarial ML techniques, LLM/agent abuse scenarios, and structured engagements aligned to OWASP Top 10 for LLMs and MITRE ATLAS.
- Proficiency with AI red teaming tooling such as Microsoft PyRIT, NVIDIA Garak, Promptfoo, Giskard, or comparable frameworks; ability to author custom probes and harnesses.
- Strong working knowledge of LLM architectures, RAG systems, and AI agent frameworks.
- Experience securing Microsoft 365 Copilot, Azure OpenAI, Anthropic Claude or comparable enterprise AI platforms.
- Understanding of data classification, DLP, and identity governance (Purview, Entra).
- Bachelor's degree in Computer Science, Cybersecurity, or related field.
Required Certifications
Candidates must hold one or more of the following:
- CISSP — Certified Information Systems Security Professional (ISC²)
- CISM — Certified Information Security Manager (ISACA)
Preferred Qualifications
- Experience in a law firm, financial services, or other highly regulated environment.
- Prior participation in AI/ML CTFs, bug bounties (e.g., HackerOne AI programs), or published AI red team research.
