Key skills
AWSAzureCloudGoogle Cloud PlatformPythonTerraformPowerShellAIGCPGoogle CloudIAMJWTSAMLAgileCI/CDCommunicationCloud SecurityZero Trust
About this role
Role Overview
- Architect and implement PBAC and RBAC solutions, including policy models, roles, decision engines, enforcement points, and policy‑as‑code frameworks.
- Design and operationalize fine‑grained authorization for applications, services, APIs, and data platforms, enabling contextual and attribute‑based access decisions.
- Develop an identity security framework for AI, defining identity controls, access constraints, and governance models for AI agents, models, datasets, and prompt flows.
- Integrate PBAC with workload identity, service‑to‑service authentication, and distributed access decisioning within modern cloud and microservice environments.
- Partner with application and platform teams to embed authorization-by-design into solution architecture, code, and deployment pipelines.
- Evaluate and implement fine grained authorization policies & custom RBAC roles; defining their integration points and governance processes.
- Develop automated tooling for policy validation, simulation, testing, and versioning to ensure consistent enforcement and safe policy deployment.
- Ensure authorization architecture aligns with risk, compliance, and regulatory requirements while supporting performance, reliability, and developer usability.
- Stay current on emerging trends in authorization engineering, zero trust, AI access governance, and modern identity security paradigms.
Requirements
- 5+ years of experience in cloud security architecture, identity engineering, or IAM platform development within large, complex environments.
- Deep technical expertise in Workforce IAM and Cloud IAM, including federation, authentication flows, workload identity, entitlement models, and identity governance.
- Hands-on experience designing and implementing fine--grained authorization solutions, including standalone PBAC/ABAC architectures, policy--as---code, and authorization decision engines.
- Strong understanding of modern identity protocols and patterns (OIDC, OAuth2, SAML, JWT, service identity, API authorization).
- Experience engineering scalable authorization or IAM components, including integration with CI/CD pipelines, automation frameworks, and cloud-native services.
- Practical knowledge of cloud provider IAM (Azure, AWS, GCP), including role design, conditional access, workload identity, and cloud-native security controls.
- Familiarity with identity security requirements for AI, including secure access for AI agents, models, datasets, and prompt flows utilizing modern security controls
- Demonstrated ability to translate complex identity and authorization needs into secure, reusable architectural patterns.
- Strong scripting or automation abilities (Python, PowerShell, Terraform, or similar), with experience building tools or utilities that support IAM/PBAC capabilities.
- Excellent communication skills, with the ability to clearly articulate technical concepts to engineering, product, and security stakeholders.
- Experience working in SAFE or similar agile work methodologies.
- Hands-on, analytical problem-solver with the ability to support on-call escalations for identity and authorization issues.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- Python
- Terraform
Benefits
- medical, dental and vision benefits
- 401(k) retirement savings plan
- time off (including paid time off, company and personal holidays, volunteer time off, paid parental and caregiver leave)
- short-term and long-term disability
- life insurance
- many other opportunities