# Senior Security Engineer, Identity & Access Management

**Company:** [Valon](https://hotfix.jobs/companies/valon)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $180k – $230k/yr
**Experience:** 5+ years
**Skills:** Okta, Azure Ad, Entra Id, Google Workspace, Saml 2.0, OIDC, Oauth 2.0, SCIM, Ldap, GCP, RBAC, Pam, MFA, SSO, Cissp
**Posted:** 2026-05-14

> Designs, implements, and operates enterprise IAM systems for workforce and customer-facing authentication in ValonOS, including IdP management, secure protocols, cloud IAM, and AI-assisted workflows. Requires 5+ years IAM experience, deep protocol expertise, and IdP hands-on skills.

## Job Description

## Responsibilities
- Design and support end-to-end lifecycle of workforce identity systems including identity automation, access management, and least-privilege enforcement across internal systems
- Support design of secure identity design patterns for product teams building on ValonOS
- Manage and evolve Valon's IdP in conjunction with IT including SSO integrations, MFA policies, conditional access rules, and directory synchronization
- Define and enforce RBAC and group-based access policies for internal applications, cloud environments, and development tooling
- Support privileged access management (PAM) for internal infrastructure in conjunction with Engineering teams
- Design and build AI-assisted workflows that automate and accelerate core IAM operations
- Evaluate AI risks across IAM pipelines, ensuring appropriate security controls around data exposure, prompt injection and other threats
- Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for data security risks
- Support other operational and on-call duties such as vulnerability management, regulatory compliance (SOC 2, CCPA, NYDFS, FTC), policy development, incident response and security reviews

## Ideal Background
- Extensive hands-on IAM security engineer with proven ownership of enterprise identity solutions, able to operate autonomously, drive complex cross-functional efforts, and influence across teams
- Deep expertise in modern identity protocols and standards: **SAML 2.0**, **OIDC/OAuth 2.0**, **SCIM**, **LDAP**, and related specifications
- Proven experience administering and scaling IdP platforms (e.g., **Okta**, **Azure AD / Entra ID**, **Google Workspace**) including SSO, MFA, conditional access, and directory sync
- Solid background in cloud IAM (**GCP** preferred), including service accounts, workload identity federation, and policy-as-code approaches
- Strong expertise in building PAM solutions / identity vaults and enforcing least-privilege across human and non-human identities
- Experience building **AI/LLM-powered workflows** — ideally in a security or operations context — with a practical understanding of the identity and access risks they introduce
- Familiarity with securing non-human and agentic identities, including AI service accounts, API key governance, and audit logging for automated systems
- Applied knowledge with industry security and compliance frameworks (**OWASP**, **NIST**, **CIS**, **SOC 2/ISO 27001** concepts)

## Minimum Qualifications
- 5+ years in security engineering roles with a core focus on identity and access management
- Bachelor's degree in Information Security, Computer Science, Technology or related field
- Relevant security certifications (e.g., **CISSP**, **CISM**, **CCSK**, **CCSP** or similar)
- Hands-on experience with an enterprise IdP (**Okta**, **Entra ID**, or **Google Workspace**) including SSO, MFA, SCIM
- Deep understanding of authentication and authorization models across applications - **SAML**, **OIDC/OAuth 2.0**, **RBAC**, **ABAC**, and API access controls
- Hands-on experience with modern identity security technologies and tooling

## Compensation
**Base Compensation Band: $180K - 230K.** Base salary offered is determined by a number of factors including the candidate’s experience, qualifications, and skills. Competitive salary with equity and 401k.

## Similar roles

- [Senior GRC Engineer](https://hotfix.jobs/jobs/bfcb5755-185d-4c09-bda1-9f49a4ecb6c8) - Postman - San Francisco, CA - $180k – $200k/yr
- [Senior Application Security Engineer](https://hotfix.jobs/jobs/79016b33-ba89-41bf-b2dc-def7958e241d) - Monarch - Remote - $180k – $215k/yr
- [Senior Security Engineer, GRC](https://hotfix.jobs/jobs/8a3040c3-16a4-42c0-8c91-cbee4a8039b3) - Temporal - Remote - $180k – $225k/yr
- [Senior Security Engineer](https://hotfix.jobs/jobs/48ed30bc-1b7a-42a6-9225-139997bf3b3b) - Kaizen Labs - New York, NY - $180k – $220k/yr
- [Manager, Network Security](https://hotfix.jobs/jobs/675ca948-bd5b-42a9-a275-8767a272094e) - Lumin Digital - Remote - $180k – $200k/yr

**Apply:** https://hotfix.jobs/jobs/690a9da1-adb4-446e-8412-040b163cef7b
**Canonical:** https://hotfix.jobs/jobs/690a9da1-adb4-446e-8412-040b163cef7b