[Remote] Senior AI Engineer

Note: The job is a remote job and is open to candidates in USA. Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. In this role, you will lead the development of systems built on foundation models, ensuring secure deployment across various environments, while collaborating with Infrastructure and Security teams to deliver mission-aligned AI at scale.

Responsibilities

• Build and deploy production AI applications using Azure AI Foundry, Azure OpenAI Service, and Copilot Studio, accounting for service availability differences between Azure Commercial, Azure Government, and GCC High environments
• Select and right-size models for mission requirements - balancing capability, cost, latency, and deployment constraints across small, medium, and large foundation models (e.g., SLMs such as Phi, frontier LLMs, embedding and multimodal models)
• Engineer agentic AI systems, including multi‑agent frameworks (e.g., Semantic Kernel, LangGraph, AutoGen, or similar) and tool‑use pipelines, including Model Context Protocol (MCP) - based integrations
• Develop RAG architectures using Azure AI Search and vector stores, including embedding pipelines, document chunking strategies, and grounding-data governance (Purview/DLP integration)
• Orchestrate model endpoints and optimize inference workloads across local, hybrid, and remote backends - including managed cloud endpoints (Azure AI Foundry/OpenAI), self-hosted inference on AKS, and local/on-prem serving runtimes (e.g., ONNX Runtime, vLLM, Foundry Local, or similar)
• Design backend-agnostic application architectures with abstraction layers that allow models to be swapped or routed between local, hybrid, and cloud endpoints based on data sensitivity, latency, cost, and connectivity constraints
• Implement MLOps/LLMOps practices: model evaluation harnesses, AI red-teaming (e.g., PyRIT), prompt versioning, and telemetry/observability for AI applications
• Ensure AI workloads conform to GCC High and Azure Government constraints, including CUI handling, data residency, customer-managed key requirements, and appropriate placement of inference (local vs. cloud) based on data classification
• Support secure multi‑cloud operations across Azure and GCP, partnering with Infrastructure teams
• Configure AI security guardrails, content safety controls, DLP policies, gateway policies, and alignment safeguards, informed by the NIST AI Risk Management Framework (AI 100-1, AI 600-1) and OWASP Top 10 for LLM Applications
• Implement AI traffic governance and secure inspection using modern AI gateways
• Maintain secure inter‑cloud connectivity and workload visibility using NSGs, firewall rules, traffic mirroring/network visibility tooling, and service-to-service authentication (OAuth 2.0 client credentials, Entra managed identities, workload identity federation)
• Embed automated security validation (SAST/DAST) into CI/CD pipelines

Skills

• U.S. citizenship
• Bachelor's degree in computer science, Data Science, Cybersecurity, IT, or related field
• 5-7 years in enterprise software or systems engineering, with a strong recent focus on cloud‑scale AI architectures
• 3-5 years building AI/ML solutions, including 1-2 years hands-on with Azure OpenAI, Azure AI Foundry, Copilot Studio, or equivalent foundation-model platforms
• Experience working across model scales and deployment models - small/specialized through large foundation models, deployed via managed cloud endpoints, self-hosted, or local runtimes - and selecting appropriately for the use case
• Experience developing agentic AI systems and integrating API‑driven tools
• Demonstrated experience in GCC High or Azure Government environments
• Multi‑cloud security experience spanning Azure and GCP (CSPM/CNAPP, NSGs, traffic mirroring, GCP equivalents)
• Strong CI/CD engineering background with integrated SAST/DAST validation, plus scripting and IaC proficiency (Python, PowerShell, Terraform)
• Expertise in API security, service-to-service/workload identity authentication, and AI gateway architecture
• Familiarity with modern software delivery platforms, including GitHub, GitHub Copilot, and GitLab
• One or more current Microsoft certifications required (e.g., AZ-500 Azure Security Engineer, AI-102 Azure AI Engineer, SC-100 Cybersecurity Architect, or equivalent); GCP security certifications are a plus
• Experience supporting highly regulated environments and compliance frameworks (NIST SP 800‑53, 800‑171, CMMC Level 2, FedRAMP)
• Familiarity with NIST AI RMF and its Generative AI Profile (NIST AI 600-1)
• Experience with model fine-tuning, distillation, or quantization for deploying models in constrained, disconnected, or edge environments
• Experience with Kubernetes (AKS) for AI/inference workloads
• Experience with agent-to-agent (A2A) protocols and emerging agent interoperability standards
• Familiarity with hybrid cloud management for AI workloads (e.g., Azure Arc, Azure Local, GPU infrastructure on premises) and DDIL/disconnected operation patterns

Company Overview