# Senior Identity Security Engineer **Company:** [Palantir](https://hotfix.jobs/companies/palantir) **Location:** Washington, DC **Experience:** 5+ years **Skills:** SAML, OIDC, Oauth 2.0, SCIM, Fido2, Webauthn, Entra Id, Okta, Go, Python, PowerShell, TypeScript, RBAC, Abac, Mtls **Posted:** 2026-05-28 > Senior Identity Security Engineer responsible for architecting and securing identity infrastructure across workforce, customer, and workload identity planes. Requires 5+ years of experience, deep expertise in identity protocols, hands-on IAM platform experience, and proficiency in Go/Python/PowerShell/TypeScript. ## Job Description ## Core Responsibilities - Own the day-to-day identity security posture across corporate, production, customer, and US Government identity planes - Drive the rollout of agent identity infrastructure - short-lived credentials, lifecycle bound to a human principal, controlled workload onboarding - Architect authentication, federation, and authorization systems - including SAML, OIDC, and policy-driven access control models (RBAC, ABAC, policy-as-code) - across workforce and workload identity - Scale non-human identity patterns across service, workload, and agent populations - short-lived credentials, mTLS, identity-based networking - Drive adoption of just-in-time access patterns across the identity program, partnering with platform and engineering teams on governance rollout and policy enforcement - Lead identity threat modeling on a regular cadence; publish findings and track remediation - Serve as a primary security reviewer on identity architecture decisions and cross-team RFCs - Research and drive adoption of emerging identity security primitives and standards in partnership with Security Engineers across InfoSec - Partner with engineering teams across Palantir to reduce the attack surface of identity integrations at scale ## Requirements - 5+ years of experience in Information Security, Identity and Access Management, or an equivalent discipline, with demonstrated depth in identity-specific security - Hands-on production experience with at least one enterprise identity provider (Entra ID, Okta, or equivalent), including its governance and security surface - Deep technical proficiency in identity protocols (SAML, OIDC, OAuth 2.0, SCIM, FIDO2, WebAuthn) and their attack surface - Working proficiency in Go, Python, PowerShell, or TypeScript - enough to prototype tooling, analyze identity-handling code for security defects, scale automation across the environment, and engage in code review - Strong communication skills and ability to communicate to a wide-ranging audience ## Nice-to-Haves - Experience with cloud IAM and workload identity patterns - service accounts and identity-based access in distributed environments - Experience designing or evaluating non-human identity (NHI) architectures - service, workload, and agent - Familiarity with privileged access management and secrets management patterns at scale - A track record of reducing standing access and shifting organizations toward just-in-time access postures in production environments - Experience with identity governance platforms and a clear-eyed view of their security implications - Identity threat detection and response experience, including detection engineering against identity telemetry - Red team, offensive security, or incident response background - especially with an identity focus - Exposure to regulated environments (FedRAMP, SOX, IL-levels) - Desire to further the identity security community through substantive contributions (conference talks, blog posts, public tool development, RFCs) - Current US security clearance, or eligibility to obtain clearance **Apply:** https://hotfix.jobs/jobs/senior-identity-security-engineer-at-palantir-d93b5e96-5d57-4ef7-8378-066a8f10de18 **Canonical:** https://hotfix.jobs/jobs/senior-identity-security-engineer-at-palantir-d93b5e96-5d57-4ef7-8378-066a8f10de18