Principal Security Architect, Agent Policy Fabric

NVIDIA is commonly regarded as one of the most desirable employers, with some of the world's most dedicated people working for us! The Cloud Engineering & Services team is defining how agentic systems can be deployed responsibly across the enterprise: governed access to company systems, durable policy, scoped credentials, runtime containment, detector-informed response, and audit evidence that security, IT, product, and business leaders can trust.

We are looking for a Principal Security Architect, Cloud Engineering & Services, to join our Agent Security, Safety, and Governance team and lead cross-company security architecture for agentic AI. You will use Agent Policy Fabric as a starting point for enterprise agent governance while coordinating efforts among security product teams, OpenShell, and runtime groups; Identity, IT, Fleet/MDM, and SecOps; corporate application owners; and partner organizations to turn a working draft architecture into practical security standards, roadmaps, and adoption plans.

What You'll Be Doing:

• Lead Enterprise Agent Security Architecture: Define the cross-company reference architecture for governed agent actions, including durable policies, runtime controls, adapter boundaries, credential mediation, detector response, audit correlation, failure modes, and production-readiness criteria.
• Drive APF as a Governance Starting Point: Translate Agent Policy Fabric concepts into executive-ready decision papers, engineering standards, threat models, control objectives, and implementation achievements without treating working-draft architecture as a pre-decided product direction.
• Align Cross-Organization Owners: Partner with Product Security, OpenShell, Omnistation, Identity, IT, Fleet/MDM, SecOps, 3S, legal/privacy, and corporate-resource owners to define who owns each control surface and how agent workflows move from proof-of-life to enterprise pilot.
• Build Security Review and Adoption: Establish review patterns for agent workflows, including policy authoring, approval, signing, runtime admission, credential issuance, direct-egress controls, audit evidence, managing anomalies, and break-glass procedures.
• Represent the Architecture: Brief senior leaders, customer-facing teams, and partner engineering teams on NVIDIA's agent security posture, APF maturation path, open decisions, known limitations, and the evidence required before broader deployment.

What We Need To See:

• Bachelor's degree (or equivalent experience) with 15+ years of industry experience in security architecture, product security, enterprise security platforms, identity and access management, cloud security, or infrastructure governance.
• Security Architecture Leadership: Validated ability to lead ambiguous, cross-functional security initiatives across product, platform, infrastructure, IT, and security operations teams.
• Agent AI Security Judgment: Practical understanding of agentic AI risks, tool-call governance, prompt-injection limits, sandbox boundaries, credential exposure risks, audit requirements, and the difference between containment, authorization, and monitoring.
• Enterprise Control Design: Experience designing controls around identity, authorization, policy, secrets, network egress, runtime isolation, telemetry, SIEM integration, exception workflows, and compliance evidence.
• Executive and Engineering Communication: Ability to write crisp architecture memos, decision records, threat models, standards, and adoption plans that are useful to both senior leaders and implementation teams.

Ways to Stand Out from the Crowd:

• Agent Governance Experience: Experience securing agent platforms, AI copilots, autonomous workflows, MCP-style tool systems, sandboxed runtimes, or governed access to enterprise SaaS and engineering systems.
• Policy and Identity Depth: Familiarity with OPA/Rego, Cedar, Zanzibar-style authorization, OAuth/OIDC, SAML, workload identity, delegated authorization, signed configuration, or enterprise trust-root distribution.
• Large-Scale Security Programs: Track record driving company-wide security architecture across multiple business units, including standards, rollout plans, risk acceptance, exception handling, and measurable adoption.
• External-Facing Architecture: Experience explaining security architecture to executives, customers, partners, standards bodies, or field teams while preserving bounded claims and clear implementation caveats.

With competitive salaries and a generous benefits package, NVIDIA is widely considered to be one of the technology industry's most desirable employers. We have some of the most forward-thinking and versatile people in the world working with us, and our engineering teams are growing fast in some of the most impactful fields of our generation: AI, Data Engineering, Data Science. If you're a creative engineer who enjoys autonomy and shares our passion for technology, we want to hear from you.

Your base salary will be determined based on your location, experience, and the pay of employees in similar positions. The base salary range is 272,000 USD - 431,250 USD.

You will also be eligible for equity and benefits.

Applications for this job will be accepted at least until June 27, 2026.

This posting is for an existing vacancy. 

NVIDIA uses AI tools in its recruiting processes.

NVIDIA is committed to fostering an inclusive work environment and proud to be an equal opportunity employer. As we highly value diversity in our current and future employees, we do not discriminate (including in our hiring and promotion practices) on the basis of race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law.