SAP Agentic AI Security Architect

We are currently looking for a freelance "SAP Agentic AI Security Architect (m/f/x)" for our client in the IT-sector.

Start: ASAP

End: 30.09.2026

Capacity: Fulltime

Location: Remote

Seeking an experienced AI Security Architect to lead design and implementation of end-to-end security for Generative AI and Agentic AI solutions within enterprise cloud environments (SAP Enterprise Cloud Services). The architect will partner with product, platform, and security engineering teams to define secure architectures, threat models, governance controls, and operational patterns that enable safe, compliant AI deployments at scale.

Key responsibilities:

• Lead security architecture for Generative AI and Agentic AI use cases (conversational agents, content generation, autonomous agents, multi-agent workflows).
• Define and own security baselines, reference architectures, and secure-by-design patterns for BTP-based, third party and hyperscaler agentic frameworks.
• Threat modelling and risk assessment for AI-specific attack vectors (prompt injection, model inversion, data poisoning, adversarial inputs, instruction leakage).
• Design and implement controls for RAG pipelines, vector database protection, embedding security, and secure retrieval mechanisms.
• Define agent security controls: privilege boundaries, secure agent life cycle, A2A communication controls, and mitigation for malicious agent behaviours.
• Integrate AI security into SDLC/CI-CD and IaC pipelines; develop IaC security patterns and automated guardrails (Terraform, pipelines).
• Lead cloud platform security integration (AWS/Azure/GCP): CSPM, secrets management, workload isolation, container/Kubernetes/Kyma hardening.
• Implement monitoring, audit logging, observability and incident response for AI systems (kill-switch/rollback mechanisms, playbooks).
• Ensure compliance with enterprise policies and frameworks (NIST AI RMF, OWASP Top 10 for LLMs, SAP Information Classification & Handling, regulatory requirements).
• Mentor and influence engineering teams, conduct architecture reviews, and drive security requirements in procurement and vendor integrations (AI registries, third-party models).

Required qualifications:

• 7-10 years of professional experience in security architecture or engineering, with at least 2+ years focused on Generative AI and agentic systems.
• Deep understanding of AI-specific threats: prompt injection, model inversion, data poisoning, adversarial examples, and mitigation strategies.
• 5+ years experience in enterprise cloud security across AWS, Azure, and/or GCP; hands-on with CSPM, SIEM/SOAR, vulnerability mgmt.
• Strong experience securing containerized platforms (Docker, Kubernetes, Kyma) and cloud-native architectures.
• Proficiency in Python and security automation; experience with Terraform/IaC and CI/CD security integration.
• Familiarity with AI/ML frameworks and tooling: Hugging Face, LangChain, TensorFlow/PyTorch, agentic frameworks, RAG patterns.
• Experience with secret management (Azure Key Vault, HashiCorp Vault), API security (OAuth2/OIDC, mTLS), and secure microservices design.
• Knowledge of vector DBs, embedding vulnerabilities, SBOM/dependency scanning, and supply-chain security.
• Relevant certifications preferred: AWS/Azure/GCP Security, AI security specialized certifications.
• Strong communicator able to work cross-functionally and influence technical and non-technical stakeholders.

Desired skills

• Experience with SAP BTP, Kyma clusters, and enterprise integrations (ServiceNow, SPC, AI registries).
• Background in AI ethics, bias detection, and responsible AI governance processes.
• Experience authoring security baselines, playbooks, and training material for development teams.

• 7-10 years of professional experience in security architecture or engineering, with at least 2+ years focused on Generative AI and agentic systems.
• Deep understanding of AI-specific threats: prompt injection, model inversion, data poisoning, adversarial examples, and mitigation strategies.
• 5+ years experience in enterprise cloud security across AWS, Azure, and/or GCP; hands-on with CSPM, SIEM/SOAR, vulnerability mgmt.
• Strong experience securing containerized platforms (Docker, Kubernetes, Kyma) and cloud-native architectures.
• Proficiency in Python and security automation; experience with Terraform/IaC and CI/CD security integration.
• Familiarity with AI/ML frameworks and tooling: Hugging Face, LangChain, TensorFlow/PyTorch, agentic frameworks, RAG patterns.
• Experience with secret management (Azure Key Vault, HashiCorp Vault), API security (OAuth2/OIDC, mTLS), and secure microservices design.
• Knowledge of vector DBs, embedding vulnerabilities, SBOM/dependency scanning, and supply-chain security.
• Relevant certifications preferred: AWS/Azure/GCP Security, AI security specialized certifications.
• Strong communicator able to work cross-functionally and influence technical and non-technical stakeholders.

Desired skills

• Experience with SAP BTP, Kyma clusters, and enterprise integrations (ServiceNow, SPC, AI registries).
• Background in AI ethics, bias detection, and responsible AI governance processes.
• Experience authoring security baselines, playbooks, and training material for development teams.