Principal Cybersecurity Architect Identity & Access Management for AI Systems
GE Vernova · Boston, MA · 4 days ago
RemoteRemoteEngineering$166k–$276k/yrFull-time
Key Responsibilities
- Enterprise Vision: Act as the primary authority on AI identity security, providing guidance to executive leadership and engineering teams.
- Cross-Functional Alignment: Drive strategy across cybersecurity, cloud platforms, GRC, legal, and business units.
- Thought Leadership: Represent the organization in external forums, industry working groups, and vendor discussions regarding AI security standards.
- Architecture Ownership: Define the long-term IAM architecture for AI systems and agents in cloud and hybrid environments, establishing reusable patterns and reference designs.
- AI Agent Lifecycle & Governance: Identity Management: Oversee the full lifecycle for AI agents, from initial onboarding and cryptographic identity assignment to decommissioning.
- Accountability: Maintain an unbroken chain of human ownership and traceability for all autonomous agents.
- Access Control: Architect and enforce the Principle of Least Privilege (PoLP), Just-in-Time (JIT), and Just-Enough-Access (JEA) patterns for AI workloads.
- Compliance: Partner with GRC and privacy teams to ensure AI agent governance meets rigorous regulatory requirements.
Required Qualifications
- Experience: 12+ years in cybersecurity, with a heavy emphasis on IAM.
- Senior Leadership: 7+ years in Principal/Senior Architect roles for large-scale enterprise or cloud-native environments.
- Cloud Expertise: Expert-level knowledge of AWS IAM (roles, policies, SCPs, federation) and AWS Identity Center.
- AI Security: Proficiency with AWS Bedrock Identity/AgentCore and similar frameworks.
- Conceptual Depth: Expert understanding of Zero Trust architecture and its application to AI/agentic workloads.
- Communication: Exceptional ability to distill complex technical risks for executive stakeholders.
Preferred Qualifications
- Multicloud: Experience with Microsoft Azure IAM (Entra ID, Managed Identities, Azure AI).
- Governance Tools: Familiarity with IGA technologies (e.g., Saviyant) and NHI (Non Human Identity) governance.
- Agentic Security: Knowledge of LLM-specific threats (OWASP LLM Top 10) and prompt injection mitigation.
- Frameworks: Understanding of SPIFFE/SPIRE for workload identity.
- Certifications: AWS Certified Security – Specialty, CISSP, CISM, or CCSP.