Responsibilities
Identity & Access Architecture
- Define and evolve the workforce IAM roadmap
- Architect identity patterns across Okta and SaaS estate SSO at scale, RBAC design, and lifecycle automation from HRIS through joiner/mover/leaver
- Build sustainable Identity Governance & Administration (IGA) practice including User Access Review campaigns
Security Design
- Lead initiatives across authentication, authorization, federation, and privileged access
- Design time-bound, just-in-time, and break-glass patterns (PIM-equivalent) for high-risk roles
- Govern non-human identities, service accounts, API tokens, OAuth integrations, and AI agents
- Embed Zero Trust and least-privilege principles
Securing & Monitoring Corporate Communications
- Manage security of corporate communication platforms (email, Slack) through Abnormal Security and Proofpoint
- DLP enforcement to protect PII
- Conduct email investigations for spam, phishing, and other threats
Endpoint, Mobile & Browser Security
- Define and enforce hardening standards aligned with CIS benchmarks
- Own configuration baselines for macOS, Windows, and Linux Desktops
- Architect enterprise browser security, extension governance, session protection, and DLP at the browser layer
Vulnerability & Posture Management
- Lead workforce vulnerability management program for endpoints and corporate SaaS
- Design remediation SLAs by severity and asset class
- Run remediation campaigns to closure
- Operate SaaS posture tooling (Wiz, Vanta, Drata, or peers)
AI Tool Security
- Establish and enforce secure architecture for AI tool usage
- Define data handling boundaries, connector security, identity-aware access controls
- Implement detection for misuse with bias toward enabling business safely
Governance & Operations
- Run UAR campaigns end-to-end
- Drive remediation of audit findings (SOC 2, ISO 27001)
- Partner with MDR MSP and internal teams to mature identity-related detection and incident response
Requirements
- 6+ years in security engineering with deep experience in IAM and corporate security, ideally in a regulated environment
- Strong command of authentication and authorization protocols (SAML, OIDC, OAuth, SCIM, LDAP)
- Experience with enterprise IAM platforms (Okta, Entra ID), RBAC design, and lifecycle automation
- Familiarity with endpoint management and EDR; operationalizing CIS benchmarks across macOS and Windows
- Experience designing remediation SLAs, running remediation campaigns, and operating SaaS posture tooling (Wiz, Vanta, Drata)
- Comfortable building tools and pipelines with Python, Go, or similar
- Strong writing skills for RFCs, one-pagers, audit narratives
- Experience operating in SOC 2 and ISO 27001/NIST environments
- Experience with network monitoring & alerting, perimeter blocking, ZTNA, ACLs, firewall rules, cryptography, VPNs
Preferred Qualifications
- Hands-on experience with Privileged Access Management (CyberArk, BeyondTrust, Delinea)
- Identity Governance & Administration (Saviynt, SailPoint, ConductorOne, Lumos)
- Modern secrets management (HashiCorp Vault, Doppler)
- Zero Trust implementation experience
- Policy-as-code (OPA / Rego)
- Experience partnering with MDR / managed SOC
- Security certifications (CISSP or vendor IAM certifications)