ServiceNow is seeking a Principal AI Security Architect to lead the design and implementation of enterprise-wide security strategies to secure its enterprise applications, AI-driven platforms (including AI Agents), and cloud environments against evolving cyber threats.
Requirements
- 15+ years of experience in security architecture, enterprise application security, and cloud security.
- Proven success in securing large-scale enterprise systems and regulated environments.
- Strong expertise in ServiceNow Security Operations and integrations.
- Deep knowledge of AI/ML security and AI Agent protection mechanisms.
- Extensive experience in network security and advanced defense tools.
- Expertise in cryptography, IAM, PKI, OAuth2.0, SAML, OIDC.
- Strong understanding of compliance frameworks (ISO 27001, NIST CSF, PCI-DSS, SOC2).
Responsibilities
- Define and own the enterprise security architecture for applications, AI/ML, AI Agents, data, and infrastructure.
- Establish security reference architectures, patterns, and frameworks to drive consistent adoption across the organization.
- Develop zero-trust security models, secure-by-design principles, and identity-centric security frameworks.
- Anticipate and design solutions for emerging threats in AI, cloud-native, and hybrid environments.
- Architect secure application development practices, including secure coding standards, API security, and microservices security.
- Develop strategies to secure AI/ML pipelines (data ingestion, training, inference).
- Secure AI Agents by implementing: Access control and identity verification for autonomous agents, Protection against prompt injection, model manipulation, and impersonation attacks, Guardrails for data access, least-privilege permissions, and secure API call orchestration, Auditability and logging frameworks to track AI Agent decisions and actions.
Other
- Exceptional ability to communicate security risks and strategies to executives and engineers alike.
- Experience securing AI Agent ecosystems (multi-agent orchestration, agentic workflows).
- Advanced knowledge of network observability, DDoS protection, and secure traffic routing.
- Familiarity with AI/ML governance and adversarial defense.
- Hands-on with threat modeling methodologies (STRIDE, PASTA).
