Jobs · Engineering

Principal Cybersecurity Architect Identity & Access Management for AI Systems

GE Vernova · Boston, MA · 4 days ago
RemoteRemoteEngineering$166k–$276k/yrFull-time

Key Responsibilities

  • Enterprise Vision: Act as the primary authority on AI identity security, providing guidance to executive leadership and engineering teams.
  • Cross-Functional Alignment: Drive strategy across cybersecurity, cloud platforms, GRC, legal, and business units.
  • Thought Leadership: Represent the organization in external forums, industry working groups, and vendor discussions regarding AI security standards.
  • Architecture Ownership: Define the long-term IAM architecture for AI systems and agents in cloud and hybrid environments, establishing reusable patterns and reference designs.
  • AI Agent Lifecycle & Governance: Identity Management: Oversee the full lifecycle for AI agents, from initial onboarding and cryptographic identity assignment to decommissioning.
  • Accountability: Maintain an unbroken chain of human ownership and traceability for all autonomous agents.
  • Access Control: Architect and enforce the Principle of Least Privilege (PoLP), Just-in-Time (JIT), and Just-Enough-Access (JEA) patterns for AI workloads.
  • Compliance: Partner with GRC and privacy teams to ensure AI agent governance meets rigorous regulatory requirements.

Required Qualifications

  • Experience: 12+ years in cybersecurity, with a heavy emphasis on IAM.
  • Senior Leadership: 7+ years in Principal/Senior Architect roles for large-scale enterprise or cloud-native environments.
  • Cloud Expertise: Expert-level knowledge of AWS IAM (roles, policies, SCPs, federation) and AWS Identity Center.
  • AI Security: Proficiency with AWS Bedrock Identity/AgentCore and similar frameworks.
  • Conceptual Depth: Expert understanding of Zero Trust architecture and its application to AI/agentic workloads.
  • Communication: Exceptional ability to distill complex technical risks for executive stakeholders.

Preferred Qualifications

  • Multicloud: Experience with Microsoft Azure IAM (Entra ID, Managed Identities, Azure AI).
  • Governance Tools: Familiarity with IGA technologies (e.g., Saviyant) and NHI (Non Human Identity) governance.
  • Agentic Security: Knowledge of LLM-specific threats (OWASP LLM Top 10) and prompt injection mitigation.
  • Frameworks: Understanding of SPIFFE/SPIRE for workload identity.
  • Certifications: AWS Certified Security – Specialty, CISSP, CISM, or CCSP.

Similar jobs