Principal Security Architect, Agent Policy Fabric

About The Position

Requirements

• Bachelor's degree (or equivalent experience) with 15+ years of industry experience in security architecture, product security, enterprise security platforms, identity and access management, cloud security, or infrastructure governance.
• Validated ability to lead ambiguous, cross-functional security initiatives across product, platform, infrastructure, IT, and security operations teams.
• Practical understanding of agentic AI risks, tool-call governance, prompt-injection limits, sandbox boundaries, credential exposure risks, audit requirements, and the difference between containment, authorization, and monitoring.
• Experience designing controls around identity, authorization, policy, secrets, network egress, runtime isolation, telemetry, SIEM integration, exception workflows, and compliance evidence.
• Ability to write crisp architecture memos, decision records, threat models, standards, and adoption plans that are useful to both senior leaders and implementation teams.

Nice To Haves

• Experience securing agent platforms, AI copilots, autonomous workflows, MCP-style tool systems, sandboxed runtimes, or governed access to enterprise SaaS and engineering systems.
• Familiarity with OPA/Rego, Cedar, Zanzibar-style authorization, OAuth/OIDC, SAML, workload identity, delegated authorization, signed configuration, or enterprise trust-root distribution.
• Track record driving company-wide security architecture across multiple business units, including standards, rollout plans, risk acceptance, exception handling, and measurable adoption.
• Experience explaining security architecture to executives, customers, partners, standards bodies, or field teams while preserving bounded claims and clear implementation caveats.

Responsibilities

• Lead Enterprise Agent Security Architecture: Define the cross-company reference architecture for governed agent actions, including durable policies, runtime controls, adapter boundaries, credential mediation, detector response, audit correlation, failure modes, and production-readiness criteria.
• Drive APF as a Governance Starting Point: Translate Agent Policy Fabric concepts into executive-ready decision papers, engineering standards, threat models, control objectives, and implementation achievements without treating working-draft architecture as a pre-decided product direction.
• Align Cross-Organization Owners: Partner with Product Security, OpenShell, Omnistation, Identity, IT, Fleet/MDM, SecOps, 3S, legal/privacy, and corporate-resource owners to define who owns each control surface and how agent workflows move from proof-of-life to enterprise pilot.
• Build Security Review and Adoption: Establish review patterns for agent workflows, including policy authoring, approval, signing, runtime admission, credential issuance, direct-egress controls, audit evidence, managing anomalies, and break-glass procedures.
• Represent the Architecture: Brief senior leaders, customer-facing teams, and partner engineering teams on NVIDIA's agent security posture, APF maturation path, open decisions, known limitations, and the evidence required before broader deployment.

Benefits

• Competitive salaries
• Generous benefits package
• Equity
• AI tools in recruiting processes