# Technical Lead, Identity & Access Management

**Company:** [Applied Intuition](https://hotfix.jobs/companies/applied-intuition)
**Location:** Sunnyvale, CA
**Role:** Security Engineering
**Salary:** $180k – $230k/yr
**Experience:** 8+ years
**Skills:** IAM, Zero Trust, RBAC, Pam, SSO, SAML, OIDC, Oauth 2.0, Hashicorp Vault, Aws Secrets Manager, Gcp Secret Manager, SCIM, Iga, Ldap, Active Directory
**Posted:** 2026-04-21

> Hands-on technical lead owning end-to-end identity and access management, from IDP architecture to privileged access, secrets management, and AI agent governance. Drives Zero Trust implementation, IAM strategy, and cross-functional collaboration in cloud environments. Requires 8-12+ years in identity/security engineering.

## Job Description

## Responsibilities
- Define the long-term IAM strategy, roadmap, and operating model across the enterprise and product ecosystem.
- Assess and mature the current-state Identity Provider (IDP) architecture, identifying gaps and driving the path to a resilient, scalable design.
- Drive all identity systems toward Zero Trust principles - secure, scalable, and frictionless by default.
- Automate the full identity lifecycle beyond traditional IGA joiner-mover-leaver (JML) processes.
- Implement and enforce RBAC for human and non-human identities at scale.
- Define and operationalize least-privilege policies across all systems and environments.
- Centralize secrets management - keys, tokens, certificates - across cloud and enterprise environments.
- Design and deliver Privileged Access Management (PAM) for admin accounts spanning enterprise IT and cloud engineering.
- Implement a scalable access management model for AI agents and bots.
- Collaborate with IT Apps and infrastructure teams to enforce and enable SSO across the enterprise.
- Own the implementation and governance of authentication protocols (SAML, OIDC, OAuth 2.0) and modern identity standards.
- Partner with engineering, security, IT, compliance, and product teams to deliver access management capabilities that enable the business and satisfy audit requirements.
- Translate complex identity requirements into clear, executable technical plans and communicate tradeoffs to senior stakeholders.

## Requirements
- **8 - 12+ years** in identity engineering, security engineering, or a closely related discipline.
- Hands-on architecture or engineering experience in cloud environments (**AWS**, **GCP**, or **Azure**).
- Demonstrated track record of leading complex, cross-functional IAM programs from design through production.
- Deep expertise in modern IAM technologies: directories (**LDAP/AD**), IDPs, federation, and authentication protocols (**SAML**, **OIDC**, **OAuth 2.0**).
- Practical experience implementing **Zero Trust** identity models and **PAM** frameworks.
- Strong understanding of identity governance, **IGA** tooling, and role lifecycle management.
- Hands-on experience with secrets management platforms (e.g., **HashiCorp Vault**, **AWS Secrets Manager**, **GCP Secret Manager**).
- Experience with non-human identity and machine identity management in large-scale environments.
- Experience building access controls for AI workloads, agents, or service accounts at scale.
- Familiarity with **SCIM** provisioning and automated IGA workflows.
- Excellent communication and influencing skills.

## Nice to Have
- Security certifications such as **CISSP**, **GIAC**, or similar.
- Solid grasp of compliance frameworks relevant to identity (**SOC 2**, **ISO 27001**, **NIST**, or similar) and experience supporting audit processes.

## Compensation
**Base salary range: $180,000 - $230,000 USD annually.** Total compensation includes equity, comprehensive health/dental/vision insurance, 401k match, learning/wellness stipends, and paid time off.

## Similar roles

- [Senior GRC Engineer](https://hotfix.jobs/jobs/bfcb5755-185d-4c09-bda1-9f49a4ecb6c8) - Postman - San Francisco, CA - $180k – $200k/yr
- [Senior Application Security Engineer](https://hotfix.jobs/jobs/79016b33-ba89-41bf-b2dc-def7958e241d) - Monarch - Remote - $180k – $215k/yr
- [Senior Security Engineer, GRC](https://hotfix.jobs/jobs/8a3040c3-16a4-42c0-8c91-cbee4a8039b3) - Temporal - Remote - $180k – $225k/yr
- [Senior Security Engineer](https://hotfix.jobs/jobs/48ed30bc-1b7a-42a6-9225-139997bf3b3b) - Kaizen Labs - New York, NY - $180k – $220k/yr
- [Manager, Network Security](https://hotfix.jobs/jobs/675ca948-bd5b-42a9-a275-8767a272094e) - Lumin Digital - Remote - $180k – $200k/yr

**Apply:** https://hotfix.jobs/jobs/cd806fc6-1a4e-4338-a9a9-7ed094b50824
**Canonical:** https://hotfix.jobs/jobs/cd806fc6-1a4e-4338-a9a9-7ed094b50824