Founding Lead Security Architect at ACRIVAULT
The role
We are hiring our Founding Lead Security Architect — the single technical authority for Acrivault's platform architecture. You will own the v2 reference architecture end-to-end across eight tiers, twenty microservices, seven data stores, and five engineering pillars (Discovery, Governance, Identity Firewall, Lifecycle, AI Intelligence). You will hand the specifications to a Backend Engineer and a Frontend Engineer to build, and you will sign off on every milestone before payment is released.
This is a hands-on architect role, not a director role. You will write the architecture documents, design the data models, specify the OpenAPI contracts, define the SPIFFE/SPIRE workload-identity issuance, design the 4.5 ms p99 authorization path, and shape the polyglot data layer, including the vector store powering injection-detect and the AI-BOM lineage graph. You will also write significant production code in the first six months — particularly in the Identity Firewall hot path (PDP, attestation-svc, injection-detect) and the AI Intelligence pillar (agent-session-svc, ai-bom-service, replay-api).
What you'll build
● The full AI-Native reference architecture: eight tiers (Customer Environment, Edge & Ingress, Unified Control Plane, Discovery, Governance, Identity Firewall, AI Intelligence, Lifecycle, Data Layer, Security & Infrastructure Foundation, Compliance & Residency).
● The Identity Firewall hot path: PDP (stateless Go service, 3-AZ replicated, 99.99% SLA), attestation-svc (SPIFFE/SPIRE workload identity verification), injection-detect (sub-millisecond prompt-injection enricher running Llama Guard plus heuristics), all inside a 4.5 ms p99 envelope.
● The AI Intelligence pillar (new in v2): agent-session-svc capturing every AI agent session as a replay able timeline in Click House, ai-bom-service maintaining the AI Bill of Materials lineage graph in Neo4j, replay-api powering the dashboard timeline viewer.
● The Tier 8 Compliance & Residency primitives that make Day-1 NIST CSF 2.0 plus HIPAA-readiness real: PHI/PII Classifier, Residency Router, Evidence Collector, Immutable Audit Trail.
● The fourteen architectural deliverables that the rest of the engineering team builds against: System Architecture Diagram, Database Schema, Terraform IaC, OpenAPI Specification, Security Architecture Document, Technology Decision Record, Multi-Tenant Onboarding Flow, Capacity Planning Document, Canonical Event Schema, SIEM Connector Plugin Framework, PDP/PEP Reference Architecture, Behavioral Feature Specification, Modularity Contract, Architecture Walkthrough Recording.