We're in alpha · Starting with US & Canada · Shipping weekly — your feedback shapes RiseMe
RiseMe
LoginSign Up
BNY logo
BNY Verified
Financial Services, Investment Banking, Asset Management

Application Security Architect (contract)

Pittsburgh, Pennsylvania, United StatesOnsiteContractDistinguished / Architect$58–$73 /hrPosted 1 day agoVisa sponsorship available

At BNY, our culture allows us to run our company better and enables you to grow and succeed. As a leading global financial services company at the heart of the global financial system, we influence nearly 20% of the world’s investible assets. Every day, our teams harness cutting-edge AI and breakthrough technologies to collaborate with clients, driving transformative solutions that redefine industries and uplift communities worldwide.
Recognized as a top destination for innovators and champions of inclusion, BNY is where bold ideas meet advanced technology and exceptional talent. Together, we power the future of finance – and this is what is all about. Join us and be part of something extraordinary.
Job Summary
BNY is seeking an experienced Application Security Architect with deep expertise in securing AI-enabled applications and platforms. This role is responsible for defining secure-by-default application architectures and embedding security controls across the SDLC, CI/CD, and MLOps pipelines for modern AI solutions.
The role may be based in Pittsburgh, PA or Lake Mary, FL, with hybrid (4 days on-site).
Key Responsibilities

  • Secure Architecture & Design: Develop and maintain secure-by-default reference architectures for AI-enabled applications, including APIs, microservices, web and mobile applications, agents, integrations, model-serving APIs, vector stores, feature stores, and inference gateways.
  • Authentication & Authorization Patterns: Define standardized patterns for authentication and authorization across human, service, and agent identities, including token scoping, session management, and role- or attribute-based access controls in AI environments.
  • Data Protection & Lifecycle Security: Design and enforce data protection controls such as encryption, tokenization, masking, and anonymization/pseudonymization across AI training, inference, and logging pipelines.
  • SDLC & CI/CD Security Integration: Embed AI-specific security controls throughout the SDLC, including secure code reviews, SAST/DAST/IAST, dependency and SBOM governance, infrastructure-as-code security, and policy-as-code enforcement.
  • MLOps Security Enablement: Integrate security gates into MLOps pipelines, covering dataset governance, model registry integrity, environment scoping, secure promotion workflows, secrets management, key rotation, and prompt and configuration protection.
  • Threat Modeling & Security Testing: Lead threat modeling exercises for AI applications; define abuse cases and adversarial testing strategies; and develop secure evaluation and red-teaming approaches for AI features.
  • Runtime Guardrails & Monitoring: Architect runtime security controls for AI services, including input/output validation, content filtering, policy-based guardrails, rate limiting, anomaly detection, and egress controls.
  • Observability & Incident Response: Define telemetry standards for AI platforms, including prompts, model inputs and outputs, drift and safety events, entitlement changes, and agent tool invocation; develop incident response playbooks covering detection, containment, recovery, model rollback, and token revocation.
  • Data & Model Governance: Partner with data owners and model risk teams to establish access controls, lineage tracking, consent and minimization practices, entitlement hygiene, retraining approvals, deployment scopes, and runtime override governance.
  • Secure Engineering Enablement: Provide reusable templates, libraries, and reference implementations for secure AI application development; train and coach engineering and data science teams on best practices, common pitfalls, and secure experimentation.
  • Vendor & Platform Assessments: Evaluate cloud AI services, open-source frameworks, SDKs, and commercial platforms for security posture and compliance alignment; define onboarding criteria, guardrails for third-party APIs and tools, SBOM requirements, and exit strategies.

Qualifications

  • 10+ years of experience in application security or enterprise security architecture
  • Strong knowledge of web and API security, including OAuth/OIDC, JWTs, session management, and token hygiene
  • Hands-on experience with SAST, DAST, IAST, dependency scanning, SBOM management, infrastructure-as-code security, and policy-as-code
  • Practical understanding of AI/ML workflows, including data pipelines, feature stores, model registries, model serving, inference gateways, and vector stores
  • Proficiency with secrets and key management technologies (KMS, HSM, Vault) and secure service-to-service communication
  • Strong written and verbal communication skills with the ability to translate complex security risks into actionable architecture guidance
  • Bachelor’s degree required

Preferred Experience

  • Experience securing LLM-based applications, agent frameworks, tool and plugin ecosystems, and orchestration patterns
  • Familiarity with AI-specific threats such as prompt injection, jailbreaks, poisoning, evasion, model theft, and data exfiltration
  • Knowledge of industry standards and guidance, including OWASP ASVS, OWASP Top 10, OWASP for ML/LLM, NIST AI risk considerations, and CIS benchmarks
  • Background in data privacy, model governance, bias and drift testing, and approval workflows
  • Programming experience in Python, Java, or TypeScript for security automation and reference implementations
  • Experience with Kubernetes security, service mesh architectures, sidecar patterns, and workload identity models

Why Join Us
This role offers the opportunity to directly influence how AI-enabled applications are designed and secured at enterprise scale. The Application Security Architect plays a critical role in enabling innovation while ensuring strong security, compliance, and operational resilience across emerging AI platforms.
At BNY, our culture speaks for itself, check out the latest BNY news at:
BNY Newsroom
BNY LinkedIn
Here’s a few of our recent awards:
America’s Most Innovative Companies, Fortune, 2025
World’s Most Admired Companies, Fortune 2025
“Most Just Companies”, Just Capital and CNBC, 2025
Pay Rate Range
58.4 - 73 USD hourly
Additional Notes
*Applications will be accepted on an ongoing basis.*
*This posting is for a contract assignment with Tundra Technical Solutions to provide services to Bank of New York (BNY). Please note that this is not a full-time employment opportunity. Candidates selected for this role will be engaged as contractors for the specified duration of the project. For any inquiries regarding the terms of the contract or engagement, please contact Tundra Technical Solutions directly.*
Benefits Information
*Optional benefits offering include medical, dental, vision and retirement benefits via Tundra Technical Solutions*

Ready to apply?
You'll be redirected to BNY's application page.