Senior Identity Security Engineer

Core Responsibilities

• Own the day-to-day identity security posture across corporate, production, customer, and US Government identity planes
• Drive the rollout of agent identity infrastructure - short-lived credentials, lifecycle bound to a human principal, controlled workload onboarding
• Architect authentication, federation, and authorization systems - including SAML, OIDC, and policy-driven access control models (RBAC, ABAC, policy-as-code) - across workforce and workload identity
• Scale non-human identity patterns across service, workload, and agent populations - short-lived credentials, mTLS, identity-based networking
• Drive adoption of just-in-time access patterns across the identity program, partnering with platform and engineering teams on governance rollout and policy enforcement
• Lead identity threat modeling on a regular cadence; publish findings and track remediation
• Serve as a primary security reviewer on identity architecture decisions and cross-team RFCs
• Research and drive adoption of emerging identity security primitives and standards in partnership with Security Engineers across InfoSec
• Partner with engineering teams across Palantir to reduce the attack surface of identity integrations at scale

Requirements

• 5+ years of experience in Information Security, Identity and Access Management, or an equivalent discipline, with demonstrated depth in identity-specific security
• Hands-on production experience with at least one enterprise identity provider (Entra ID, Okta, or equivalent), including its governance and security surface
• Deep technical proficiency in identity protocols (SAML, OIDC, OAuth 2.0, SCIM, FIDO2, WebAuthn) and their attack surface
• Working proficiency in Go, Python, PowerShell, or TypeScript - enough to prototype tooling, analyze identity-handling code for security defects, scale automation across the environment, and engage in code review
• Strong communication skills and ability to communicate to a wide-ranging audience

Nice-to-Haves

• Experience with cloud IAM and workload identity patterns - service accounts and identity-based access in distributed environments
• Experience designing or evaluating non-human identity (NHI) architectures - service, workload, and agent
• Familiarity with privileged access management and secrets management patterns at scale
• A track record of reducing standing access and shifting organizations toward just-in-time access postures in production environments
• Experience with identity governance platforms and a clear-eyed view of their security implications
• Identity threat detection and response experience, including detection engineering against identity telemetry
• Red team, offensive security, or incident response background - especially with an identity focus
• Exposure to regulated environments (FedRAMP, SOX, IL-levels)
• Desire to further the identity security community through substantive contributions (conference talks, blog posts, public tool development, RFCs)
• Current US security clearance, or eligibility to obtain clearance