Information Security Engineer (AI & Data Privacy)

Build the future, spark innovation and align your career with purpose.McKinstry is innovating the waste and climate harm out of the built environment and creating lasting impact. Together, we’re building a thriving planet.Buildings are a leading contributor to the climate crisis, generating nearly 40% of total global energy-related carbon emissions. We’re making a lasting impact on our industry and within our communities by addressing the climate, affordability and equity crises through:renewables and energy servicesengineering and designconstruction and facility servicesTo get where we’re going, we need big thinkers, problem solvers and collaborative mindsets. Does that sound like you?The Opportunity with McKinstryMcKinstry is actively integrating artificial intelligence across our business and client solutions—and we’re looking for an Information Security Engineer to help ensure this adoption is secure, responsible, and defensible.This role sits at the intersection of AI security, data privacy, and enterprise governance. You’ll play a key role in securing AI systems, guiding AI tool adoption, and ensuring compliance with data protection agreements and privacy regulations as AI becomes embedded in how we operate.You’ll have the opportunity to shape how AI is adopted responsibly across a complex, real‑world enterprise—working alongside security, legal, and engineering leaders to solve problems that truly matter. We value collaboration, integrity, and thoughtful risk‑taking, and we’re committed to building technology solutions that are secure, ethical, and future‑ready.This role is based in our Seattle, WA corporate office and follows a hybrid schedule with three days onsite.What You’ll DoAI Security & GovernanceHelp design and implement security controls for AI/ML systems, GenAI tools, and LLM-based applications used across the enterpriseSupport development and maintenance of McKinstry’s AI security framework aligned with industry standards (e.g., NIST AI RMF, OWASP LLM Top 10)Participate in AI threat modeling and risk assessments across data ingestion, model use, and API integrationsHelp establish guardrails for enterprise AI adoption, including vendor onboarding and shadow AI detectionPrivacy & Data ProtectionReview and assess AI vendor Data Processing Agreements (DPAs) in partnership with Legal and ProcurementSupport ongoing compliance with data handling, retention, and residency obligationsAssess AI tools against applicable privacy and compliance requirements (CCPA/CPRA, SOC 2, and similar frameworks)Contribute to data classification and handling standards for AI training, fine‑tuning, and inferenceAI Rollout & Risk ManagementParticipate in security reviews for AI platforms and tools, including Microsoft Copilot and third‑party AI servicesSupport AI risk assessments and vendor governance documentation for leadership visibilityAssist with AI‑specific incident response planning and escalation scenariosMonitor changes in AI vendor security posture, data use policies, and sub‑processor disclosuresCollaboration & EnablementServe as a security partner to Legal, Compliance, IT, and Engineering teams on AI initiativesHelp educate technical and business teams on secure AI usage, data minimization, and privacy‑by‑design principlesContribute to executive‑ready reporting on AI security posture and program maturityWhat You Need To Succeed At McKinstry2–3+ years of experience in cybersecurity, with exposure to AI/ML security, data privacy, or cloud securityHands‑on experience supporting vendor risk assessments, DPAs, or privacy reviewsUnderstanding of common GenAI and LLM security risks (e.g., data leakage, prompt injection, model misuse)Familiarity with AI security frameworks such as NIST AI RMF, OWASP LLM Top 10, or similarAbility to explain security and privacy concepts to non‑technical stakeholdersExperience working with privacy or compliance programs (CCPA/CPRA, SOC 2, or related frameworks)Familiarity with the Microsoft security and cloud ecosystem (Azure, Defender, Sentinel, Purview)Preferred certifications include: CISSP, CIPP/US, CIPM, CCSP, AZ‑500, SC‑200, or Security+PeopleFirst BenefitsWhen it comes to the basics, we have you covered:Competitive pay401(k) with employer match and profit-sharing planPaid time off and holidaysComprehensive medical, prescription, dental, and vision with low or zero deductible options and low out of pocket maximumsPeople come first at McKinstry, and we go beyond the basic benefits with:Family formation benefits, including adoption and IVF assistanceUp to 16 weeks paid parental leaveTransgender inclusive benefitsCommuter benefitsPet insurance“Building Good” paid community service timeLearning and advancement opportunities via McKinstry UniversityMcKinstry Moves onsite gyms or reimbursement for remote workersSee benefit plan documents for complete details.If you’re driven by our vision to build a thriving planet together, McKinstry is the place to build your career.The pay range for this position is $89,010 - $151,300 per year; however, base pay offered may vary depending on job-related knowledge, skills, and experience. A bonus may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered. Base pay information is based on market location.The McKinstry group of companies are equal opportunity employers. We are committed to providing equal employment opportunities to all employees and qualified applicants without regard to sex, gender identity, sexual orientation, age, race, color, creed, marital status, national origin, disability, veteran status, genetic information or any other basis protected by law. This policy applies to all terms and conditions of employment including, but not limited to employment, advancement, assignment, and training. This commitment to Equal Employment Opportunity is made equally as a social responsibility and as an economic and business necessity. McKinstry is a drug-free workplace. Employment is contingent upon successfully passing a pre-employment drug and alcohol test, complying with the requirements of the Immigration Reform and Control Act and a Confidentiality Agreement, in addition to successful outcomes of background and reference checks.Applicants for this role will only be considered if they possess current US Work Authorization, and do not require employer-sponsored VISA support to begin or remain in this role.