Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Secure AI
Good to have skills : NA
Minimum 5 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary:
Seeking a forward-thinking professional with an AI-first mindset to design, develop, and deploy enterprise-grade solutions using Generative and Agentic AI frameworks that drive innovation, efficiency, and business transformation.
We are seeking a hands-on and detail-oriented AI SOC Specialist with 6+ years of experience in security operations, detection engineering support, incident triage, and AI security monitoring. This role is ideal for professionals who thrive in fast-paced SOC environments and are passionate about securing modern AI/ML and GenAI ecosystems. You will support monitoring and response activities for AI-aware environments, strengthen visibility and detection capabilities for LLM applications, AI agents, model APIs, orchestration platforms, and AI data pipelines, and contribute to improving the organization s AI security operations posture. The candidate should demonstrate strong SOC fundamentals, practical detection and investigation skills, and a solid understanding of AI-specific attack patterns, cloud-native telemetry, and incident response processes.
Roles & Responsibilities
Lead AI-driven solution design and delivery by applying GenAI and Agentic AI to address complex business challenges, automate processes, and integrate intelligent insights into enterprise workflows for measurable impact.
Monitor and triage security alerts for AI and GenAI systems, including LLM applications, inference endpoints, prompt workflows, agentic processes, and model access patterns.
Investigate AI misuse indicators such as prompt injection attempts, jailbreak behavior, malicious prompt chaining, unsafe tool invocation, sensitive output leakage, and unauthorized model access.
Build, tune, and support detections for AI telemetry sources, including model gateway logs, inference request metadata, token consumption anomalies, tool or plugin invocation trails, retrieval traces, and vector database access logs.
Correlate AI-related events with identity, API, cloud, and application telemetry to identify token abuse, abnormal inference behavior, unauthorized access, and suspicious activity across AI workloads.
Perform deep log analysis within SIEM platforms using SPL, KQL, or equivalent query languages, enriching investigations with threat intelligence, watchlists, entity context, and historical activity.
Support detection engineering activities through correlation rule tuning, IOC/IOA mapping, threshold optimization, and false positive reduction for AI related and cloud native alerts.
Execute AI-focused threat hunts across prompt activity, API telemetry, workload logs, cloud control plane signals, and supporting platform events to uncover stealthy abuse or emerging attack paths.
Support incident response for AI security events by assisting with containment actions such as disabling tokens or keys, restricting tool permissions, blocking connectors, collecting evidence, and escalating incidents appropriately.
Define, maintain, and follow AI-specific incident response playbooks and runbooks, including triage, containment, escalation, evidence handling, and repeatable response procedures for model abuse, API abuse, tool misuse, and sensitive data exposure scenarios.
Monitor cloud ecosystems relevant to AI workloads, including AWS, Azure, GCP, Kubernetes, serverless environments, API gateways, and managed AI services, for compromise or misconfiguration impacting AI systems.
Produce investigation notes, case summaries, root cause analysis inputs, and operational metrics, while establishing and tracking AI detection coverage KPIs such as MTTD, MTTR, alert fidelity, detection quality, and coverage gaps.
Work with platform, engineering, and security teams to improve AI telemetry quality and coverage, including required log sources, retention requirements, audit trails, and guardrail event visibility.
Contribute to continuous improvement initiatives such as automation opportunities, enrichment workflows, detection use case enhancements, and adoption of detection as code practices within SOC operations.
Professional & Technical Skills
Strong grasp of Generative and Agentic AI, prompt engineering, and AI evaluation frameworks. Ability to align AI capabilities with business objectives while ensuring scalability, responsible use, and tangible value realization. The candidate should be AI Native.
Strong SOC fundamentals, including alert monitoring, triage, investigation, escalation, and incident handling within enterprise environments.
Hands-on experience with SIEM platforms such as Splunk, Microsoft Sentinel, QRadar, or Elastic, along with practical query-writing skills in SPL, KQL, SQL, or similar languages.
Good understanding of AI and GenAI security telemetry, including prompts, inference metadata, token usage patterns, tool calls, retrieval traces, model access logs, and governance-related audit events.
Familiarity with AI-specific abuse patterns such as direct and indirect prompt injection, jailbreaks, prompt leakage, unsafe tool or plugin usage, model or API abuse, and sensitive data leakage scenarios.
Experience with cloud security telemetry across AWS, Azure, and GCP, along with visibility into Kubernetes, containers, serverless platforms, and APIs supporting AI workloads.
Working knowledge of EDR, XDR, SOAR, UEBA, and NDR concepts, including alert enrichment, case management, and basic automation-driven response workflows.
Understanding of MITRE ATT&CK concepts and awareness of AI-relevant adversary behavior mapping approaches, including ATLAS-aligned thinking.
Strong evidence handling, case documentation, and reporting capability, with the ability to produce clear and actionable investigation narratives.
Familiarity with scripting or automation using Python, PowerShell, or Bash to improve analyst efficiency, enrichment workflows, and operational support.
Good communication and collaboration skills for working with engineering, platform, cloud, and security teams during investigations and remediation activities.
Preferred certifications include CompTIA CySA+, Microsoft Certified: Security Operations Analyst Associate (SC-200) (SOC operations with Azure Sentinel AI), CompTIA SecAI+ , SANS SEC598 – AI and Security Automation or any relevant certification, CISSP, CISM.
Additional Information
Employment Type: Full-time
Location: Bengaluru, Hyderabad, Pune, Chennai, Mumbai, Gurugram (Gurgaon), Jaipur
Education Requirement: 15 years of full-time education is preferred. AI Powered Tech Talent