Ai Risk Jobs in Renton, WA (NOW HIRING)

Build the future, spark innovation and align your career with purpose.

McKinstry is innovating the waste and climate harm out of the built environment and creating lasting impact. Together, we're building a thriving planet.

Buildings are a leading contributor to the climate crisis, generating nearly 40% of total global energy-related carbon emissions. We're making a lasting impact on our industry and within our communities by addressing the climate, affordability and equity crises through:

• renewables and energy services
• engineering and design
• construction and facility services

To get where we're going, we need big thinkers, problem solvers and collaborative mindsets. Does that sound like you?

The Opportunity with McKinstry

We are seeking a Senior Manager, Security Engineering to serve as McKinstry's senior owner of security engineering — a role that sits at the intersection of hands-on technical depth and forward-looking people leadership. This is a critical, senior-level position responsible for designing, building, and governing McKinstry's security engineering capabilities across application security, security architecture, network security, and the rapidly evolving domain of AI security.

This role owns the question "is security built in?" While the CISO sets vision and engages at the board and executive level, the Senior Manager, Security Engineering ensures McKinstry's security is embedded by design: applications are built securely from the start, architecture decisions are reviewed and signed off with a security lens, network infrastructure is hardened and consistently governed, and AI-driven systems are assessed for the unique risks they introduce.

This role manages and develops a Security Engineering team that includes a dedicated AI Security Engineer — and actively represents the security engineering function on McKinstry's Security, Legal, and Governance committees for AI Security, with regular C-suite briefings on program status and risk posture.

This role is ideal for a seasoned security engineer or architect who is ready to step into formal people leadership — someone who can hold their own technically across application, network, cloud, and AI security domains, while driving a team and a program forward with clarity and accountability.

In this role, you will:

• Own McKinstry's security engineering program — leading the design, implementation, and continuous improvement of security and security AI capabilities, controls, and automation across the organization.

• Lead the application security program, embedding secure-by-design principles across the SDLC and partnering with development and product teams to shift security left.

• Set and enforce McKinstry's security architecture standards, conducting threat modeling and providing security sign-off on new systems, platforms, and cloud deployments.

• Govern network security posture across on-premises, Azure, and hybrid environments, partnering with IT Infrastructure and Cloud Engineering on segmentation, firewall policy, and SASE.

• Manage and develop the AI Security Engineer, directing AI/ML security assessments, MCP server security reviews, and AI agent risk evaluations across the organization.

• Sit on McKinstry's Security, Legal, and Governance committees for AI Security and deliver regular security engineering updates to the C-suite.

Key Responsibilities

Strategic Security Leadership & Executive Partnership

• Partner with the CISO to shape McKinstry's security engineering strategy, ensuring the engineering program is aligned to organizational risk priorities and business objectives.

• Sit on McKinstry's Security, Legal, and Governance committees for AI Security — representing the security engineering perspective and ensuring AI risk is appropriately governed.

• Deliver regular security engineering updates to the C-suite, translating technical program status, risk posture, and investment needs into clear business language.

• Represent the security engineering function in cross-functional leadership forums, architecture review boards, and executive-level discussions.

• Contribute to board-level security reporting, including updates on engineering program health, vulnerability trends, architecture maturity, and AI security posture.

• Translate McKinstry's business and product growth objectives into security engineering requirements, ensuring security scales with the organization.

Core Domains of Responsibility:

This role leads the organization's security engineering capabilities across these core domains:

Security Engineering & Design

• Lead the design, implementation, and continuous improvement of the organization's security engineering capabilities, controls, and automation

• Own the security engineering roadmap, translating strategic risk priorities into actionable technical initiatives

• Drive integration of security tooling, APIs, and automation pipelines across the security stack (SIEM, EDR, SOAR, vulnerability management)

• Establish and maintain engineering standards, peer review processes, and quality gates for security solutions

Application Security

• Lead the application security program, embedding secure-by-design principles across the software development lifecycle (SDLC)

• Define and enforce secure coding standards, SAST/DAST tooling, dependency scanning, and code review requirements

• Conduct and oversee application security assessments, penetration testing coordination, and remediation tracking

• Partner with development and product teams to deliver security training and shift-left security practices

Security Architecture

• Develop and maintain the organization's security reference architecture, aligned to Zero Trust, defense-in-depth, and least-privilege principles

• Review and provide security sign-off on architecture designs for new systems, platforms, integrations, and cloud deployments

• Lead threat modeling exercises for high-risk systems, new product features, and major infrastructure changes

• Ensure security architecture decisions are documented, communicated, and embedded into engineering standards

Network Security

• Oversee the security posture of network infrastructure, including segmentation, perimeter controls, and secure remote access

• Ensure network security standards are applied consistently across on-premises, cloud (Azure), and hybrid environments

• Partner with IT Infrastructure and Cloud Engineering on firewall policy, VPN, SASE, and micro-segmentation initiatives

• Review and approve network architecture changes with a security lens, maintaining current network security documentation

AI Security Leadership

• Manage and develop Security Engineers, providing technical direction and leadership direction, including hiring coaching, performance management and career development

• Maintain working knowledge of the OWASP AI Security Top 10 and apply it to the organization's AI system risk reviews

• Provide security oversight for Model Context Protocol (MCP) server deployments, including access controls, data exposure risks, and integration security

• Ensure AI agent architectures are reviewed for security risks including prompt injection, data leakage, and unintended autonomous actions

• Incorporate AI security alerting and monitoring requirements into the broader security operations and detection strategy

• Stay current with emerging AI Security technologies and vulnerabilities

What You Need to Succeed at McKinstry

You don't need to check every box below. We value significant relevant experience and encourage applicants who meet several of the qualifications to also apply. All applications will be reviewed, and the most qualified candidates will be considered for the next steps.

Experience

• 10+ years of experience in cybersecurity, with 7+ years in security engineering, application security, or security architecture roles

• 7+ years in a people management or technical lead capacity within a security engineering or product security function

• Demonstrated experience delivering security engineering programs across multiple domains (application, network, cloud)

Technical Expertise

• Familiarity of AI agent security risks including prompt injection, unintended autonomy, and data exposure in agentic workflows

• Strong hands-on background in application security — SDLC integration, SAST/DAST tooling, secure code review, and penetration testing coordination

• Proficiency in security architecture design and documentation, including Zero Trust, defense-in-depth, and least-privilege frameworks

• Working knowledge of network security controls, segmentation, firewall policy, VPN, and SASE architectures

• Experience with cloud security engineering in hybrid environments — Azure expertise strongly preferred

• Familiarity with scripting and automation relevant to security engineering (Python, PowerShell, Bash, or equivalent)

• Working knowledge of the OWASP AI Security Top 10 and AI/ML system risk assessment approaches

• Familiarity with Model Context Protocol (MCP) server architecture and associated security considerations

Governance & Frameworks

• Working knowledge of NIST