Application Security Architect with AI exp

 

Security Architect / AI Security AppSec Architect to assist in the strategic evaluation and secure implementation of our AI Agent Framework. As AI adoption accelerates across our investment and research teams, this role will be pivotal in ensuring our systems remain secure, resilient, and compliant. You will combine high-level architectural oversight—specifically evaluating new and emerging AI technologies—with hands-on engineering.

Reporting into the Director of Security in Global Security organization, you will research security controls, validate emerging architectural patterns, and define the governance standards for M365 Copilot Agents and autonomous agents built on Azure AI Foundry.

Primary Responsibilities:
Technology Evaluation & Security Architecture
• Emerging Tech Research: Proactively evaluate new AI tools, frameworks, and LLM providers to assess their security posture and suitability for a highly regulated investment environment.
• Architectural Design: Design and validate secure architectural patterns for AI agent integration within the organization’s ecosystem, ensuring data privacy and IP protection.
• Threat Modeling: Conduct deep-dive analysis of AI-specific threats (prompt injection, model inversion, data poisoning) and architect systemic mitigations.
• Platform Assessment: Evaluate the security capabilities of Azure AI Foundry, M365 Copilot Studio, and the Microsoft Graph API against the organization’s compliance standards.
• MCP Specialization: Assess Model Context Protocol (MCP) security best practices, designing isolation strategies for context management.
• As a security architect assist with evaluations of other technologies being evaluated with via our Enterprise Architecture Review Board

Technical Implementation & Validation
• Hardening & Standards: Create hardening checklists and configuration standards for AI platforms that bridge the gap between innovation and rigorous risk management.
• Identity & Integration: Test and document sophisticated integration approaches with Azure Key Vault, Entra ID, and Managed Identities.
• Security Telemetry: Implement advanced logging, auditing, and monitoring for AI agent telemetry to ensure visibility into autonomous actions. Governance & Standards Development
• Design Principles: Lead the creation of the organization’s AI Agent Security Design Principles document.
• Policy Authoring: Working with various teams assist in developing technical sections of governance policies that address the risks of emerging AI technologies and autonomous workflows.
• CI/CD Integration: Identify and bridge control gaps in existing CI/CD pipelines to support secure, automated AI deployments.
• Stakeholder Collaboration: Translate complex security architectures into actionable implementation guides for developers and investment tech teams.

Required Qualifications:
Architectural & Technical Skills
• 5+ years in Cloud Security/Architecture with deep hands-on Azure platform experience.
• AI Specialization: Hands-on experience with Azure AI Services,  Azure OpenAI, and Azure AI Foundry (or similar platforms like AWS SageMaker).
• Modern Identity: Expert-level understanding of Microsoft Entra ID, Service Principals, and Managed Identity in a complex enterprise environment.
• Emerging Protocols: Deep familiarity with Model Context Protocol (MCP) and its implications for data isolation and session security.
• GenAI/LLM Expertise: Strong grasp of RAG (Retrieval-Augmented Generation) patterns and vector database security. Security Implementation & Strategy
• Zero Trust: Proven track record of implementing Zero Trust controls in financial services or cloud-native environments.

Security Implementation & Strategy
• Zero Trust: Proven track record of implementing Zero Trust controls in financial services or cloud-native environments.
• Automation: Experience with Infrastructure as Code (Terraform, Bicep) to codify security guardrails.
• Threat Assessment: Familiarity with the OWASP Top 10 for LLMs and AI-specific vulnerability scanning.

Preferred Qualifications:
• Certifications: Azure Security Engineer Associate, Azure AI Engineer Associate, or CISSP/CCSP