Cloud SecurityThreat ModelingInfrastructure as Code
Локация
Bakı
Опыт
3–5 лет
Занятость
Полная занятость
Зарплата
Не указана
Опубликовано
4 июля 2026
Дедлайн
3 августа 2026
Навыки и технологии
О роли
We are looking for a Solution & AI Security Architect to define and drive the security architecture of modern cloud-native applications and AI platforms. In this role, you will design secure-by-default solutions, establish AI security standards, lead architecture reviews, and ensure the protection of software, Kubernetes environments, and AI/ML workloads throughout their lifecycle. You will work closely with engineering, DevSecOps, and SOC teams to build resilient, scalable, and compliant AI-powered solutions.
Vəzifə öhdəlikləri
- Own solution and software security architecture — secure-design reference patterns, security-by-design blueprints, and reference threat models that support product security.
- Own secure software and integration design: API and service-to-service security, authentication/authorization (OAuth2/OIDC), mTLS/service-mesh patterns, session and secrets handling, and secure SDK/dependency-supply-chain patterns
- Provide architecture-stage security design review and sign-off for new solutions and major changes
- Own Kubernetes and workload security architecture for EKS and on-prem clusters (hardening/CIS, admission and policy-as-code with OPA/Gatekeeper/Kyverno, network policy, pod security, runtime)
- Own the AI Gateway security architecture as single enforcement point: deny-by-default, classification-driven model routing, virtual keys/RBAC-ABAC, layered guardrails, prompt-injection/jailbreak defense, output validation, and no-silent-downgrade
- Own the AI Workbench, RAG, and agentic security architecture: RAG source-ACL preservation and tenant isolation, indirect-injection scanning, and agent permission envelopes with human-in-the-loop and MCP/A2A controls
- Own AI/ML lifecycle and MLOps security (Model Registry, artifact integrity, deployment gates, serving hardening) and model security (adversarial, poisoning, extraction, inversion)
- Define security monitoring, logging, and detection requirements for AI platforms and workloads from a SOC perspective, including AI Gateway events, prompt/response abuse indicators, anomalous agent activity, data-exfiltration signals, and policy bypass attempts.
- Define security baselines and kill-switch/rollback strategies for autonomous AI agents
- Apply AI risk and governance at architecture design level (NIST AI RMF, ISO/IEC 42001, MITRE ATLAS, OWASP LLM Top 10)
- Recommend solution and AI security patterns and replacements, and represent them in the Architecture CoE
Tələblər
- Knowledge in solution security architecture with threat modeling (STRIDE, attack trees) and OWASP ASVS/Top 10
- Deep software security: API security, OAuth2/OIDC/JWT, mTLS and service mesh (Istio/Linkerd), microservices, and secure coding/dependency knowledge
- Knowledge on Kubernetes security across managed and self-managed clusters: policy-as-code (OPA/Gatekeeper, Kyverno), network policy, runtime security (Falco/eBPF), and image/supply-chain integrity (SBOM, Sigstore/cosign, SLSA)
- Modern DevSecOps: CI/CD pipeline security, IaC (Terraform), GitOps, and secrets management
- AI Gateway and AI Workbench security architecture: classification-aware routing, layered guardrails, virtual keys, prompt-injection/jailbreak defense, RAG isolation, and agentic/MCP controls, with LLM observability (OpenTelemetry/Langfuse)
- Understanding of SOC operating model and detection lifecycle sufficient to translate AI/security architecture risks into logs, alerts, SIEM/SOAR use cases, incident response playbooks, and threat-hunting requirements.
- AI/ML and MLOps security: model threats and MITRE ATLAS, OWASP LLM Top 10, NIST AI RMF, ISO/IEC 42001, EU AI Act
- Coding and pipeline literacy sufficient to review designs and engage engineers credibly
Üstünlüklər
- Opportunity to learn through working
- Familiarity with a real banking environment
- Gaining practical knowledge and experience
- Development of communication and customer service skills
- Improving teamwork abilities
- Support from a professional mentor
- Chance to build a future career at Bir Ecosysem
О компании
Bir
Technology · Baku
Bir — the first fully integrated digital ecosystem in the Caucasus, uniting Birbank, Birmarket, m10 and MilliÖn under one umbrella (Kapital Bank / PASHA Holding).
Все вакансии BirПохожие по навыкам
Все похожие вакансииВакансии, где совпадает больше всего навыков из этой позиции.
KubernetesGoPython
Cloud SecurityAWSInfrastructure as Code
Application SecurityCloud SecurityCI/CD Pipeline Security



