AI Application Security Architect

About The Position

Requirements

• 10+ years in Application Security or Security Engineering.
• 5+ years in secure SDLC roles.
• 1+ year in AI/ML or LLMOps security.
• Hands-on multi-cloud experience (AWS/Azure/GCP/OCI) with IAM, KMS, security monitoring, and AI services.
• Proficiency in secure SDLC automation tools (e.g., SAST, DAST, SCA, IaC scanning).
• Strong knowledge of agentic AI/LLM stacks (RAG, vector DBs, agent orchestration, prompt engineering, policy guardrails), with hands-on experience in agentic protocols such as A2A, A2P, MCP, and related patterns.
• Experience with threat modeling, offensive testing, and application security for AI/ML systems.
• Understanding of privacy and compliance requirements for AI-enabled applications.

Nice To Haves

• Experience deploying agentic AI or LLM-based applications with secure toolchains and runtime isolation.
• Familiarity with confidential computing, privacy-preserving ML, and explainable AI.
• Background in regulated industries (e.g., financial services, healthcare).
• Security and cloud certifications: CISSP, CCSP, CISM, OSCP, CKA, AWS/Azure/GCPsecurity specialties.

Responsibilities

• Application Security & SDLC Automation Integrate security best practices throughout the SDLC for agentic AI applications, from design and code to deployment and operations.
• Develop and maintain automated security testing pipelines (SAST, DAST, SCA) for AI agents, APIs, and orchestration layers.
• Conduct security code reviews and threat modeling for agentic AI, focusing on model inputs/outputs, agent-to-agent (A2A), agent-to-process (A2P), and multi-agent control plane (MCP) interactions, as well as plugin/tool integration.
• Implement and automate security controls for secure agent deployment (sandboxing, RBAC/ABAC, policy enforcement, prompt injection/jailbreak mitigations).
• Ensure traceability and compliance by mapping agentic AI controls to regulatory frameworks (e.g., SOC 2, ISO 27001, NIST 800‑53, GDPR/CCPA).
• Agentic AI Security Engineering Design, implement, and continuously improve security for agentic AI systems, including secure orchestration protocols such as A2A, A2P, MCP, and related agentic communication and coordination patterns.
• Build and test secure-by-design agentic AI features, including runtime isolation, egress controls, audit trails, and observability (telemetry, prompt/result logging, risk scoring).
• Embed LLMOps/MLOps security into CI/CD (model artifact scanning, SBOMs, policy-as-code, attestation, controlled promotion).
• Continuously evaluate agent safety with adversarial prompts, scenario-based testing, drift/hallucination detection, and bias/fairness assessments.
• AI Security Testing Strategy & Pentesting Develop and execute a comprehensive AI security and penetration testing strategy for agentic AI applications and systems, with a focus on protocol-level security for A2A, A2P, MCP, and other agentic communication patterns.
• Lead offensive security assessments, including adversarial prompt testing, agent misuse scenarios, and vulnerability identification in agentic AI deployments.
• Collaborate with engineering teams to remediate findings and strengthen security posture across AI-enabled applications.
• Governance, Stakeholder Enablement & Metrics Define and operationalize agentic AI security policies, standards, and playbooks for engineering teams, including secure usage of agentic protocols (A2A, A2P, MCP, etc.).
• Lead secure SDLC and AI Security enablement: deliver secure coding guidelines, threat modeling workshops, and prompt hygiene training.
• Effectively communicate risk, security posture, and value trade-offs to business stakeholders and executives.
• Present security metrics, dashboards, and reports on application/AI security KPIs, incidents, and risk reduction to both technical and non-technical audiences.
• Partner with Cloud, Data Science, and Platform teams to deliver secure agentic AI features while maintaining a strong security posture.

Benefits

• Health & Wellness: Health care coverage designed for the mind and body.
• Flexible Downtime: Generous time off helps keep you energized for your time on.
• Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
• Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
• Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
• Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.