Senior IAM & Security Engineer

We are looking for a highly skilled Senior IAM & Security Engineer who will help us design, implement, and manage identity, access, and endpoint security solutions at scale. In this role, you will collaborate with cross-functional teams to enhance our IAM and endpoint security posture, implement pragmatic solutions to hard security problems, and support key compliance initiatives such as FedRAMP High.

We are looking to speak to candidates who are based on the East Coast of the US for our hybrid working model.

Responsibilities

• Lead the administration and enhancement of IAM platforms, including Okta, AWS IAM, GCP IAM, and Azure AD, ensuring secure, least-privilege, and scalable access models for both human and non-human identities (service accounts, workloads, automation and agentic AI systems) across our workforce and cloud environments
• Architect and implement SSO and authentication solutions (SAML, OIDC, OAuth2, MFA), including signals sharing and global token revocation, to strengthen user and workload verification and session security
• Design, implement, and continuously improve RBAC, access models, and identity governance workflows, ensuring strong access hygiene, clear separation of duties, and audit readiness
• Define and standardize patterns for non-human identity lifecycle and access (e.g., cloud workloads, automation tools, agentic AI systems), ensuring consistent, least‑privilege access across environments
• Automate complex identity lifecycle processes (provisioning, deprovisioning, access changes, and just‑in‑time access) using Terraform/OpenTofu, CloudFormation, Python, and Tines, reducing manual effort and error rates
• Secure multi-cloud environments (AWS, GCP, Azure) from an identity and access perspective, focusing on IAM policies, resource permissions, preventative controls, and alignment with our enterprise cloud strategy
• Define and enforce security controls for GitHub and CI/CD access, ensuring secure repository management, branch protection, and integration with centralized IAM policies
• Use Datadog and related observability / SIEM tooling to build, tune, and maintain security alerting and investigation capabilities for identity, access, and endpoint events, partnering closely with detection engineering and incident response teams
• Manage and improve our endpoint security posture and device trust controls, working closely with teams that operate MDM platforms to ensure signals are integrated into IAM and Zero Trust decisions
• Support FedRAMP High and other regulatory/compliance programs by implementing required IAM and endpoint controls, improving monitoring coverage, and providing evidence for audits and assessments
• Monitor, investigate, and respond to IAM and cloud security incidents; lead root cause analysis, drive remediation efforts, and contribute to continuous improvement of controls and processes
• Provide subject matter expertise to cross-functional teams (e.g., IT, Cloud Security, HRIS, and product teams) as they design and deploy services that rely on secure identity, access, and device trust foundations

Requirements

• At least 5 years of experience in Identity & Access Management, Security Engineering, or Cloud Security roles with increasing responsibility
• Demonstrated experience working in or supporting FedRAMP High or Moderate environments, or equivalent U.S. public-sector frameworks (e.g., FISMA, StateRAMP), including control implementation, continuous monitoring, and audit support (e.g., NIST 800‑53, Authority to Operate (ATO) and ATO‑ready processes, and Plan of Action and Milestones (POA&M))
• Subject matter expertise in securing workforce identity and access at scale in an enterprise environment using platforms such as Okta, AWS IAM, GCP IAM, and Azure AD
• Strong understanding of authentication and authorization in modern environments, including OAuth2, OIDC, SAML, MFA, and phishing-resistant authentication methods
• Deep experience designing and operating RBAC models, access patterns, and identity governance workflows, including identity lifecycle (provisioning, deprovisioning, access reviews, and just‑in‑time access)
• Experience securing non-human identities (e.g., service accounts, workloads, automation identities, and agentic AI systems), including lifecycle management, secret/key management, and least‑privilege access design
• Strong experience with infrastructure-as-code, such as Terraform/OpenTofu and CloudFormation, to deploy and manage IAM and security controls in A