Senior IAM & Security Engineer

<p>We are looking for a highly skilled Senior IAM Security Engineer who will help us design, implement, and manage identity, access, and endpoint security solutions at scale. In this role, you will collaborate with cross-functional teams to enhance our IAM and endpoint security posture, implement pragmatic solutions to hard security problems, and support key compliance initiatives such as FedRAMP High.</p> <p>We are looking to speak to candidates who are based on the East Coast of the US for our hybrid working model.</p> <h3>Responsibilities</h3> <ul> <li>Lead the administration and enhancement of IAM platforms, including Okta, AWS IAM, GCP IAM, and Azure AD, ensuring secure, least-privilege, and scalable access models for both human and non-human identities (service accounts, workloads, automation and agentic AI systems) across our workforce and cloud environments</li> <li>Architect and implement SSO and authentication solutions (SAML, OIDC, OAuth2, MFA), including signals sharing and global token revocation, to strengthen user and workload verification and session security</li> <li>Design, implement, and continuously improve RBAC, access models, and identity governance workflows, ensuring strong access hygiene, clear separation of duties, and audit readiness</li> <li>Define and standardize patterns for non-human identity lifecycle and access (e.g., cloud workloads, automation tools, agentic AI systems), ensuring consistent, least‑privilege access across environments</li> <li>Automate complex identity lifecycle processes (provisioning, deprovisioning, access changes, and just‑in‑time access) using Terraform/OpenTofu, CloudFormation, Python, and Tines, reducing manual effort and error rates</li> <li>Secure multi-cloud environments (AWS, GCP, Azure) from an identity and access perspective, focusing on IAM policies, resource permissions, preventative controls, and alignment with our enterprise cloud strategy</li> <li>Define and enforce security controls for GitHub and CI/CD access, ensuring secure repository management, branch protection, and integration with centralized IAM policies</li> <li>Use Datadog and related observability / SIEM tooling to build, tune, and maintain security alerting and investigation capabilities for identity, access, and endpoint events, partnering closely with detection engineering and incident response teams</li> <li>Manage and improve our endpoint security posture and device trust controls, working closely with teams that operate MDM platforms to ensure signals are integrated into IAM and Zero Trust decisions</li> <li>Support FedRAMP High and other regulatory/compliance programs by implementing required IAM and endpoint controls, improving monitoring coverage, and providing evidence for audits and assessments</li> <li>Monitor, investigate, and respond to IAM and cloud security incidents; lead root cause analysis, drive remediation efforts, and contribute to continuous improvement of controls and processes</li> <li>Provide subject matter expertise to cross-functional teams (e.g., IT, Cloud Security, HRIS, and product teams) as they design and deploy services that rely on secure identity, access, and device trust foundations</li> </ul> <h3>Requirements</h3> <ul> <li>At least 5 years of experience in Identity Access Management, Security Engineering, or Cloud Security roles with increasing responsibility</li> <li>Demonstrated experience working in or supporting FedRAMP High or Moderate environments, or equivalent U.S. public-sector frameworks (e.g., FISMA, StateRAMP), including control implementation, continuous monitoring, and audit support (e.g., NIST 800‑53, Authority to Operate (ATO) and ATO‑ready processes, and Plan of Action and Milestones (POAM))</li> <li>Subject matter expertise in securing workforce identity and access at scale in an enterprise environment using platforms such as Okta, AWS IAM, GCP IAM, and Azure AD</li> <li>Strong understanding of authentication and authorization in modern envi ... (truncated, view full listing at source)