Senior Security Engineer, Identity & Access Management

Role Overview

You will own the design, implementation, and operation of Identity & Access Management (IAM) systems for the enterprise identity stack, supporting both the workforce and customer-facing authentication and authorization capabilities. Serving as the connective tissue between IT, Engineering, and Security, you will ensure every identity—human or machine—is governed consistently and securely.

Responsibilities

• Design and support the end-to-end lifecycle of workforce identity systems, including identity automation, access management, and least-privilege enforcement across internal systems.
• Support the design of secure identity patterns for product teams building on core platforms.
• Manage and evolve the Identity Provider (IdP) in conjunction with IT, including SSO integrations, MFA policies, conditional access rules, and directory synchronization.
• Define and enforce RBAC and group-based access policies for internal applications, cloud environments, and development tooling.
• Support privileged access management (PAM) for internal infrastructure in collaboration with Engineering teams.
• Design and build AI-assisted workflows that automate and accelerate core IAM operations.
• Evaluate AI risks across IAM pipelines, ensuring appropriate security controls around data exposure, prompt injection, and other threats.
• Collaborate with Product, Engineering, Data, Compliance, and Legal teams to identify and drive mitigation for data security risks.
• Support operational and on-call duties such as vulnerability management, regulatory compliance (SOC 2, CCPA, NYDFS, FTC), policy development, incident response, and security reviews.

Requirements

• 5+ years in security engineering roles with a core focus on identity and access management.
• Bachelor's degree in Information Security, Computer Science, Technology, or a related field.
• Relevant security certifications such as CISSP, CISM, CCSK, or CCSP.
• Deep expertise in modern identity protocols and standards: SAML 2.0, OIDC/OAuth 2.0, SCIM, LDAP, and related specifications.
• Proven experience administering and scaling IdP platforms (e.g., Okta, Azure AD / Entra ID, Google Workspace) including SSO, MFA, conditional access, and directory sync.
• Solid background in cloud IAM (GCP preferred), including service accounts, workload identity federation, and policy-as-code approaches.
• Strong expertise in building PAM solutions and identity vaults while enforcing least-privilege across human and non-human identities.
• Experience building AI/LLM-powered workflows with a practical understanding of the identity and access risks they introduce.
• Familiarity with securing non-human and agentic identities, including AI service accounts, API key governance, and audit logging for automated systems.
• Applied knowledge of industry security and compliance frameworks such as OWASP, NIST, CIS, and SOC 2/ISO 27001 concepts.
• Excellent communication and collaboration skills, with the ability to explain complex security concepts to both technical and non-technical stakeholders.

Preferred Qualifications

• Experience working in high-growth or startup environments.
• Hands-on experience with modern identity security technologies and tooling.

Benefits

• Competitive salary with a meaningful stake in the company via equity and a 401k plan.
• Comprehensive medical, dental, and vision benefits.
• Commuter benefits including pre-tax deductions for public transportation, rideshare services, and parking.
• Learning and development opportunities, including company-wide orientation and regular 360-degree feedback cycles.
• Quarterly budgets for team and company outings.
• Generous time off including flexible paid time off, sick days, and 11 company holidays.
• 12 weeks of fully paid parental leave for both birthing and non-birthing parents.