Security Architect, Cloud Authentication

Job Description

Job Title: Senior Security Architect, Cloud Authentication and Authorization. Location: Santa Clara, CA, USA (also remote US options in TX, NC)

Responsibilities:

• Define security architecture strategy for cloud authentication, authorization, workload identity, and agent identity across AI and cloud platforms.
• Design identity lifecycle systems for humans, services, workloads, and autonomous agents, including issuance, delegation, revocation, and retirement.
• Build frameworks for authorization and delegation including consent, token exchange, scoped access, and sensitive-action approvals.
• Lead threat modeling and architecture reviews for complex identity and access control systems;
• Establish telemetry, audit, and emergency-disablement mechanisms for identity and access operations.
• Translate AI security risks into authentication, authorization, and execution boundary requirements.
• Collaborate with cloud, AI, security, governance, and incident response teams to align architecture decisions with risk strategy.
• Develop reusable security architecture patterns, documentation, and implementation guidance.
• Support ongoing validation, deployment, and closure of security risks across systems.

Qualifications:

• 8+ years of experience in cybersecurity, security architecture, cloud security, IAM, or distributed systems security engineering.
• Strong understanding of authentication and authorization protocols including OAuth 2.0, OIDC, SAML, mTLS, federation, and token-based systems.
• Experience with workload identity, non-human identity, and agent identity systems.
• Knowledge of Zero Trust Architecture principles and short-lived credential systems;
• Experience in fine-grained authorization and access control design for distributed systems.
• Strong threat modeling, risk analysis, and security architecture skills.
• Bachelor’s degree in Engineering, Cybersecurity, Data Engineering, or equivalent experience.

Preferred:

• Experience with SPIFFE/SPIRE or workload identity federation systems.
• Knowledge of autonomous agent identity and delegated authority models.
• Experience building security controls for AI agents, tool access, and automation systems.
• Familiarity with enterprise connector security and sensitive-action approval systems;
• Experience eliminating static credentials using short-lived or certificate-based identity systems.
• Understanding of crypto-agility and post-quantum cryptography implications.

Benefits and Compensation:

• Base salary: $184,000 to $287,500 per year depending on experience and location.
• Equity eligibility in NVIDIA.
• Full employee benefits package;
• Opportunity to work on advanced AI and cloud security systems at scale.