The Application Security Architect is responsible for defining and driving secure-by-design approaches for AI-enabled applications and services.
This role focuses on protecting the full lifecycle of AI/ML systems, including: LLM-based applications, Agentic workflows, Retrieval-augmented generation (RAG), Model APIs and inference services, Training/fine-tuning pipelines, Third-party AI integrations and SaaS capabilities.
The architect will work closely with application teams, enterprise architects, AI/ML engineers, developers, cloud/platform teams, and security stakeholders to establish secure patterns, identify AI-specific risks, implement technical controls, and support responsible adoption of AI capabilities across the organization.
Requirements
7+ years of experience in application security, product security, security architecture, or secure software engineering, with at least 2–3 years focused on AI/ML or LLM security, AI-enabled application architecture, or adversarial AI security.
Strong background in application security principles and methodologies, including secure design review, threat modeling, vulnerability management, API security, authn/authz, and secure SDLC practices.
Demonstrated experience securing AI/ML systems, LLM-enabled applications, or AI integration patterns in enterprise or production environments.
Practical experience with AI models, frameworks, and orchestration technologies, such as Azure AI Foundry, Azure OpenAI/OpenAI APIs, LangChain, Semantic Kernel, Hugging Face, TensorFlow, PyTorch, or similar ecosystems.
Hands-on experience implementing security controls for AI use cases, including prompt filtering, output validation, model access controls, data protections, agent/tool guardrails, and monitoring.
Strong understanding of AI-specific threats such as prompt injection, jailbreaks, model inversion, data poisoning, model extraction, insecure plugins/tools, and sensitive data leakage.
Demonstrated ability to write, review, and implement code when needed, including scripting, prototyping, automation, integrating security controls into applications and CI/CD pipelines, and building practical solutions to support AppSec and AI security use cases.
Proficiency in one or more programming/scripting languages such as Python, JavaScript/TypeScript, Go, or Bash; Python strongly preferred, with the ability to work comfortably in existing codebases, automation scripts, and integration layers.
Experience working with cloud-native platforms and services (Azure preferred; AWS/GCP also valuable), including APIs, containers, IAM, secrets management, logging, and deployment pipelines.
Strong familiarity with AI and AppSec frameworks such as OWASP LLM Top 10, NIST AI RMF, MITRE ATLAS, and secure architecture principles for AI systems.
Practical experience working with source code repositories and modern development workflows, including branching, pull requests, code review, repository hygiene, and CI/CD integration.
Experience using or supporting GitHub-based development environments, including repository management, Git-based workflows, and security integration into build and deployment pipelines.
Familiarity with artifact, package, and binary repository management, including platforms such as JFrog Artifactory, to support secure handling of dependencies, build artifacts, containers, models, or related software assets.
Strong communication skills with the ability to work across engineering, architecture, data science, security, risk, and leadership stakeholders.
Tech Stack
AWS
Azure
Cloud
Google Cloud Platform
JavaScript
Python
PyTorch
SDLC
Tensorflow
TypeScript
Go
Benefits
Medical/Dental/Vision coverage
401(k) plan
Tuition reimbursement program
Paid Time Off and Holidays (based on date of hire, at least 23 days of vacation each year and 9 company-designated holidays)
Paid Parental Leave
Paid Caregiver Leave
Additional sick leave beyond what state and local law require may be available but is unprotected