Corporate Vice President: AI Security Engineer

New York Life•New York, NY

31d•Hybrid

About The Position

As part of Technology, you'll have the opportunity to contribute to groundbreaking initiatives that shape New York Life's digital landscape. Leverage cutting-edge technologies like Generative AI to increase productivity, streamline processes, and create seamless experiences for clients, agents, and employees. Your expertise fuels innovation, agility, and growth — driving the company's success. The AI Engineer role is responsible for developing, implementing, and overseeing cyber resilience strategies that strengthen the organization’s ability to withstand and recover from advanced cyber disruptions across core technology layers. This role will be part of the first line cybersecurity team within NYL’s Information Technology Department. Responsibilities include resilience planning for core technology infrastructure and applications, as well as driving integration of cyber scenarios into disaster recovery (DR), business continuity (BC), and enterprise resilience efforts. The role serves as the critical bridge between cybersecurity, enterprise technology, and enterprise risk management. The AI Security Engineer is a senior, hands-on technical role responsible for designing, engineering, and modernizing New York Life’s Identity & Access Management (IAM) capabilities across all core IAM domains, including Identity Governance & Administration (IGA), Web Access Management (WAM), Privileged Access Management (PAM), and Directory Services. This role requires deep expertise in IAM engineering and security architecture, with the ability to design scalable, resilient identity solutions across hybrid and cloud environments. The engineer will serve as a technical leader within the IAM function, applying established security design patterns while evolving identity services to meet emerging enterprise needs. As New York Life expands its adoption of AI, ML, and agentic systems, this position will extend traditional IAM principles to support non-human identities, machine and workload identities, and autonomous AI agents. The engineer will help define how AI agents are authenticated, authorized, governed, and monitored, ensuring that autonomous actions remain secure, auditable, and aligned with enterprise risk and regulatory requirements. The AI Security Engineer will work closely with Cybersecurity Architecture, Cloud Platform, AI Engineering, and Application teams to integrate identity controls into modern platforms, including cloud-native services, AI pipelines, and agent orchestration frameworks. This role balances hands-on engineering, solution design, and architectural influence, and is expected to contribute meaningfully to standards, patterns, and roadmaps without being purely strategic. Successful candidates will bring 10+ years of experience across multiple IAM domains, strong cloud and security architecture knowledge, and practical experience applying IAM controls to AI-enabled or highly automated systems.

Requirements

Bachelor’s degree in Computer Science, Information Systems, Engineering, or equivalent practical experience.
10+ years of hands-on experience in identity, access management, and security engineering, including 7+ years operating across multiple IAM domains such as Identity Governance & Administration (IGA), Privileged Access Management (PAM), Web Access Management (WAM), and Directory Services.
Experience securing and integrating agentic and AI platforms (e.g., AWS Bedrock, LangChain-based or similar frameworks), applying security-first patterns such as prompt injection mitigation, secure authentication (OAuth2/OIDC), and execution isolation.
Working knowledge of multi-agent orchestration, retrieval-augmented generation (RAG) architectures, vector databases, and MCP integrations, with emphasis on identity, access control, and governance.
Demonstrated experience designing and implementing IAM solutions using security architecture principles and established design patterns in large, complex environments.
2–3+ years of hands-on experience securing or integrating AI/ML or agentic systems, including applying identity, authentication, and authorization controls to AI-enabled or highly automated workflows.
Proven experience managing non-human identities, including service accounts, APIs, workloads, and automated agents, using least-privilege and lifecycle governance principles.
Strong experience with cloud identity and access management, with hands-on expertise in AWS and GCP.
Deep understanding of identity and access protocols and standards, including OAuth 2.0, OpenID Connect (OIDC), SAML, LDAP, and modern token-based authorization models.
Experience implementing and supporting modern authentication mechanisms, including MFA and passwordless authentication.
Strong scripting and automation skills (e.g., Python, PowerShell, Java) to integrate IAM platforms with cloud, AI, and security tooling.
Solid understanding of security, risk, and compliance requirements applicable to IAM in regulated environments.
Ability to work effectively in a team-oriented, collaborative environment, with strong problem-solving skills.

Nice To Haves

Experience integrating IAM controls into AI/ML platforms, pipelines, or agent orchestration frameworks.
Familiarity with machine and workload identity standards and tooling (e.g., SPIFFE, workload identity federation, secrets management).
Exposure to policy-as-code and fine-grained authorization models (e.g., OPA, Cedar, attribute-based access control).
Experience supporting Zero Trust architectures and cloud-native security patterns.
Prior experience in a large enterprise or financial services environment.
Relevant IAM or security certifications (e.g., SailPoint, CyberArk, Ping Identity, cloud security certifications).

Responsibilities

Design and implement identity, authentication, and authorization solutions for AI-enabled and agentic systems, treating AI agents as first-class non-human identities.
Define and enforce lifecycle management, access controls, and revocation for autonomous agents, machine identities, and service accounts.
Implement delegated and “on-behalf-of” authorization patterns to clearly distinguish human-initiated actions from agent-initiated actions for audit and compliance.
Apply least-privilege and scope-limiting controls to prevent privilege escalation in automated and multi-agent workflows.
Design, engineer, and support enterprise IAM solutions across Identity Governance & Administration (IGA), Privileged Access Management (PAM), Web Access Management (WAM), and Directory Services.
Lead identity lifecycle processes, including provisioning, access governance, certifications, and de-provisioning for human and non-human identities.
Engineer and support privileged access capabilities, including just-in-time access, credential vaulting, and session management.
Design and integrate directory and federation services, including Active Directory, Entra/Azure AD, LDAP, SAML, and OpenID Connect (OIDC).
Apply security architecture principles and IAM design patterns to deliver scalable, resilient, and compliant identity solutions.
Integrate IAM capabilities across hybrid and cloud environments, with strong hands-on experience in AWS and GCP.
Implement and support modern authentication and authorization frameworks, including OAuth 2.0, MFA, and passwordless authentication.
Partner with Cybersecurity Architecture, Cloud, and Application teams to ensure IAM solutions meet security, risk, and regulatory requirements.
Troubleshoot and resolve complex IAM-related authentication, authorization, and integration issues.
Integrate IAM controls into AI/ML pipelines and automation frameworks, enabling real-time authorization, logging, and monitoring of agent activity.
Collaborate with AI platform and infrastructure teams to support identity-aware enforcement of execution boundaries and access controls.
Serve as a senior technical contributor within the IAM function, providing design guidance and technical mentoring.
Contribute to the development of IAM and AI identity standards, reference architectures, and reusable engineering patterns.
Evaluate emerging identity, cloud, and AI security technologies to inform platform enhancements and engineering roadmap decisions.
Engineer IAM controls to mitigate AI-driven risks, including synthetic identities, AI-enabled credential abuse, deepfake impersonation, and adaptive MFA bypass techniques.
Design and integrate AI/ML-driven solutions for anomaly detection, risk scoring, intelligent access governance, and adaptive authentication.
Build and enforce lifecycle governance for service accounts, APIs, bots, and autonomous AI agents using just-in-time access and least-privilege principles.
Treat AI models and agents as privileged entities and implement role-based and attribute-based authorization for model access, training, and invocation.
Develop automation (e.g., Python, PowerShell, Java) to integrate IAM with AI platforms, security orchestration, and operational workflows.

Benefits

We provide a full package of benefits for employees – and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs.
employees are eligible for an annual discretionary bonus.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume