AI Security Architect

We are seeking an experienced AI Security Architect o lead the design, assessment, and governance of security controls for AI and machine learning systems across the enterprise. This role sits at the intersection of cybersecurity architecture, identity and access management (IAM), and emerging AI/ML technologies. You will be responsible for ensuring that AI workloads-including large language models, agentic frameworks, and ML pipelines-are deployed securely within a complex, regulated environment., Design and implement security architectures for AI/ML platforms, including model hosting environments, inference endpoints, training pipelines, and agentic AI systems.

Develop and enforce identity, authentication, and authorization (IAA) frameworks for AI workloads, ensuring least-privilege access, service identity governance, and secure token flows (e.g., OAuth 2.0, OBO, managed identities).

Lead threat modeling and risk assessments for AI deployments, leveraging frameworks such as OWASP AI Top 10, MITRE ATLAS, and NIST AI RMF.

Evaluate and harden AI supply chain components, including model registries, MCP servers, API gateways, and third-party integrations.

Define IAM policies and role-based access controls for AI development and production environments across cloud platforms (Azure, AWS, or Google Cloud Platform).

Collaborate with data science, platform engineering, and compliance teams to embed security guardrails into the AI development lifecycle without impeding velocity.

Author security architecture documents, threat and risk assessments, tactical exception requests, and developer implementation guides for AI-related initiatives.

Monitor the evolving AI threat landscape-including prompt injection, tool poisoning, data exfiltration via agentic workflows, and model manipulation-and translate findings into actionable controls.

Present technical security findings, risk postures, and architectural recommendations to senior leadership, governance boards, and cross-functional stakeholders in clear, accessible language.

Contribute to enterprise security standards and policies governing AI adoption, including acceptable use, data handling, and model governance., * Strong IAM experience, particularly:

• Active Directory (AD)
• Entra ID / Azure AD
• Centralized identity management
• Authentication and authorization design
• Least-privilege access models
• Service identities / managed identities

Azure experience is highly preferred, especially around identity and access management within Azure environments. Other cloud platforms are acceptable, but Azure is the strongest preference.

AI experience is highly preferred, specifically within the security and identity domain - not general ChatGPT usage or prompt engineering. Ideal candidates should have exposure to securing AI systems, AI agents, or AI-related identity workflows.

The role requires someone who understands lower-level architecture and policy design, including:

• How agents authenticate and communicate
• How tokens are passed between systems
• Credential handling and authorization flows
• Fine-grained authorization models
• Access timing and conditional access concepts
• Managed Identities (MI) and Service Principals from an identity/security perspective
• Threat modeling and AI-related threat vectors

Candidates should understand:

• How IAM is deployed in Azure
• Where agents run and how they authenticate
• How user credentials are securely passed
• How AI agents/services interact with enterprise systems
• How least-privilege access is enforced in AI workflows

Strong understanding of modern authentication mechanisms is important, including:

• OAuth 2.1
• RAR (Rich Authorization Requests)
• OBO/token delegation concepts
• Bonus if familiar with Macaroons or Biscuit tokens

The ideal candidate is hands-on - someone who has actually implemented, coded, deployed, and operated these solutions, not someone who has only been exposed at a high level.

This person will work closely between AI engineering managers and the enterprise identity/IAM teams.

The ideal candidate combines deep security architecture expertise with practical, hands-on experience in AI systems. Given that enterprise AI adoption is still a rapidly evolving discipline, we value demonstrated engagement with AI security concepts and tooling proportional to the maturity of the field., * Strong with IAM experience anything with access mgt (strong with it)

• AD
• Entra ID
• Azure knowledge
• AI (will be really preferred)

Nice-to-Haves:

• AI (will be really preferred)-security/identity space not chat gpt-knowing terminology/lingo; machine learning-not much but AI-instead of chat GPT what's their experience on AI professional/personal experience-can speak to it
• Highly regulated industry, Security Architecture & Engineering

7+ years of experience in cybersecurity, with at least 3 years focused on security architecture or engineering.

Demonstrated ability to design end-to-end security architectures for cloud-native and hybrid enterprise environments.

Strong working knowledge of network security, application security, data protection, and zero-trust principles.

Identity, Authentication & Access Management (IAA/IAM)

Hands-on experience designing and implementing IAM solutions in enterprise environments (e.g., Entra ID / Azure AD, Okta, Ping, AWS IAM).

Deep understanding of authentication and authorization protocols: OAuth 2.0, OIDC, SAML, SCIM, and token-based flows (including on-behalf-of and client credential grants).

Experience with service identity management, managed identities, workload identity federation, and privileged access governance for non-human actors.

AI / Machine Learning Security

1-3 years of demonstrated experience working with AI/ML systems in a security, governance, or engineering capacity. This is calibrated to the maturity of the enterprise AI space-we recognize the field is young and value depth of engagement over length of tenure.

Practical understanding of LLM deployment patterns, agentic AI frameworks (e.g., LangChain, LangGraph), and the security risks they introduce.

Familiarity with AI-specific threat vectors: prompt injection, training data poisoning, model inversion, tool/plugin abuse, and supply chain risks in model and connector ecosystems.

Exposure to AI governance frameworks and standards: NIST AI RMF, EU AI Act, OWASP AI Top 10, MITRE ATLAS.

Communication & Stakeholder Engagement

Excellent written and verbal communication skills, with a proven ability to translate complex technical security concepts into business-relevant language for executive and non-technical audiences.

Experience authoring formal security documentation: architecture decision records, risk assessments, implementation guides, and policy documents.

Demonstrated ability to influence cross-functional teams, facilitate architecture review boards, and present security recommendations with clarity and confidence.

PREFERRED QUALIFICATIONS:

Experience in financial services, healthcare, or other heavily regulated industries with multi-jurisdictional compliance requirements (e.g., SOX, GDPR, MiFID II, SR 11-7).

Hands-on experience with Microsoft Azure and M365 security ecosystems, including Entra ID, Azure AI Foundry, Copilot Studio, Defender for Cloud, and Purview.

Familiarity with API gateway security patterns for AI services (e.g., Azure APIM, Kong, Cloudflare AI Gateway).

Knowledge of model security scanning, container security for ML workloads, and secure MLOps pipeline design.

Relevant certifications such as CISSP, CCSP, CISM, Azure Security Engineer Associate, or AI-specific credentials.

Experience evaluating or implementing Model Context Protocol (MCP) security controls.

Background in contributing to security communities of practice, mentoring junior engineers, or publishing security research.

Detail:

Looking for a candidate who is moving toward AI Security with a strong foundation in Identity & Access Management (IAM), especially around access management and enterprise identity architecture., Candidates coming purely from IAM governance tools such as Saviynt (governance-heavy profiles) may not be the best fit unless they also have strong hands-on IAM engineering and architecture experience. Similarly, pure Okta administration backgrounds may require too much ramp-up if they lack deeper architecture and engineering exposure.

Highly regulated industry experience (financial services, healthcare, etc.) is preferred but not mandatory.

Ideal background:

• ~7+ years in Cybersecurity/IAM/Security Engineering
• ~1+ year of AI Security or AI-related identity/security experience