AI Security & Identity Lead

AI Security & Identity Lead

Köln Vollzeit Kein Homeoffice möglich
Dormont Manufacturing Co
Position Summary
Prüfen Sie alle zugehörigen Bewerbungsunterlagen sorgfältig, bevor Sie auf die Schaltfläche "Bewerben" am Ende dieser Beschreibung klicken.
The
Security & Identity Lead
owns the security architecture, identity management, and compliance posture of Rimini Street’s Agentic ERP Platform. This role is responsible for ensuring that AI agent interactions, data access, and system integrations meet enterprise security standards — designing authentication, authorization, and data isolation frameworks that protect customer environments — and for producing the audit evidence, compliance reporting, and customer‑facing security posture that make those controls defensible to auditors and client security teams.
Essential Duties & Responsibilities
Security Architecture
Design and implement the platform’s security architecture, covering authentication, authorization, encryption, and audit logging.
Define trust boundaries and access control policies that govern agent-to-system and user-to-agent interactions.
Establish data isolation and multi‑tenancy security patterns that protect customer data across all platform layers.
Conduct threat modelling and security risk assessments for new platform features and integrations, including AI‑specific risks (prompt injection, indirect injection, RAG corpus contamination).
Define and enforce security standards for API endpoints, data storage, inter‑service communication, and air‑gap deployment scenarios.
Identity & Access Management
Design and implement IAM solutions including SSO, OAuth 2.0, OIDC, and SAML integrations for enterprise customers.
Build role‑based access control (RBAC) and attribute‑based access control (ABAC) frameworks for platform users and agents, including policy‑as‑code (OPA/Rego) authoring and review.
Implement token management, session handling, and credential lifecycle policies.
Design customer identity federation patterns that integrate with enterprise identity providers.
Establish service‑to‑service authentication and authorization for internal platform components, including mTLS and HashiCorp Vault‑managed secrets.
Compliance, Audit & Observability
Own platform compliance posture against relevant security frameworks (SOC 2, ISO 27001, GDPR, and industry‑specific requirements).
Lead operational and security observability that turns platform telemetry into compliance evidence, customer‑facing posture reports, and audit artefacts.
Establish data classification policies and implement appropriate controls for each classification level.
Coordinate with Rimini Street’s corporate security and compliance teams to align platform security with organisational policies.
Produce security documentation, including architecture decision records, threat models, and audit‑ready compliance evidence.
Support the Indemnification Control Owner with integrated quarterly configuration audit reports covering monitored vendor indemnification conditions.
Own client‑facing audit and security response: produce evidence packages on demand for client audits, regulatory reviews, and security questionnaires.
Security Operations
Implement security scanning and vulnerability management for platform code, dependencies, and infrastructure (PII detection via Microsoft Presidio or equivalent).
Align platform incident response with Rimini Street’s corporate security incident process.
Conduct security code reviews and establish secure coding guidelines for engineering teams across all three delivery hubs.
Monitor and respond to security advisories affecting platform dependencies and infrastructure.
Perform periodic security assessments and coordinate penetration testing.
Team Leadership
Lead the Malaysia‑based security and compliance observability function, including direct management of the Observability & Governance Engineer.
Grow the function over time as the platform scales — hiring, mentoring, and developing security and observability talent.
Establish team processes for evidence production, audit response, and compliance reporting that balance rigour with delivery velocity.
Represent platform security to executive, audit, client, and partner audiences — translating technical controls into business‑language posture reports.
Partner with the Security & Identity Lead’s peers across hubs: Platform Engineering (security control implementation), AI/ML Lead (LLM observability integration), DevOps (CI/CD security), and Delivery (client security evidence).
Experience
8+ years of security engineering experience, with at least 3 years in a lead or management role.
Proven experience designing security architectures for cloud‑native, multi‑tenant platforms.
Hands‑on experience implementing IAM solutions (SSO, OAuth 2.0, OIDC, SAML) in enterprise environments.
Track record of producing audit evidence for SOC 2, ISO 27001, SOX, or equivalent regulatory frameworks.
Experience leading security initiatives across distributed engineering teams and managing small direct‑report teams.
Background in enterprise software, ERP systems, or B2B platforms preferred.
Technical Skills
Required Technical Skills
Identity protocols: OAuth 2.0, OpenID Connect, SAML 2.0, and JWT/JWS/JWE.
Authentication and authorisation frameworks: Keycloak, Auth0, Okta, or equivalent.
Policy‑as‑code: OPA/Rego authoring, review, and integration with platform services.
Secrets management: HashiCorp Vault or equivalent enterprise secret store.
Application security: OWASP Top 10, secure coding practices, and security code review.
AI‑specific security: prompt injection defence, indirect injection mitigations, RAG corpus integrity, model access controls.
PII detection and data masking (Microsoft Presidio or equivalent).
Encryption: TLS/mTLS, data‑at‑rest encryption, key management, and certificate lifecycle.
API security: rate limiting, input validation, CORS, and API gateway security patterns.
Cloud security: AWS or Azure security services, IAM policies, VPC networking, and secrets management.
Air‑gap and disconnected deployment security: secrets distribution, certificate lifecycle, update propagation.
Python and/or Java for security tooling and integration development.
Git version control and CI/CD security integration (SAST, DAST, SCA).
Preferred Technical Skills
Experience with PostgreSQL security: row‑level security, encryption extensions, and audit logging.
Knowledge of container and Kubernetes security (pod security policies, network policies, service mesh).
Familiarity with infrastructure‑as‑code security (Terraform, CloudFormation scanning).
Experience with LLM observability tooling (LangFuse or equivalent) and operational telemetry interpretation for AI systems.
Experience with security information and event management (SIEM) tools.
Exposure to Zero Trust architecture principles and implementation.
Experience with hardware security modules (HSM) or cloud KMS.
Familiarity with AI assurance frameworks (AIUC‑1 or equivalent).
Experience with third‑party MCP / agent security models or LLM gateway security patterns (rate limiting at the model layer, prompt firewall, output filtering).
Skills & Competencies
Security‑first mindset; designs systems with defence‑in‑depth and least‑privilege principles.
Evidence‑oriented; understands that compliance is about producing defensible records, not just collecting data.
Strong people leadership; able to grow and retain a small, high‑performing security and observability team.
Customer‑facing maturity; can represent platform security to external auditors, client security teams, and executive audiences.
Strong analytical skills; able to assess complex systems for security risks and design proportionate controls.
Collaborative; works effectively with engineering teams to integrate security without impeding delivery velocity.
Pragmatic; balances security rigour with business needs and development speed.
Clear communicator; able to articulate security risks, trade‑offs, and compliance posture to technical and executive audiences.
Self‑motivated and effective in a remote environment.
Fluent in English (written and verbal).
Desired Qualifications
Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.
Security certifications: CISSP, CISM, CEH, or AWS Security Specialty.
Compliance or audit‑related certifications (CISA, ISO 27001 Lead Auditor, or equivalent).
Experience in enterprise software companies or B2B SaaS platforms.
Published security research or contributions to security‑focused open‑source projects.
Location & Travel
Location:
Hybrid – Selangor or Penang office.
Travel:
Minimal; occasional travel for team meetings or training.
Language:
Fluent English required (written and verbal). xayajpt
Rimini Street is committed to creating a diverse and inclusive environment and is proud to be an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, national origin, sexual orientation, gender or gender identity, disability, protected veteran status, or any other characteristic protected by law.

AI Security & Identity Lead Arbeitgeber: Dormont Manufacturing Co

Dormont Manufacturing Co ist ein hervorragender Arbeitgeber, der seinen Mitarbeitern in Genf die Möglichkeit bietet, an der Weiterentwicklung der SonarQube-Plattform zu arbeiten. Mit einer flexiblen Arbeitsweise, die sowohl Büro- als auch Remote-Tage umfasst, fördert das Unternehmen eine Kultur der Vielfalt und des kontinuierlichen Lernens, während es gleichzeitig spannende Wachstumschancen in einem dynamischen Umfeld bietet.

Dormont Manufacturing Co

Kontaktdaten:

Dormont Manufacturing Co Recruiting-Team