AI Security Architect

We are seeking an experienced AI Security Architect to support the secure design, development, and deployment of AI/ML and Generative AI solutions across the enterprise. This role will work closely with data science and engineering teams, product owners, cloud/platform teams, and the security architecture and operations groups to define and implement security requirements that enable compliant, resilient, and trustworthy AI adoption., Collaborate with AI/ML engineering, data engineering, platform, and application teams to gather and analyze AI security requirements (data sourcing, model training, inference, integrations, and operational workflows).

Define and document secure reference architectures for AI/ML and GenAI workloads across cloud and enterprise environments, including patterns for model hosting, RAG, agents, API exposure, and third-party model consumption.

Perform threat modeling for AI systems (training and inference) including risks such as prompt injection, data leakage, model inversion/extraction, insecure plugins/tools, and supply chain risks.

Establish security controls for data protection across the AI lifecycle: dataset governance, data minimization, labeling/classification alignment, encryption, key management, secrets handling, and secure data access patterns.

Define requirements and guardrails for GenAI safety and misuse prevention, including content filtering, prompt/response logging strategy, abuse detection, and safe tool execution.

Partner with IAM teams to implement least-privilege access for AI platforms, model endpoints, feature stores/vector databases, and supporting pipelines (service-to-service auth, token handling, RBAC/ABAC).

Review and approve AI solution designs, ensuring alignment with security policies, regulatory expectations, and enterprise standards (secure SDLC/DevSecOps).

Define requirements for model governance and assurance (model provenance, versioning, artifact integrity, evaluation/validation controls, documentation, and auditability).

Work with security operations to integrate AI platforms into monitoring and incident response, including logging requirements, detection use cases, and response playbooks for AI-specific incidents.

Contribute to security standards and best practices: "when to use enterprise controls vs platform-native controls," secure configuration baselines, and reusable implementation guidance.

5+ years of experience in security architecture/engineering, with demonstrated experience securing cloud-native applications and APIs (AI/ML experience required).

Strong understanding of AI/ML and GenAI solution patterns (model training vs inference, RAG, vector databases, agents/tool use, model endpoints).

Proven ability to translate business and technical requirements into actionable security controls and architecture decisions.

Experience with cloud security fundamentals (network segmentation, IAM, encryption, secrets management, logging/monitoring) in at least one major cloud provider (AWS/Azure/GCP).

Hands-on experience with application security and API security (authN/authZ, OWASP Top 10, secure SDLC, threat modeling).

Familiarity with AI/ML security risks and mitigations (prompt injection, data leakage, jailbreaks, model theft, poisoning, insecure dependencies).

Strong communication skills-able to document and present complex technical topics to engineering and leadership audiences.

Ability to work independently and drive results in a fast-paced, multi-team environment.

Capgemini provides compensation range information in accordance with applicable national, state, provincial, and local pay transparency laws. The base compensation range listed for this position reflects the minimum and maximum target compensation Capgemini, in good faith, believes it may pay for the role at the time of this posting. This range may be subject to change as permitted by law.

The actual compensation offered to any candidate may fall outside of the posted range and will be determined based on multiple factors legally permitted in the applicable jurisdiction.

These may include, but are not limited to: Geographic location, Education and qualifications, Certifications and licenses, Relevant experience and skills, Seniority and performance, Market and business consideration, Internal pay equity.

It is not typical for candidates to be hired at or near the top of the posted compensation range.

In addition to base salary, this role may be eligible for additional compensation such as variable incentives, bonuses, or commissions, depending on the position and applicable laws.

Capgemini offers a comprehensive, non-negotiable benefits package to all regular, full-time employees. In the U.S. and Canada, available benefits are determined by local policy and eligibility and may include:

• Paid time off based on employee grade (A-F), defined by policy: Vacation: 12-25 days, depending on grade, Company paid holidays, Personal Days, Sick Leave
• Medical, dental, and vision coverage (or provincial healthcare coordination in Canada)
• Retirement savings plans (e.g., 401(k) in the U.S., RRSP in Canada)
• Life and disability insurance
• Employee assistance programs
• Other benefits as provided by local policy and eligibility

Important Notice: Compensation (including bonuses, commissions, or other forms of incentive pay) is not considered earned, vested, or payable until it becomes due under the terms of applicable plans or agreements and is subject to Capgemini's discretion, consistent with applicable laws. The Company reserves the right to amend or withdraw compensation programs at any time, within the limits of applicable legislation.

Capgemini ist einer der weltweit führenden Anbieter von Management- und IT-Beratung, Technologie-Services und Digitaler Transformation. Als ein Wegbereiter für Innovation unterstützt das Unternehmen seine Kunden bei deren komplexen Herausforderungen rund um Cloud, Digital und Plattformen.