Duties & Responsibilities
Define the enterprise AI security architecture & baselines across Azure, GCP, Data -bricks, on‑prem, third -party vendors, and Microsoft 365 Copilot — covering identity, access, data protection, runtime controls, observability, and incident response for internal agentic workflows and customer‑facing agentic commerce flows.
Establish agent identity & access guardrails with Microsoft Entra Agent ID/Agent Registry, Conditional Access policies, and least‑privilege patterns for both human and machine identities tied to AI agents (including Copilot Studio and the Microsoft 365 Agents SDK).
Harden model runtime and tool‑calling using LLM firewalls, prompt injection defenses, content safety, jailbreak protection, and transaction controls —aligning GCP Model Armor and Azure Prompt Shields/Content Safety with security telemetry and response playbooks.
Govern agents of all types, including agent registration, environment segregation, pipelines, sharing policies, DLP integration, and lifecycle controls for maker/owner changes and “owner less” agents.
Secure Data -bricks AI/Mosaic workloads (model endpoints, gateways, Foundry integrations), standardizing authN/authZ, network isolation, secrets handling, and logging across notebooks, jobs, and serving layers.
Operationalize SOC coverage for AI, integrating signals into SIEM systems, tuning detections for agent misuse, and using AI agents to accelerate triage, investigations, and incident response.
Protect AI on endpoints (Windows/macOS) by setting baseline configurations for agentic browsers, extensions, and local AI run times; enforce due‑diligence review and hardening before user downloads/enablement.
Embed privacy, compliance, and disclosure (DLP tools, sensitive data policies) into AI pipelines.
Architect cross‑team delivery — create reusable patterns, standards, and reference implementations; lead design reviews; coach engineering teams; and drive adoption via roadmaps and enablement.
Requirements
Basic Qualifications
Proficient in cybersecurity frameworks and standards.
Experienced with cloud security, identity management, threat modeling, and incident response.
Experience: 5+ years in security architecture; 3–5+ years designing controls for cloud platforms; hands‑on with AI/ML security or production LLM workloads.
Depth in identity & access: Conditional Access, workload identities, service principals, managed identities, and agent identity governance patterns.
Cross‑cloud fluency especially with AI PaaS services: Azure, GCP, Data -bricks Mosaic, and Microsoft 365 Copilot/Copilot Studio.
Threat‑driven mindset: Familiar with LLM‑specific risks (prompt injection, data exfiltration, model‑assisted fraud, tool‑calling abuse), secure SDLC for agents, working knowledge of all security control types, and red/blue team techniques adapted to AI.
Controls & observability: DLP, logging/telemetry, SIEM/SOAR integrations, Zscaler/Defender stack, and incident response playbooks tailored for agentic workflows.
Leadership & communication: Proven ability to lead architecture programs, influence cross‑functional stakeholders, write clear standards, and mentor engineers.
How you’ll measure success
Guardrail coverage: Measurable adoption of baseline controls and policies across all AI platforms and environments.
Reduced risk: Fewer high‑severity findings in AI threat modeling, pen tests, and control assessments
Operational readiness: SOC detections and runbooks for AI threats in place; effective use of SIEM AI tools; audit‑ready evidence trails.
Governance maturity: AI Governance tools functioning at scale with clear owner/lifecycle controls.
Developer enablement: Adoption of secure patterns and reference architectures by product teams; streamlined approvals that balance agility and control.
Preferred Qualifications
- Recognized cybersecurity certification (e.g., CISSP, CISM, CCSP, GIAC).
- Cloud security certifications (Azure/GCP)
- Familiarity with state‑level AI legislation, FTC guidance, and other international AI legislation
Apply Now
Activate JobCopilot
Your email job alert is now active!