Staff IAM Engineer

The Role

The Staff IAM Engineer is responsible for securing and managing all non-human identities  including service accounts, application identities, machine credentials, APIs, bots, and workloads across on-prem, cloud, and crypto infrastructure. This role ensures that automated and machine-based identities follow the same governance, lifecycle, and least-privilege principles as human users. You will design systems that enable secure authentication, secrets management, and access provisioning for automated services, APIs, and DevOps pipelines. This role directly protects sensitive financial data, crypto custody environments, and transaction systems from privilege misuse, credential leakage, and insider or supply chain threats.

 

What You’ll Do

Identity Architecture & Engineering

• Design, implement, and maintain a Non-Human Identity (NHI) framework governing all service accounts, API tokens, certificates, and machine credentials.
• Implement centralized secrets management using tools such as HashiCorp Vault or AWS Secrets Manager, 
• Build integrations with CI/CD pipelines and cloud services (AWS, GCP, Azure) to enforce automated credential rotation and JIT provisioning.
• Define and implement tagging, ownership, and classification models for non-human identities.
• Develop scalable onboarding processes for applications, workloads, and bots that require secure authentication.

 Lifecycle Management & Governance

• Develop automated workflows for creation, rotation, deactivation, and certification of service accounts and API keys.
• Partner with developers and DevOps to transition hard-coded credentials to secure vaults.
• Establish policies for key rotation frequency, credential expiration, and certificate renewal.
• Integrate NHI lifecycle into IAM governance tools (Okta).
• Support quarterly access reviews and certification campaigns for non-human identities.

 Automation & Integration

• Build automation using