Principal Security Architect, Agent Policy Fabric
Listed on 2026-06-27
-
Security
Cybersecurity, Information Security
We are looking for a Principal Security Architect, Cloud Engineering & Services, to join our Agent Security, Safety, and Governance team and lead cross‑company security architecture for agentic AI. You will use Agent Policy Fabric as a starting point for enterprise agent governance while coordinating efforts among security product teams, Open Shell, and runtime groups;
Identity, IT, Fleet/MDM, and Sec Ops; corporate application owners; and partner organizations to turn a working draft architecture into practical security standards, roadmaps, and adoption plans.
The Cloud Engineering & Services team is defining how agentic systems can be deployed responsibly across the enterprise: governed access to company systems, durable policy, scoped credentials, runtime containment, detector‑informed response, and audit evidence that security, IT, product, and business leaders can trust.
What You’ll Be Doing:- Lead Enterprise Agent Security Architecture:
Define the cross‑company reference architecture for governed agent actions, including durable policies, runtime controls, adapter boundaries, credential mediation, detector response, audit correlation, failure modes, and production‑readiness criteria. - Drive APF as a Governance Starting Point:
Translate Agent Policy Fabric concepts into executive‑ready decision papers, engineering standards, threat models, control objectives, and implementation achievements without treating working‑draft architecture as a pre‑decided product direction. - Align Cross‑Organization Owners:
Partner with Product Security, Open Shell, Omnistation, Identity, IT, Fleet/MDM, Sec Ops, 3S, legal/privacy, and corporate‑resource owners to define who owns each control surface and how agent workflows move from proof‑of‑life to enterprise pilot. - Build Security Review and Adoption:
Establish review patterns for agent workflows, including policy authoring, approval, signing, runtime admission, credential issuance, direct‑egress controls, audit evidence, managing anomalies, and break‑glass procedures. - Represent the Architecture:
Brief senior leaders, customer‑facing teams, and partner engineering teams on NVIDIA’s agent security posture, APF maturation path, open decisions, known limitations, and the evidence required before broader deployment.
- Bachelor’s degree (or equivalent experience) with 15+ years of industry experience in security architecture, product security, enterprise security platforms, identity and access management, cloud security, or infrastructure governance.
- Security Architecture Leadership:
Validated ability to lead ambiguous, cross‑functional security initiatives across product, platform, infrastructure, IT, and security operations teams. - Agent AI Security Judgment:
Practical understanding of agentic AI risks, tool‑call governance, prompt‑injection limits, sandbox boundaries, credential exposure risks, audit requirements, and the difference between containment, authorization, and monitoring. - Enterprise Control Design:
Experience designing controls around identity, authorization, policy, secrets, network egress, runtime isolation, telemetry, SIEM integration, exception workflows, and compliance evidence. - Executive and Engineering Communication:
Ability to write crisp architecture memos, decision records, threat models, standards, and adoption plans that are useful to both senior leaders and implementation teams.
- Agent Governance
Experience:
Experience securing agent platforms, AI copilots, autonomous workflows, MCP‑style tool systems, sandboxed runtimes, or governed access to enterprise SaaS and engineering systems. - Policy and Identity Depth:
Familiarity with OPA/Rego, Cedar, Zanzibar‑style authorization, OAuth/OIDC, SAML, workload identity, delegated authorization, signed configuration, or enterprise trust‑root distribution. - Large‑Scale Security Programs:
Track record driving company‑wide security architecture across multiple business units, including standards, rollout plans, risk acceptance, exception handling, and measurable adoption. - External‑Facing Architecture:
Experience explaining security architecture to executives, customers,…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).