Key skills
CloudCyber SecurityDistributed SystemsAIData EngineeringIAMOAuthSAMLCommunicationCloud SecurityZero Trust
About this role
Role Overview
- Outline the security architecture strategy for cloud authentication, authorization, workload identity, and agent identity across NVIDIA cloud platforms, AI-enabled systems, enterprise connectors, services, and automation.
- Outline processes for establishing, linking, authorizing, delegating, auditing, and retiring human, workload, service, and autonomous agent identities, including attestation-supported identity issuance and certificate-based or temporary credentials.
- Develop authorization and delegation frameworks for AI agents and enterprise connectors, encompassing consent, token exchange, prioritized authority, sensitive-action approval, revocation, and protections against confused-deputy behavior.
- Lead architecture reviews and threat modeling for high-risk identity and access flows, turning ambiguous scenarios into practical controls that engineering teams can build and verify.
- Establish identity lifecycle, telemetry, and emergency-disablement patterns for token issuance, policy decisions, privilege elevation, tool invocation, data access, credential rotation, grant revocation, and compromised or untrusted identities.
- Convert emerging AI security risks into authentication, authorization, audit, and execution-boundary requirements.
- Partner with identity, cloud, platform, application, AI security, governance, detection, and incident response teams to align architecture decisions with risk strategy and operational reality.
- Build reusable architecture patterns, decision records, exception criteria, and implementation mentorship, staying engaged through adoption, validation, and residual-risk closure.
Requirements
- 8+ years experience in cybersecurity, security architecture, cloud security, IAM, application security, product security, platform security, infrastructure security, or security engineering for distributed systems.
- Extensive knowledge in cloud authentication, authorization, IAM, workload identity, agent identity, non-human identity, or identity architecture, combined with hands-on experience in developing, managing, deploying, or assuming direct responsibility for authentic security controls.
- Bachelor’s degree in Engineering, Cybersecurity, Data Engineering, or a related technical field, or equivalent experience.
- Proficiency in authentication and authorization protocols and frameworks, such as OIDC, OAuth 2.0, SAML, federation, delegation, token exchange, token scope, issuer and audience boundaries, consent, mTLS, certificate-backed identity, prioritized access, and associated technologies.
- Direct involvement in handling workload and agent identities, covering attestation processes, Zero Trust Architecture concepts, short-lived credentials, and temporary identities.
- Experience developing authorization boundaries for distributed systems, including fine-grained authorization patterns, control points, prioritized delegation, model/data/tool access controls, sensitive-action approval, and execution boundaries.
- Proficiency with identity and certificate lifecycle management, including enrollment, provisioning, scope definition, prioritized issuance, renewal, rotation, revocation, expiration, auditability, deprovisioning, lifecycle automation, and awareness of crypto-agility and post-quantum cryptography implications.
- Hands-on understanding of AI security risks combined with adequate proficiency in AI-enabled systems to assess timely injection, data exfiltration, unsafe tool use, overbroad authorization, and loss of human accountability.
- Strong foundational cybersecurity judgment, including threat modeling, architecture review, risk analysis, practical mitigation development, clear communication of assumptions, partner-team alignment, and follow-through through implementation, verification, documentation, and closure.
Tech Stack
- Cloud
- Cyber Security
- Distributed Systems
Benefits
- equity
- benefits