Skip to content
ConfluentConfluentTexas

Staff Security Risk & Compliance Program Manager

Own and evolve Confluent's internal access management program with focus on machine/workload identity, S2S auth, non-human identities, and AI agent controls. Set the Access Management Standard, own metrics/reporting/OKRs, and drive governance, risk reduction, and cross-functional execution for least-privilege outcomes.

222k – 261k
Remote8+ YOESecurity Engineering

About the role

What You Will Do

Strategy and Leadership

  • Own the strategic direction and roadmap for Confluent's internal access management program, with machine and workload identity as the durable center of gravity.
  • Drive the program's maturity model from control-building toward sustained governance and least-privilege outcomes.

Machine & Workload Identity

  • Lead the program to enforce service-to-service (S2S) authentication across Trust & Security-owned surfaces, taking ownership of the enforcement hand-off from the identity engineering team.
  • Formalize non-human identity (NHI) — service accounts, keys, and workload credentials — from pilot into a funded, governed program.
  • Stand up access controls for AI agents as agentic workloads acquire production access.

Access Governance & Standards

  • Own the Access Management Standard and the policies that operationalize least privilege, separation of duties, and periodic access review across human and machine access.
  • Ensure the standard keeps pace with the evolving access surface and remains audit-ready.

Metrics, Reporting & Governance Cadence

  • Own access metrics and reporting (e.g., JIT/unilateral-access volume, broad-privilege usage, prod-access reduction).
  • Define and track program OKRs and run the monthly execution and executive-review cadence, articulating risk posture and progress to senior leadership.

Cross-Functional Execution & Transitions

  • Drive cross-functional delivery with engineering, platform, and identity teams without direct authority.

Integration with GRC and Partner Functions

  • Ensure the access management program is tightly integrated with adjacent GRC domains and partner teams (Insider Threat, IT/Identity, Detection & Response, and engineering owners), with clear RACI across governance and operations.

What You Will Bring

Experience

  • 8+ years in security program management, identity & access management, or a closely related security discipline.
  • At least 3 years running an enterprise- or platform-scale access program in a technology company.

Technical Skills

  • Deep expertise in identity and access management concepts: least privilege, separation of duties, RBAC/ABAC, just-in-time (JIT) and privileged access management (PAM), and access review/certification.
  • Working knowledge of machine and workload identity — service-to-service authentication, non-human identity, service accounts, secrets/key management, and emerging AI-agent access patterns.
  • Strong security engineering fundamentals across cloud infrastructure security controls in GCP, AWS, and/or Azure, including Kubernetes and cloud control-plane access models.
  • Familiarity with identity platforms and access tooling (e.g., Okta, JIT/access-orchestration tooling) and how access controls are enforced in production.

Tooling and Automation

  • Experience integrating access processes, controls, or findings into GRC and access-orchestration platforms.
  • Bias toward automating access decisions over manual operations.

Program Management Skills

  • Strong project management and organizational skills.
  • Exceptional analytical and problem-solving skills, with a data-driven approach to decision-making.
  • Experience running long-term, complex security programs that deliver iterative, measurable risk reduction.

Communication and Collaboration Skills

  • Excellent written and verbal communication, with the ability to influence and lead without direct authority across engineering and security teams.
  • Ability to articulate complex technical concepts and program status to executive-level audiences and technical teams alike.

Skills

Identity And Access ManagementLeast PrivilegeRBACAbacJit AccessPamNon-Human IdentityService-To-Service AuthenticationSecrets ManagementGCPAWSAzureKubernetesOkta
Plaid

Staff Software Engineer

PlaidNew York, NY +2

Staff Software Engineer building and leading development of Plaid's core security infrastructure including IAM, key management, encryption, and access control systems. Requires experience with scalable secure systems architecture plus technical leadership.

222k – 328k
Hybrid7+ YOESecurity Engineering
Databricks

Staff Software Engineer - Security Infrastructure

DatabricksBellevue, WA

Leads security infrastructure engineering at Databricks, enhancing platform security, building scalable systems, and driving strategy. Requires 7+ years in data security, 10+ years in distributed systems, and MS/PhD.

221k – 241k
On-site7+ YOESecurity Engineering
Databricks

Senior Staff Software Engineer - IAM

DatabricksSeattle, WA

Leads IAM and security engineering to secure Databricks' data platform, plugging infrastructure gaps and building scalable systems. Requires 9+ years in data security, 15+ years in distributed systems, and MS/PhD.

220k – 297k
On-site9+ YOESecurity Engineering
Perplexity

Member of Technical Staff

PerplexitySan Francisco, CA

Conduct original research on AI system security and privacy, develop defenses and evaluation frameworks, and translate findings into production improvements at Perplexity. Requires PhD or equivalent with publications at top security venues and deep expertise in security domains.

220k – 405k
On-site7+ YOESecurity Engineering
Grow Therapy

Staff Engineer, Security

Grow TherapyNew York, NY +2

Lead security engineering as the most senior hands-on engineer, shaping multi-year roadmap and building secure-by-default infrastructure including auth, data security, and vulnerability management.

220k – 240k
Remote7+ YOESecurity Engineering