AI System Architect - US

Tufin is standing up a governed enterprise-scale AI program that spans ChatGPT Claude Workato eMCP and a growing ecosystem of third-party AI applications. The AI System Architect is the most senior technical role in this program — the person who defines the architecture enforces the governance model and owns the integration surface that every AI agent in the company operates through.

This role sits inside Enterprise Technology reporting directly to the Head of Enterprise Technology. That placement is intentional. The AI System Architect is not a researcher a prompt engineer or a standalone AI strategist — they are an enterprise systems leader who happens to be building at the frontier of agentic AI. They own the AI integration strategy across Tufin's core platforms (Salesforce NetSuite Workato HiBob Jira) the MCP governance model the persona-scoped token design and the integration patterns that connect AI capabilities to those systems without creating point-to-point dependency risk.

You will manage the AI Platform Engineer(s) set the technical standards for the AI Power User group's citizen development program and serve as the connective tissue between business leadership platform owners and development teams. You will shape the multi-year AI architecture roadmap while also rolling up your sleeves to conduct architecture reviews resolve blockers and move use cases from concept to production. This is a role for someone who can think big and execute — and who understands that in an enterprise context the quality of your governance is inseparable from the quality of your architecture.

What You'll Own

Strategy & Architecture

• Define and own the enterprise AI integration strategy — identifying opportunities to embed intelligent automation agentic workflows predictive analytics and generative AI capabilities across Tufin's core platforms
• Develop and maintain reference architectures design patterns and the AI architecture decision log that governs how AI models connect to enterprise systems and what they are permitted to do
• Consult on enterprise system architecture and implement best practices for the Enterprise Business Systems team to leverage in their day-to-day execution. 
• Lead Proof-of-Concept initiatives for new AI tools and platform-native AI features evaluating them against build-vs-buy criteria before recommending adoption
• Partner with business stakeholders to translate operational pain points into AI use cases with clear ROI framing and sequencing criteria
• Contribute to Tufin's enterprise data strategy ensuring AI initiatives are supported by clean accessible and well-governed data pipelines

Integration Architecture & Delivery

• Design and own the Workato eMCP layer — the MCP governance model persona-scoped token framework workspace isolation strategy and the single sanctioned action surface through which all AI agents write back to enterprise systems
• Define integration patterns and standards for AI model connectivity (Claude ChatGPT) to Salesforce NetSuite HiBob and Jira — specifying what agents can read what they can write through which surfaces and with what confirmation and audit requirements
• Design and oversee API strategies event-driven architectures and middleware patterns that support scalable AI feature delivery — including agentic workflows intelligent data transformation anomaly detection and natural language interfaces layered onto ERP and CRM data
• Collaborate with Engineering during build phases conducting architecture reviews providing hands-on guidance and resolving complex technical blockers
• Define non-functional requirements — latency security auditability model drift monitoring — for AI components embedded in mission-critical business processes
• Establish MLOps and LLMOps practices appropriate for Tufin's enterprise environment: model versioning observability and rollback procedures for production AI workloads

Governance & Risk

• Translate Tufin's AI governance framework into enforceable runtime controls: confirmation gates role-scoped permissions audit trails and rate limiting across all production agents
• Own the AI intake process — the structured gate through which new AI use cases agent deployments and integration requests are reviewed approved and sequenced
• Lead AI impact assessments for enterprise use cases accounting for data privacy regulatory compliance (GDPR SOC 2 and applicable industry mandates) and responsible AI principles
• Partner with Tufin's Security and Compliance teams and AI Governance Committee to define guardrails for agents operating with write access to critical systems — including human-in-the-loop checkpoints and audit trail requirements
• Define the promotion criteria that citizen-built recipes must meet before the AI Platform Engineer can approve them for production and hold that bar consistently across all value streams
• Monitor for shadow AI and unauthorized usage — and treat its presence as an architectural signal not just a policy violation

Team Leadership & Citizen Development

• Manage and mentor the AI Platform Engineer(s) — setting technical direction reviewing their work and creating space for them to grow into the program's complexity
• Set the technical standards and guardrails for the AI Power User group's citizen development program — defining what Power Users can build on which platforms with what approvals required before production promotion
• Run architectural reviews for high-complexity citizen-built workflows and serve as the escalation point when the Platform Engineer identifies patterns outside established standards
• Actively prevent shadow AI from taking root — not by blocking access but by making the governed path so well-designed that it has no serious competition

Strategic Technical Leadership

• Advise the Head of Enterprise Technology on AI integration strategy platform evolution and technology decisions as the enterprise AI tooling market continues to shift rapidly
• Evaluate and recommend third-party AI tooling LLM providers and platform-native AI features — maintaining awareness of MCP ecosystem developments Workato's AI platform roadmap and the capabilities of the AI models Tufin has deployed
• Maintain documentation standards and AI architecture protocols that satisfy both engineering teams and enterprise architecture review processes
• Contribute to Tufin's AI governance framework as a living document revising and extending it as new agent capabilities regulatory signals and organizational needs emerge

What You Bring

Required

• 8+ years of experience in enterprise solutions architecture systems integration or a closely related discipline — with a strong track record of designing and delivering production-grade integration platforms at scale
• Deep hands-on expertise with Workato or a comparable enterprise iPaaS platform (MuleSoft Boomi Azure Integration Services) — including workspace design governance configuration and operational management
• Demonstrated experience building and integrating across CRM (Salesforce preferred) ERP (NetSuite preferred) and iPaaS platforms at the enterprise level — in production not just proof-of-concept
• Hands-on experience designing or deploying AI/ML features in production enterprise environments — including at least one of: agentic AI systems LLM-powered workflows predictive analytics or intelligent document processing
• Strong command of integration patterns: REST/GraphQL APIs event streaming ETL/ELT pipelines webhook-based automation and API security best practices
• Experience designing and enforcing integration governance: access control models audit logging approval workflows and token management
• Familiarity with Model Context Protocol (MCP) or direct experience connecting AI models to enterprise systems in a production context
• Proven ability to lead distributed technical teams and communicate architecture clearly to both executive sponsors and engineering teams — you can hold a technical standard without becoming a bottleneck
• Experience with the requisite AI-related Audit Management frameworks (ISO42001 ISO27001 SOC 2 etc.)

Preferred

• Hands-on experience with Workato's AI Hub and/or eMCP enterprise connector offerings
• Experience with vector databases RAG (retrieval-augmented generation) architectures or fine-tuning workflows in an enterprise data context
• Working knowledge of AI governance frameworks (NIST AI RMF EU AI Act considerations) privacy controls and secure SDLC practices
• Relevant certifications in cloud platforms (AWS Azure GCP) or enterprise platforms (Salesforce NetSuite Workato)
• Experience designing citizen development programs — defining guardrails review processes and promotion criteria for non-engineer builders
• Background in network security cybersecurity or compliance-adjacent enterprise environments — familiarity with Tufin's domain is a meaningful advantage
• Experience in a regulated industry (financial services healthcare or manufacturing) where AI governance requirements are non-negotiable

How You Lead

• You design for the long run — your architectures are opinionated enough to prevent sprawl and flexible enough to absorb what comes next
• You govern by making the right path easy not by making the wrong path hard — the best control is one that people follow because it serves them
• You can hold a technical position in a room of non-technical executives and explain why it matters without losing either the nuance or the audience
• You review other people's work with the same rigor you apply to your own — and you give feedback that makes people better not just feedback that makes things compliant
• You treat shadow AI as a design failure not a user problem — if the governed path isn't being used that's an architectural signal worth investigating
• You think big and execute — strategy and hands-on delivery are not separate modes for you
• You flag risks early document decisions thoroughly and operate with the understanding that the choices you make now will be someone else's production system for years

What We Do

Tufin is a world leading network security policy management company managing and automating security changes across next gen firewalls and network devices. We are a hybrid technology supporting on/off prem and cloud services. The automation orchestration piece is what sets us apart in the market as this allows us to help our customers to implement their security changes in hours or minutes vs. days. Since going public in April 2019 Tufin has continued to be the market leader in the space!

Why Work With Us

Here at Tufin we pride ourselves on being a transparent organization where the door is always open & treating others with respect and care is our top value (hence our “no asshole” policy). We believe that every employee is important in achieving our mission & as we continue to grow we are making sure that we are maintaining our unique culture.

Gallery