Responsibilities
* Design security models that support multi-tenant platforms, diverse user groups and automated system behaviors
* Create a clear, scalable identity and access strategy across users, services, workflows and agents
* Define policy-based controls for environments, services, data-access layers and workflow execution
* Shape data protection standards covering classification, retention, minimization, lineage and usage transparency
* Establish runtime controls for safe automation including guardrails, permissible actions, validation steps and human-in-the-loop points
* Guide the adoption of secure delivery patterns in engineering and CloudOps including build, deploy and operate practices
* Design monitoring and audit structures that make system behavior observable and explainable
* Evaluate emerging risks related to automation, agent delegation, external integrations and cross-tenant data flows
What you will work with
* Identity and access frameworks such as role, attribute and policy-based access models
* Policy engines and validation layers used across infrastructure, APIs, workflows and data surfaces
* Runtime controls for distributed systems including API-level permissions, workflow constraints, rate-limiting and isolation patterns
* Data governance concepts including classification, encryption, access boundaries and consent-driven use
* Observability and audit systems that track behavior across humans, services and automated agents
* Security models for advanced automation including safe action sets, agent trust boundaries and control checkpoints
* Lightweight design documentation, threat modelling and architecture standards
Requirements
* Strong background in cloud-native security concepts and architectures
* Experience with identity, access, policy and data protection in multi-tenant or distributed platforms
* Ability to translate security needs into practical, widely adoptable patterns and design systems that support both high operational velocity and strong security posture
* Clear communication across technical and non-technical teams
* Comfortable designing for evolving requirements and new technical patterns
* Capable of transforming complex security concepts into practical designs that teams can adopt