Həllər və AI təhlükəsizlik memarı

Bir

Yerləşmə
Bakı
Təcrübə
3–5 il
Məşğulluq
Tam ştat
Əməkhaqqı
Göstərilməyib
Yerləşdirilib
4 iyul 2026
Son tarix
3 avqust 2026

Vakansiya haqqında

We are looking for a Solution & AI Security Architect to define and drive the security architecture of modern cloud-native applications and AI platforms. In this role, you will design secure-by-default solutions, establish AI security standards, lead architecture reviews, and ensure the protection of software, Kubernetes environments, and AI/ML workloads throughout their lifecycle. You will work closely with engineering, DevSecOps, and SOC teams to build resilient, scalable, and compliant AI-powered solutions.

Vəzifə öhdəlikləri

  • Own solution and software security architecture — secure-design reference patterns, security-by-design blueprints, and reference threat models that support product security.
  • Own secure software and integration design: API and service-to-service security, authentication/authorization (OAuth2/OIDC), mTLS/service-mesh patterns, session and secrets handling, and secure SDK/dependency-supply-chain patterns
  • Provide architecture-stage security design review and sign-off for new solutions and major changes
  • Own Kubernetes and workload security architecture for EKS and on-prem clusters (hardening/CIS, admission and policy-as-code with OPA/Gatekeeper/Kyverno, network policy, pod security, runtime)
  • Own the AI Gateway security architecture as single enforcement point: deny-by-default, classification-driven model routing, virtual keys/RBAC-ABAC, layered guardrails, prompt-injection/jailbreak defense, output validation, and no-silent-downgrade
  • Own the AI Workbench, RAG, and agentic security architecture: RAG source-ACL preservation and tenant isolation, indirect-injection scanning, and agent permission envelopes with human-in-the-loop and MCP/A2A controls
  • Own AI/ML lifecycle and MLOps security (Model Registry, artifact integrity, deployment gates, serving hardening) and model security (adversarial, poisoning, extraction, inversion)
  • Define security monitoring, logging, and detection requirements for AI platforms and workloads from a SOC perspective, including AI Gateway events, prompt/response abuse indicators, anomalous agent activity, data-exfiltration signals, and policy bypass attempts.
  • Define security baselines and kill-switch/rollback strategies for autonomous AI agents
  • Apply AI risk and governance at architecture design level (NIST AI RMF, ISO/IEC 42001, MITRE ATLAS, OWASP LLM Top 10)
  • Recommend solution and AI security patterns and replacements, and represent them in the Architecture CoE

Tələblər

  • Knowledge in solution security architecture with threat modeling (STRIDE, attack trees) and OWASP ASVS/Top 10
  • Deep software security: API security, OAuth2/OIDC/JWT, mTLS and service mesh (Istio/Linkerd), microservices, and secure coding/dependency knowledge
  • Knowledge on Kubernetes security across managed and self-managed clusters: policy-as-code (OPA/Gatekeeper, Kyverno), network policy, runtime security (Falco/eBPF), and image/supply-chain integrity (SBOM, Sigstore/cosign, SLSA)
  • Modern DevSecOps: CI/CD pipeline security, IaC (Terraform), GitOps, and secrets management
  • AI Gateway and AI Workbench security architecture: classification-aware routing, layered guardrails, virtual keys, prompt-injection/jailbreak defense, RAG isolation, and agentic/MCP controls, with LLM observability (OpenTelemetry/Langfuse)
  • Understanding of SOC operating model and detection lifecycle sufficient to translate AI/security architecture risks into logs, alerts, SIEM/SOAR use cases, incident response playbooks, and threat-hunting requirements.
  • AI/ML and MLOps security: model threats and MITRE ATLAS, OWASP LLM Top 10, NIST AI RMF, ISO/IEC 42001, EU AI Act
  • Coding and pipeline literacy sufficient to review designs and engage engineers credibly

Üstünlüklər

  • Opportunity to learn through working
  • Familiarity with a real banking environment
  • Gaining practical knowledge and experience
  • Development of communication and customer service skills
  • Improving teamwork abilities
  • Support from a professional mentor
  • Chance to build a future career at Bir Ecosysem

Şirkət haqqında

Bir
Technology · Baku

Bir — the first fully integrated digital ecosystem in the Caucasus, uniting Birbank, Birmarket, m10 and MilliÖn under one umbrella (Kapital Bank / PASHA Holding).

Bir — bütün vakansiyalar

Bacarıqlara görə oxşar

Bütün oxşar vakansiyalar

Bu vakansiyanın bacarıqları ilə ən çox üst-üstə düşən vakansiyalar.

Bütün oxşar vakansiyalar
Göstərilməyib
Həllər və AI təhlükəsizlik memarı
Müraciət et