Skip to content
The Voleon GroupThe Voleon GroupBerkeley, CA

IAM Architect

Designs and implements identity and access management strategy for hybrid infrastructure including Linux, Kubernetes, Windows, AWS, and Azure. Leads IAM roadmap, privileged access management, zero-trust extensions, and builds/scales IAM team. Requires 8+ years experience with authentication protocols and cloud IAM platforms.

280k – 310k
Remote8+ YOESecurity Engineering

About the role

Responsibilities

  • Design and implement IAM strategy across hybrid infrastructure - Linux, Kubernetes, Windows, AWS, Azure, and cloud identity providers
  • Architect identity solutions that bridge POSIX-based authentication with modern cloud platforms (OIDC, SAML, federation), migrating from legacy models
  • Implement privileged access management - just-in-time access, least privilege, periodic reviews, and accountability for shared service accounts
  • Extend zero-trust capabilities beyond current SASE remote access to broader infrastructure
  • Partner cross-functionally with Security Engineering, Infrastructure, DevOps, and Corp IT to integrate identity controls without disrupting production
  • Define the IAM roadmap — prioritize high-risk areas, translate business requirements into technical solutions, and establish credibility with senior engineering and research leaders
  • Build the IAM team - hire, mentor, and lead IAM engineers as the program scales

Requirements

  • 8+ years of experience in identity and access management, security engineering, or infrastructure engineering with focus on authentication/authorization
  • Deep expertise in hybrid identity architectures bridging on-premise (LDAP, FreeIPA, Active Directory) and cloud identity platforms (AWS IAM, Azure AD/Entra, Google Workspace)
  • Strong understanding of modern authentication protocols: OIDC, SAML, OAuth2, LDAP, Kerberos
  • Hands-on experience implementing identity solutions in Linux-heavy environments with POSIX requirements
  • Experience with cloud IAM platforms (AWS IAM / Identity Center, Azure AD, GCP IAM) including roles, policies, federation, and service accounts
  • Knowledge of privileged access management (PAM) tools and patterns (CyberArk, HashiCorp Vault, AWS Secrets Manager, or similar)
  • Understanding of zero-trust architecture principles and implementation patterns
  • Demonstrated ability to balance security requirements with operational workflows and production stability
  • Proven track record working with senior technical leaders and building organizational trust
  • Strong communication skills to explain complex identity concepts to both technical and non-technical stakeholders
  • Experience or strong interest in building and leading technical teams

Preferred Qualifications

  • Experience with Kubernetes service account management and pod identity patterns
  • Familiarity with infrastructure-as-code (Terraform, Ansible) for identity provisioning
  • Experience implementing SCIM for automated user lifecycle management
  • Background in financial services, hedge funds, or high-security research environments
  • Experience with compliance frameworks (SOC 2, ISO 27001) as they relate to identity
  • Certifications such as CISSP, CCSP, or vendor-specific identity certifications
  • Bachelor's or Master's degree in Computer Science, Information Security, or related field

Skills

IAMOauth2OIDCSAMLLdapKerberosActive DirectoryFreeipaAws IamAzure AdGoogle Cloud IamKubernetesZero TrustPam
Fluidstack

Security Lead, Deployment & Ops

FluidstackNew York, NY +2

Own physical security end-to-end for greenfield hyperscale data center builds from groundbreaking through steady-state operations, managing guard forces, security systems deployment, and critical asset protection. Requires 10+ years data center security experience and deep ESS knowledge.

280k – 300k
On-site10+ YOESecurity Engineering
OpenAI

Offensive Security Engineer, Agent Security

OpenAISan Francisco, CA +3

Principal-level Offensive Security Engineer conducts red/purple team operations and penetration testing on AI agent products like Codex and Operator, hunting vulnerabilities in app-infra-model interactions and collaborating with defensive teams to strengthen security.

278k – 490k
Remote7+ YOESecurity Engineering
OpenAI

Secure Manufacturing & Stealth Investigator

OpenAISan Francisco, CA

Lead complex investigations into leaks, insider risks, supply chain compromises, and adversarial activity affecting OpenAI's secure manufacturing, stealth programs, unreleased hardware, and prototypes. Requires 8+ years investigative experience across cyber, physical, and operational domains.

288k – 425k
Hybrid8+ YOESecurity Engineering
OpenAI

Security Preparedness Lead, Coding Agents

OpenAISan Francisco, CA

Lead security efforts to protect OpenAI's internal AI coding agents from advanced cyber threats including APTs and insider risks. Requires strong hands-on technical skills in threat modeling, prototyping defenses, and coordinating cross-team security initiatives.

293k – 405k
HybridSecurity Engineering
OpenAI

Systems Software Engineer, Security, First Party Hardware

OpenAISan Francisco, CA

Security Engineer owning end-to-end hardware, firmware, and system security for OpenAI's first-party AI accelerators and servers. Requires 7+ years in hardware/embedded security and strong systems programming skills.

266k – 445k
Hybrid7+ YOESecurity Engineering