AI Application Security Architect

About the Role:

Grade Level (for internal use): 13

The role: AI Application Security Architect

Location: New Jersey, US or London, UK

Role Summary. We are seeking a highly skilled professional to drive the secure development lifecycle (SDLC) of agentic AI systems and applications across multi‑cloud (AWS, Azure, GCP) and hybrid/on‑prem environments. This role will focus on embedding robust application security controls, performing secure SDLC reviews, and leading the design and automation of security validation for agentic AI and LLM‑powered solutions. The ideal candidate blends hands‑on security engineering expertise with practical experience in AI/ML, MLOps/LLMOps, and secure application architecture, delivering resilient, compliant, and business‑aligned agentic AI systems.

• Integrate security best practices throughout the SDLC for agentic AI applications, from design and code to deployment and operations.
• Develop and maintain automated security testing pipelines (SAST, DAST, SCA) for AI agents, APIs, and orchestration layers.
• Conduct security code reviews and threat modeling for agentic AI, focusing on model inputs/outputs, agent‑to‑agent (A2A), agent‑to‑process (A2P), and multi‑agent control plane (MCP) interactions, as well as plugin/tool integration.
• Implement and automate security controls for secure agent deployment (sandboxing, RBAC/ABAC, policy enforcement, prompt injection/jailbreak mitigations).
• Ensure traceability and compliance by mapping agentic AI controls to regulatory frameworks (SOC 2, ISO 27001, NIST 800‑53, GDPR/CCPA).

• Design, implement, and continuously improve security for agentic AI systems, including secure orchestration protocols such as A2A, A2P, MCP, and related agentic communication and coordination patterns.
• Build and test secure‑by‑design agentic AI features, including runtime isolation, egress controls, audit trails, and observability (telemetry, prompt/result logging, risk scoring).
• Embed LLMOps/MLOps security into CI/CD (model artifact scanning, SBOMs, policy‑as‑code, attestation, controlled promotion).
• Continuously evaluate agent safety with adversarial prompts scenario‑based testing, drift/hallucination detection, and bias/fairness assessments.

• Develop and execute a comprehensive AI security and penetration testing strategy for agentic AI applications and systems, with a focus on protocol‑level security for A2A, A2P, MCP, and other agentic communication patterns.
• Lead offensive security assessments, including adversarial prompt testing, agent misuse scenarios, and vulnerability identification in agentic AI deployments.
• Collaborate with engineering teams to remediate findings and strengthen security posture across AI‑enabled applications.

• Define and operationalize agentic AI security policies, standards, and playbooks for engineering teams, including secure usage of agentic protocols (A2A, A2P, MCP, etc.).
• Lead secure SDLC and AI Security enablement: deliver secure coding guidelines, threat modeling workshops, and prompt hygiene training.
• Effectively communicate risk, security posture, and value trade‑offs to business stakeholders and executives.
• Present security metrics, dashboards, and reports on application/AI security KPIs, incidents, and risk reduction to both technical and non‑technical audiences.
• Partner with Cloud, Data Science, and Platform teams to deliver secure agentic AI features while maintaining a strong security posture.

• 10+ years in Application Security or Security Engineering.
• 5+ years in secure SDLC roles.
• 1+ year in AI/ML or LLMOps security.
• Hands‑on multi‑cloud experience (AWS/Azure/GCP/OCI) with IAM, KMS, security monitoring, and AI services.
• Proficiency in secure SDLC automation tools (e.g., SAST, DAST, SCA, IaC scanning).
• Strong knowledge of agentic AI/LLM stacks (RAG, vector DBs, agent orchestration, prompt engineering, policy guardrails), with hands‑on experience in agentic protocols such as A2A, A2P, MCP, and related patterns.
• Experience with threat modeling,…