Responsibilities
- Define the long-term IAM strategy, roadmap, and operating model across the enterprise and product ecosystem.
- Assess and mature the current-state Identity Provider (IDP) architecture, identifying gaps and driving the path to a resilient, scalable design.
- Drive all identity systems toward Zero Trust principles - secure, scalable, and frictionless by default.
- Automate the full identity lifecycle beyond traditional IGA joiner-mover-leaver (JML) processes.
- Implement and enforce RBAC for human and non-human identities at scale.
- Define and operationalize least-privilege policies across all systems and environments.
- Centralize secrets management - keys, tokens, certificates - across cloud and enterprise environments.
- Design and deliver Privileged Access Management (PAM) for admin accounts spanning enterprise IT and cloud engineering.
- Implement a scalable access management model for AI agents and bots.
- Collaborate with IT Apps and infrastructure teams to enforce and enable SSO across the enterprise.
- Own the implementation and governance of authentication protocols (SAML, OIDC, OAuth 2.0) and modern identity standards.
- Partner with engineering, security, IT, compliance, and product teams to deliver access management capabilities that enable the business and satisfy audit requirements.
- Translate complex identity requirements into clear, executable technical plans and communicate tradeoffs to senior stakeholders.
Requirements
- 8 - 12+ years in identity engineering, security engineering, or a closely related discipline.
- Hands-on architecture or engineering experience in cloud environments (AWS, GCP, or Azure).
- Demonstrated track record of leading complex, cross-functional IAM programs from design through production.
- Deep expertise in modern IAM technologies: directories (LDAP/AD), IDPs, federation, and authentication protocols (SAML, OIDC, OAuth 2.0).
- Practical experience implementing Zero Trust identity models and PAM frameworks.
- Strong understanding of identity governance, IGA tooling, and role lifecycle management.
- Hands-on experience with secrets management platforms (e.g., HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager).
- Experience with non-human identity and machine identity management in large-scale environments.
- Experience building access controls for AI workloads, agents, or service accounts at scale.
- Familiarity with SCIM provisioning and automated IGA workflows.
- Excellent communication and influencing skills.
Nice to Have
- Security certifications such as CISSP, GIAC, or similar.
- Solid grasp of compliance frameworks relevant to identity (SOC 2, ISO 27001, NIST, or similar) and experience supporting audit processes.
Compensation
Base salary range: $180,000 - $230,000 USD annually. Total compensation includes equity, comprehensive health/dental/vision insurance, 401k match, learning/wellness stipends, and paid time off.