Senior Security Architect, Cloud Authentication and Authorization

Details

NVIDIA has continuously reinvented itself over two decades. Our invention of the GPU in 1999 fueled the growth of the PC gaming market, redefined modern computer graphics, and revolutionized parallel computing. More recently, GPU deep learning ignited modern AI - the next era of computing. NVIDIA is a "learning machine" that constantly evolves by adapting to new opportunities that are hard to solve, that only we can pursue, and that matter to the world.

Are you ready to influence the future of AI and cloud security? Join NVIDIA’s team in Santa Clara, CA, as a Senior Security Architect, Cloud Authentication and Authorization. This position enables you to guide the architectural vision for identity and authorization systems, collaborating with a group of authorities committed to delivering secure solutions for cloud platforms, AI-enabled systems, enterprise connectors, services, and automation.

Responsibilities

• Outline the security architecture strategy for cloud authentication, authorization, workload identity, and agent identity across NVIDIA cloud platforms, AI-enabled systems, enterprise connectors, services, and automation.
• Define processes for establishing, linking, authorizing, delegating, auditing, and retiring human, workload, service, and autonomous agent identities, including attestation-supported identity issuance and certificate-based or temporary credentials.
• Develop authorization and delegation frameworks for AI agents and enterprise connectors: consent, token exchange, prioritized authority, sensitive-action approval, revocation, and protections against confused-deputy behavior.
• Lead architecture reviews and threat modeling for high-risk identity and access flows, converting ambiguous scenarios into practical controls engineering teams can build and verify.
• Establish identity lifecycle, telemetry, and emergency-disablement patterns for token issuance, policy decisions, privilege elevation, tool invocation, data access, credential rotation, grant revocation, and compromised or untrusted identities.
• Convert emerging AI security risks into authentication, authorization, audit, and execution-boundary requirements.
• Partner with identity, cloud, platform, application, AI security, governance, detection, and incident response teams to align architecture decisions with risk strategy and operational reality.
• Build reusable architecture patterns, decision records, exception criteria, and implementation mentorship; stay engaged through adoption, validation, and residual-risk closure.

Requirements

• 8+ years experience in cybersecurity, security architecture, cloud security, IAM, application security, product security, platform security, infrastructure security, or security engineering for distributed systems.
• Extensive knowledge in cloud authentication, authorization, IAM, workload identity, agent identity, non-human identity, or identity architecture, with hands-on experience developing, managing, deploying, or owning authentic security controls.
• Bachelor's degree in Engineering, Cybersecurity, Data Engineering, or a related technical field, or equivalent experience.
• Proficiency in authentication and authorization protocols and frameworks such as OIDC, OAuth 2.0, SAML, federation, delegation, token exchange, token scope, issuer and audience boundaries, consent, mTLS, certificate-backed identity, and prioritized access.
• Direct involvement handling workload and agent identities, including attestation processes, Zero Trust Architecture concepts, short-lived credentials, and temporary identities.
• Experience developing authorization boundaries for distributed systems, including fine-grained authorization patterns, control points, prioritized delegation, model/data/tool access controls, sensitive-action approval, and execution boundaries.
• Proficiency with identity and certificate lifecycle management: enrollment, provisioning, scope definition, prioritized issuance, renewal, rotation, revocation, expiration, auditability, deprovisioning, lifecycle automation, and awareness of crypto-agility and post-quantum implications.
• Hands-on understanding of AI security risks and sufficient proficiency in AI-enabled systems to assess timely injection, data exfiltration, unsafe tool use, overbroad authorization, and loss of human accountability.
• Strong foundational cybersecurity judgment: threat modeling, architecture review, risk analysis, mitigation development, clear communication of assumptions, partner-team alignment, and follow-through through implementation, verification, documentation, and closure.

Ways to stand out

• Experience crafting or adopting workload identity systems such as SPIFFE/SPIRE, workload identity federation, service mesh identity, policy engines, or attestation-backed identity provisioning.
• Extensive knowledge of autonomous agent identity, delegated authority, token exchange, prioritized credentials with limited scope, certificate-backed identities, identity-aware policy controls, or ownership models for human, workload, service, and agent identities.
• Experience crafting controls for AI agent tool use, such as per-tool authorization, policy control points, approval gates, egress restrictions, connector-scoped credentials, or emergency disablement of compromised agents.
• Background with security architecture for enterprise connectors, AI assistants, tool integrations, automation systems, sensitive-action approvals, or cross-system authorization boundaries.
• Experience reducing or eliminating static credentials through workload identity, short-lived credentials, certificate lifecycle improvements, auditable service identity, or automated revocation and rotation.

Compensation & Other Details

• Base salary range: 184,000 USD - 287,500 USD (determined by location, experience, and market factors).
• You will also be eligible for equity and benefits (link to NVIDIA benefits).
• Applications accepted at least until May 23, 2026.
• Location: Santa Clara, CA (position posting indicates on-site role).