Senior Security Architect, Cloud Authentication and Authorization

Senior Security Architect, Cloud Authentication and Authorization

NVIDIA has continuously reinvented itself over two decades. Our invention of the GPU in 1999 fueled the growth of the PC gaming market, redefined modern computer graphics, and revolutionized parallel computing! More recently, GPU deep learning ignited modern AI - the next era of computing. NVIDIA is a "learning machine" that constantly evolves by adapting to new opportunities that are hard to solve, that only we can pursue, and that matter to the world.

Are you ready to influence the future of AI and cloud security? Join NVIDIA's groundbreaking team in Santa Clara, CA, as a Senior Security Architect, Cloud Authentication and Authorization. This outstanding position enables you to guide the architectural vision for identity and authorization systems, collaborating with a group of world-class authorities committed to delivering impeccable solutions. With NVIDIA's history of innovation and your proven cybersecurity skills, you'll have the chance to drive meaningful change in the next generation of computing!

What you'll be doing:

• Outline the security architecture strategy for cloud authentication, authorization, workload identity, and agent identity across NVIDIA cloud platforms, AI-enabled systems, enterprise connectors, services, and automation.
• Outline processes for establishing, linking, authorizing, delegating, auditing, and retiring human, workload, service, and autonomous agent identities, including attestation-supported identity issuance and certificate-based or temporary credentials.
• Develop authorization and delegation frameworks for AI agents and enterprise connectors, encompassing consent, token exchange, prioritized authority, sensitive-action approval, revocation, and protections against confused-deputy behavior.
• Lead architecture reviews and threat modeling for high-risk identity and access flows, turning ambiguous scenarios into practical controls that engineering teams can build and verify.
• Establish identity lifecycle, telemetry, and emergency-disablement patterns for token issuance, policy decisions, privilege elevation, tool invocation, data access, credential rotation, grant revocation, and compromised or untrusted identities.
• Convert emerging AI security risks into authentication, authorization, audit, and execution-boundary requirements.
• Partner with identity, cloud, platform, application, AI security, governance, detection, and incident response teams to align architecture decisions with risk strategy and operational reality.
• Build reusable architecture patterns, decision records, exception criteria, and implementation mentorship, staying engaged through adoption, validation, and residual-risk closure.

What we need to see:

• 8+ years experience in cybersecurity, security architecture, cloud security, IAM, application security, product security, platform security, infrastructure security, or security engineering for distributed systems.
• Extensive knowledge in cloud authentication, authorization, IAM, workload identity, agent identity, non-human identity, or identity architecture, combined with hands-on experience in developing, managing, deploying, or assuming direct responsibility for authentic security controls.
• Bachelor's degree in Engineering, Cybersecurity, Data Engineering, or a related technical field, or equivalent experience.
• Proficiency in authentication and authorization protocols and frameworks, such as OIDC, OAuth 2.0, SAML, federation, delegation, token exchange, token scope, issuer and audience boundaries, consent, mTLS, certificate-backed identity, prioritized access, and associated technologies.
• Direct involvement in handling workload and agent identities, covering attestation processes, Zero Trust Architecture concepts, short-lived credentials, and temporary identities.
• Experience developing authorization boundaries for distributed systems, including fine-grained authorization patterns, control points, prioritized delegation, model/data/tool access controls, sensitive-action approval, and execution boundaries.
• Proficiency with identity and certificate lifecycle management, including enrollment, provisioning, scope definition, prioritized issuance, renewal, rotation, revocation, expiration, auditability, deprovisioning, lifecycle automation, and awareness of crypto-agility and post-quantum cryptography implications.
• Hands-on understanding of AI security risks combined with adequate proficiency in AI-enabled systems to assess timely injection, data exfiltration, unsafe tool use, overbroad authorization, and loss of human accountability.
• Strong foundational cybersecurity judgment, including threat modeling, architecture review, risk analysis, practical mitigation development, clear communication of assumptions, partner-team alignment, and follow-through through implementation, verification, documentation, and closure.

Ways to stand out from the crowd:

• Experience crafting or adopting workload identity systems such as SPIFFE/SPIRE, workload identity federation, service mesh identity, policy engines, or attestation-backed identity provisioning.
• Extensive knowledge of autonomous agent identity, delegated authority, token exchange, prioritized credentials with limited scope, certificate-backed identities, identity-aware policy controls, or ownership models for human, workload, service, and agent identities.
• Experience crafting controls for AI agent tool use, such as per-tool authorization, policy controls points, approval gates, egress restrictions, connector-scoped credentials, or emergency disablement of compromised agents.
• Background with crafting security architecture for enterprise connectors, AI assistants, tool integrations, automation systems, sensitive-action approvals, or cross-system authorization boundaries.
• Experience reducing or eliminating static credentials through workload identity, short-lived credentials, certificate lifecycle improvements, auditable service identity, or automated revocation and rotation.

Your base salary will be determined based on your location, experience, and the pay of employees in similar positions. The base salary range is 184,000 USD - 287,500 USD.

You will also be eligible for equity and benefits.

Applications for this job will be accepted at least until May 23, 2026.

This posting is for an existing vacancy.

NVIDIA uses AI tools in its recruiting processes.

NVIDIA is committed to fostering a diverse work environment and proud to be an equal opportunity employer. As we highly value diversity in our current and future employees, we do not discriminate (including in our hiring and promotion practices) on the basis of race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law.