ServiceTitanRemote
Senior Identity & Access Engineer
United States of America
Full Time
3 weeks ago
$126,000 - $168,000 USD
H1B Sponsor Likely
Key skills
Identity & Access Management (IAM/IGA)Lifecycle Management (Joiner/Mover/Leaver)Role-Based Access Control (RBAC)Attribute-Based Access Control (ABAC)Principle of Least PrivilegeIdentity GovernanceAdministration (IGA) ToolsVezaLumosOktaNon-Human Identity ManagementSecrets ManagementCloud Platforms AWSCloud Platforms GCPIdentity Security Posture Management (ISPM)Compliance SOXCompliance PCICompliance ISO 27001Compliance SOC 1/2AutomationScriptingSystems ThinkingData-Driven Decision MakingAISnowflakeAWSGCPIAMGlueSaaSLeadershipCollaboration
About this role
ServiceTitan is building a Next-Generation Identity Fabric and is seeking a technical powerhouse to lead their Identity Governance and Administration program. The role involves architecting identity security solutions, managing access workflows, and ensuring compliance while collaborating across various teams.
Responsibilities:
- Access Request Workflow Management: Configure and maintain advanced access request workflows across privileged systems (code repositories, databases, infrastructure), including role-based, time-bound, delegated, and just-in-time (JIT) access provisioning
- Authorization Governance & Policy Leadership: Lead authorization decisions for job functions and privileged data access from a governance perspective, establishing clear principles for critical systems including ST Admin roles, Snowflake data access, and other high-risk entitlements
- Architect the Identity Fabric: Design and implement automated workflows that bridge our core stacks (Okta, Veza, Lumos) to create a seamless, risk-based identity lifecycle
- ISPM & Continuous Governance: Move us from periodic "point-in-time" reviews to continuous identity security. Monitor for identity risks like over-privileged accounts, "shadow" identities, and dormant access
- Non-Human Identity (NHI) & AI Security: Establish the governance framework for non-human identities, including service accounts, API keys, and AI agents. Ensure AI integrations are secured through rigorous entitlement management
- Cross-Functional Collaboration: Serve as the technical glue between Corporate Engineering, Security Architecture, and System Owners to ensure identity is baked into every enterprise tool
- Compliance as Code: Act as the primary technical point of contact for auditors (SOX, PCI, ISO 27001, SOC 1/2). Automate evidence collection so that compliance is a byproduct of good engineering, not a manual chore
- Vendor Management: Partner deeply with our strategic vendors (Okta, Veza, Lumos) to influence their product roadmaps and maximize our ROI
Requirements:
- 5+ years in Identity & Access Management (IAM/IGA)
- Deep understanding of lifecycle management (Joiner/Mover/Leaver), RBAC/ABAC, and the Principle of Least Privilege
- Hands-on experience with modern IGA and Identity Discovery tools (e.g., Veza for authorization graphs, Lumos for SaaS governance, Okta for orchestration)
- Proven experience managing non-human identities and secrets management in cloud-native environments (AWS/GCP)
- Understanding of ISPM principles—detecting identity drift and misconfigurations before they are exploited
- Ability to translate complex regulatory requirements (like SOX or PCI) into technical controls and automated workflows
- Proven ability to automate complex processes end-to-end, leveraging scripting languages, workflow tools, or integration platforms as appropriate