Senior AI Engineer Job Listing at SPA in United States of America (Job ID 22902)

Description

Overview

Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA: Objective. Responsive. Trusted.  

 

In this role, you will lead development of systems built on foundation models of all sizes - from small language models (SLMs) suited to edge and cost-constrained deployments, to large language and multimodal models - including custom enterprise copilots, and autonomous agentic workflows. You will ensure these capabilities are deployed securely across local, hybrid, and cloud model backends - spanning Microsoft Azure (including GCC High), Azure Government, Google Cloud Platform (GCP), and on-premises/edge infrastructure.

 

This is a bridge role: your primary depth is in AI engineering and delivery, with strong working fluency in cloud security and DevSecOps practices. You will partner with - not replace - Infrastructure and Security teams to deliver secure, mission-aligned AI at scale in highly regulated environments

Responsibilities

AI Engineering & Delivery (primary focus)

• Build and deploy production AI applications using Azure AI Foundry, Azure OpenAI Service, and Copilot Studio, accounting for service availability differences between Azure Commercial, Azure Government, and GCC High environments.
• Select and right-size models for mission requirements - balancing capability, cost, latency, and deployment constraints across small, medium, and large foundation models (e.g., SLMs such as Phi, frontier LLMs, embedding and multimodal models).
• Engineer agentic AI systems, including multi‑agent frameworks (e.g., Semantic Kernel, LangGraph, AutoGen, or similar) and tool‑use pipelines, including Model Context Protocol (MCP) - based integrations.
• Develop RAG architectures using Azure AI Search and vector stores, including embedding pipelines, document chunking strategies, and grounding-data governance (Purview/DLP integration).
• Orchestrate model endpoints and optimize inference workloads across local, hybrid, and remote backends - including managed cloud endpoints (Azure AI Foundry/OpenAI), self-hosted inference on AKS, and local/on-prem serving runtimes (e.g., ONNX Runtime, vLLM, Foundry Local, or similar).
• Design backend-agnostic application architectures with abstraction layers that allow models to be swapped or routed between local, hybrid, and cloud endpoints based on data sensitivity, latency, cost, and connectivity constraints.
• Implement MLOps/LLMOps practices: model evaluation harnesses, AI red-teaming (e.g., PyRIT), prompt versioning, and telemetry/observability for AI applications.

Cloud Security & AI Safeguards

• Ensure AI workloads conform to GCC High and Azure Government constraints, including CUI handling, data residency, customer-managed key requirements, and appropriate placement of inference (local vs. cloud) based on data classification.
• Support secure multi‑cloud operations across Azure and GCP, partnering with Infrastructure teams.
• Configure AI security guardrails, content safety controls, DLP policies, gateway policies, and alignment safeguards, informed by the NIST AI Risk Management Framework (AI 100-1, AI 600-1) and OWASP Top 10 for LLM Applications.

Infrastructure, Networking & CI/CD

• Implement AI traffic governance and secure inspection using modern AI gateways.
• Maintain secure inter‑cloud connectivity and workload visibility using NSGs, firewall rules, traffic mirroring/network visibility tooling, and service-to-service authentication (OAuth 2.0 client credentials, Entra managed identities, workload identity federation).
• Embed automated security validation (SAST/DAST) into CI/CD pipelines.

Qualifications

Required Qualifications

• U.S. citizenship.
• Bachelor's degree in computer science, Data Science, Cybersecurity, IT, or related field
• 5-7 years in enterprise software or systems engineering, with a strong recent focus on cloud‑scale AI architectures. [moved from end of list]
• 3-5 years building AI/ML solutions, including 1-2 years hands-on with Azure OpenAI, Azure AI Foundry, Copilot Studio, or equivalent foundation-model platforms
• Experience working across model scales and deployment models - small/specialized through large foundation models, deployed via managed cloud endpoints, self-hosted, or local runtimes - and selecting appropriately for the use case
• Experience developing agentic AI systems and integrating API‑driven tools
• Demonstrated experience in GCC High or Azure Government environments
• Multi‑cloud security experience spanning Azure and GCP (CSPM/CNAPP, NSGs, traffic mirroring, GCP equivalents)
• Strong CI/CD engineering background with integrated SAST/DAST validation, plus scripting and IaC proficiency (Python, PowerShell, Terraform)
• Expertise in API security, service-to-service/workload identity authentication, and AI gateway architecture
• Familiarity with modern software delivery platforms, including GitHub, GitHub Copilot, and GitLab
• One or more current Microsoft certifications required (e.g., AZ-500 Azure Security Engineer, AI-102 Azure AI Engineer, SC-100 Cybersecurity Architect, or equivalent); GCP security certifications are a plus

Preferred Qualifications

• Experience supporting highly regulated environments and compliance frameworks (NIST SP 800‑53, 800‑171, CMMC Level 2, FedRAMP)
• Familiarity with NIST AI RMF and its Generative AI Profile (NIST AI 600-1)
• Experience with model fine-tuning, distillation, or quantization for deploying models in constrained, disconnected, or edge environments
• Experience with Kubernetes (AKS) for AI/inference workloads
• Experience with agent-to-agent (A2A) protocols and emerging agent interoperability standards
• Familiarity with hybrid cloud management for AI workloads (e.g., Azure Arc, Azure Local, GPU infrastructure on premises) and DDIL/disconnected operation patterns

 

Many jobs at SPA require obtaining, holding, and maintaining eligibility for a designated clearance based on the company and/or client contract requirements. Should it be required, an individual must be able to obtain the appropriate clearance within a reasonable amount of time based on the needs of the client. In some cases, the individual may need the requisite clearance before being able to be actively employed.  Additionally, due to the protected nature of the work process and product at SPA, all positions require the execution of the SPA Non-Disclosure Agreement (NDA).  Some employees may be required to sign additional documents or complete other pre-employment or ongoing testing.

 

SPA employees typically work in a variety of office settings, some at an SPA office and some at designated client locations, where daily activities may include, but are not limited to, walking, standing, or sitting for extended periods, using computers and other technology, and being sequestered in SCIFs or other secured areas with limited access to outside resources or privacy.  Other security requirements may inform dress code, personal accessories permitted, or technology usage. When applicable, employees are required to comply with the terms and conditions of client contracts as specified by SPA in its sole discretion, including, but not limited to, hours, location, timing, and technology usage, that meet logistical and security work requirements.  

 

Qualifications

Required Qualifications

• U.S. citizenship.
• Bachelor's degree in computer science, Data Science, Cybersecurity, IT, or related field
• 5-7 years in enterprise software or systems engineering, with a strong recent focus on cloud‑scale AI architectures. [moved from end of list]
• 3-5 years building AI/ML solutions, including 1-2 years hands-on with Azure OpenAI, Azure AI Foundry, Copilot Studio, or equivalent foundation-model platforms
• Experience working across model scales and deployment models - small/specialized through large foundation models, deployed via managed cloud endpoints, self-hosted, or local runtimes - and selecting appropriately for the use case
• Experience developing agentic AI systems and integrating API‑driven tools
• Demonstrated experience in GCC High or Azure Government environments
• Multi‑cloud security experience spanning Azure and GCP (CSPM/CNAPP, NSGs, traffic mirroring, GCP equivalents)
• Strong CI/CD engineering background with integrated SAST/DAST validation, plus scripting and IaC proficiency (Python, PowerShell, Terraform)
• Expertise in API security, service-to-service/workload identity authentication, and AI gateway architecture
• Familiarity with modern software delivery platforms, including GitHub, GitHub Copilot, and GitLab
• One or more current Microsoft certifications required (e.g., AZ-500 Azure Security Engineer, AI-102 Azure AI Engineer, SC-100 Cybersecurity Architect, or equivalent); GCP security certifications are a plus

Preferred Qualifications

• Experience supporting highly regulated environments and compliance frameworks (NIST SP 800‑53, 800‑171, CMMC Level 2, FedRAMP)
• Familiarity with NIST AI RMF and its Generative AI Profile (NIST AI 600-1)
• Experience with model fine-tuning, distillation, or quantization for deploying models in constrained, disconnected, or edge environments
• Experience with Kubernetes (AKS) for AI/inference workloads
• Experience with agent-to-agent (A2A) protocols and emerging agent interoperability standards
• Familiarity with hybrid cloud management for AI workloads (e.g., Azure Arc, Azure Local, GPU infrastructure on premises) and DDIL/disconnected operation patterns

 

Many jobs at SPA require obtaining, holding, and maintaining eligibility for a designated clearance based on the company and/or client contract requirements. Should it be required, an individual must be able to obtain the appropriate clearance within a reasonable amount of time based on the needs of the client. In some cases, the individual may need the requisite clearance before being able to be actively employed.  Additionally, due to the protected nature of the work process and product at SPA, all positions require the execution of the SPA Non-Disclosure Agreement (NDA).  Some employees may be required to sign additional documents or complete other pre-employment or ongoing testing.

 

SPA employees typically work in a variety of office settings, some at an SPA office and some at designated client locations, where daily activities may include, but are not limited to, walking, standing, or sitting for extended periods, using computers and other technology, and being sequestered in SCIFs or other secured areas with limited access to outside resources or privacy.  Other security requirements may inform dress code, personal accessories permitted, or technology usage. When applicable, employees are required to comply with the terms and conditions of client contracts as specified by SPA in its sole discretion, including, but not limited to, hours, location, timing, and technology usage, that meet logistical and security work requirements.  

 

Responsibilities

AI Engineering & Delivery (primary focus)

• Build and deploy production AI applications using Azure AI Foundry, Azure OpenAI Service, and Copilot Studio, accounting for service availability differences between Azure Commercial, Azure Government, and GCC High environments.
• Select and right-size models for mission requirements - balancing capability, cost, latency, and deployment constraints across small, medium, and large foundation models (e.g., SLMs such as Phi, frontier LLMs, embedding and multimodal models).
• Engineer agentic AI systems, including multi‑agent frameworks (e.g., Semantic Kernel, LangGraph, AutoGen, or similar) and tool‑use pipelines, including Model Context Protocol (MCP) - based integrations.
• Develop RAG architectures using Azure AI Search and vector stores, including embedding pipelines, document chunking strategies, and grounding-data governance (Purview/DLP integration).
• Orchestrate model endpoints and optimize inference workloads across local, hybrid, and remote backends - including managed cloud endpoints (Azure AI Foundry/OpenAI), self-hosted inference on AKS, and local/on-prem serving runtimes (e.g., ONNX Runtime, vLLM, Foundry Local, or similar).
• Design backend-agnostic application architectures with abstraction layers that allow models to be swapped or routed between local, hybrid, and cloud endpoints based on data sensitivity, latency, cost, and connectivity constraints.
• Implement MLOps/LLMOps practices: model evaluation harnesses, AI red-teaming (e.g., PyRIT), prompt versioning, and telemetry/observability for AI applications.

Cloud Security & AI Safeguards

• Ensure AI workloads conform to GCC High and Azure Government constraints, including CUI handling, data residency, customer-managed key requirements, and appropriate placement of inference (local vs. cloud) based on data classification.
• Support secure multi‑cloud operations across Azure and GCP, partnering with Infrastructure teams.
• Configure AI security guardrails, content safety controls, DLP policies, gateway policies, and alignment safeguards, informed by the NIST AI Risk Management Framework (AI 100-1, AI 600-1) and OWASP Top 10 for LLM Applications.

Infrastructure, Networking & CI/CD

• Implement AI traffic governance and secure inspection using modern AI gateways.
• Maintain secure inter‑cloud connectivity and workload visibility using NSGs, firewall rules, traffic mirroring/network visibility tooling, and service-to-service authentication (OAuth 2.0 client credentials, Entra managed identities, workload identity federation).
• Embed automated security validation (SAST/DAST) into CI/CD pipelines.

 Apply on company website