BlankfactorRemote
Senior Key Management (IAM Engineer)
United States
Full-time
3 weeks ago
H1B Sponsor Likely
Key skills
Enterprise key managementApplication secrets managementSSO / federated identityAkeyless platform experienceAzure experienceVaults / HSMsPKI fundamentalsCI/CD integrationscripting abilityengineering disciplinePythonGoAzureKubernetesGitHub ActionsIAMSAMLSSOGitHubCI/CD
About this role
Blankfactor is dedicated to engineering impact by building high-quality tech solutions for fast-moving industries. They are seeking a Senior Key Management / IAM Engineer to lead the enterprise rollout of Akeyless as a core secrets, key, and identity-enablement platform, focusing on secure, scalable adoption across the organization.
Responsibilities:
- Design and implement an enterprise Akeyless architecture, including tenancy strategy, auth methods, access boundaries, and operational model
- Stand up and harden the platform for enterprise use: environments, networking, availability, audit logging, backup/DR considerations, and upgrades
- Define standards for secret lifecycle management (creation, rotation, expiration, revocation, and deletion) aligned with security policies and compliance needs
- Build and maintain self-service workflows to onboard teams and applications to Akeyless with minimal friction
- Implement and govern enterprise key management practices:
- Encryption key generation, rotation, and separation of duties
- Key hierarchy and envelope encryption patterns
- Governance, auditing, and access controls for keys and secret material
- Design integrations with HSMs / KMS systems and associated crypto boundary controls (including policy and operational procedures)
- Establish and enforce application secrets management patterns (runtime injection, sidecar/agent patterns where applicable, CI/CD integration, and secret zero/least exposure)
- Implement SSO and federated identity integration for Akeyless and related tooling (SAML/OIDC), aligning with enterprise IdP standards
- Design and implement IAM patterns such as:
- Workload identity and short-lived credentials
- Role-based access control and least privilege enforcement
- Fine-grained authorization and policy design for platform consumers
- Partner with identity governance stakeholders to ensure alignment with access review and audit requirements
- Design and operate enterprise PKI / certificate management workflows:
- Certificate issuance/renewal automation
- Integration with internal/external CAs as required
- Standards for mTLS, service identity, and certificate lifecycle governance
- Build tooling and automation to make certificate workflows consumable across teams and platforms
- Build infrastructure and integrations enabling broad adoption (examples):
- Azure integrations (identity, networking, managed services)
- CI/CD integrations for secrets and cert issuance (GitHub Actions, ADO, etc., if applicable)
- Kubernetes patterns for secret injection and rotation (where relevant)
- Observability integrations (metrics, logs, alerts) and operational dashboards
- Create documentation, onboarding guides, and reference implementations (“golden paths”) for engineering teams
- Serve as escalation point for complex incidents involving identity, cryptography, and secret distribution
Requirements:
- Senior-level experience in enterprise secrets management and IAM (design + operational ownership)
- Strong expertise in: Enterprise key management practices (rotation, separation of duties, auditability, crypto governance)
- Application secrets management (runtime consumption patterns, rotation automation, CI/CD integration)
- SSO / federated identity (SAML, OIDC), RBAC, least privilege, and secure access patterns
- Vaults / HSMs and secure key storage concepts (HSM-backed keys, access controls, auditing)
- PKI fundamentals and enterprise certificate lifecycle automation
- Hands-on experience with Akeyless (required) and delivering it as a platform service
- Hands-on experience with Azure (required), including identity and security constructs
- Strong engineering discipline: automation-first mindset, high-quality documentation, and operational readiness
- Experience integrating secrets and PKI workflows with Kubernetes (secret injection, rotation strategies, workload identity patterns)
- Experience with regulatory/compliance-driven environments (SOC2, ISO 27001, PCI, HIPAA, etc.) and audit-ready controls
- Familiarity with threat modeling, cryptographic boundary design, and secure-by-default platform guardrails
- Experience building self-service internal platforms (platform engineering practices, developer enablement)
- Strong scripting/programming ability (e.g., Python, Go, or similar) for automation and tooling