Key skills
IdentityAccess Management (IAM)Non-human Identity SecurityOAuth2OpenID Connect (OIDC)SAMLJWTToken ExchangeFederationWorkload Identity PatternsAuthorization DesignRole-Based Access Control (RBAC)Attribute-Based Access Control (ABAC)Relationship-Based Access Control (ReBAC)Policy EnforcementAccess GovernanceAgentic Identity SecuritySoftware Engineering FundamentalsAPIsDistributed SystemsLoggingTelemetryCloud IAM EcosystemsIdentity FederationWorkload IdentitySecretless PatternsKey Management Service (KMS)Hardware Security Module (HSM) IntegrationDeveloper Platforms for IdentityPrivileged Access ManagementCI/CD Identity ControlsArtifact TrustToken HardeningInfluenceAIAgenticIAMCI/CDZero Trust
About this role
Autodesk is a company that creates innovative software solutions for various industries. They are seeking a Sr. Principal IAM Security Engineer to lead the strategy and execution of modern Identity and Access Management, focusing on both human and non-human identities. The role involves designing scalable identity guardrails, implementing Zero Trust enforcement, and driving initiatives for IAM Threat Management across multiple business units.
Responsibilities:
- Define the enterprise and platform IAM strategy for human identities, NHI, and AI/agent identities, including lifecycle, authentication, authorization, and auditing standards
- Establish identity reference architectures, patterns, and paved roads for product teams and internal engineering
- Build and operationalize controls for service identities, workload identities, API identities, bots, and automation accounts across cloud, CI/CD, and runtime environments
- Drive adoption of short-lived, federated credentials where feasible; reduce static secrets and unmanaged service accounts
- Implement lifecycle governance for NHI: creation standards, ownership, rotation/attestation, inactivity reaping, and incident response playbooks
- Define secure patterns for AI acting on behalf of users or services, including delegated authorization, scoped tokens, and least-privilege access models
- Partner with AI platform teams to implement guardrails: identity provenance, policy enforcement, auditing, and kill-switch mechanisms for misbehaving agents
- Ensure AI identity behaviors are measurable and governable (logging, traceability, approvals for sensitive actions, segmentation of duties)
- Build/standardize authorization models (RBAC/ABAC/ReBAC as appropriate) across workforce and product systems
- Drive consistent policy as code, access reviews, and privileged access workflows
- Define standards for token scopes, claims, session constraints, step-up auth, and sensitive action protections
- Improve detection/response for identity threats: anomalous token use, privilege escalation, credential misuse, service-account sprawl
- Create metrics and reporting for identity posture and platform adoption (coverage, drift, exceptions, time-to-remediate)
- Lead identity-related investigations and post-incident improvements
- Serve as a senior technical leader influencing engineering orgs, platform teams, and security; mentor others and raise the bar on identity engineering
- Translate risk into pragmatic engineering requirements; drive roadmaps across multiple teams
Requirements:
- 10+ years in IAM / security engineering, including designing identity architectures at enterprise scale
- Proven experience securing non-human identities across cloud, CI/CD, and production runtimes
- Deep knowledge of auth standards: OAuth2, OIDC, SAML, JWT, token exchange, federation, and modern workload identity patterns
- Strong authorization design experience: modeling permissions, least privilege, policy enforcement, and access governance
- Experience designing or securing systems where software agents act on behalf of users/services (delegation, impersonation, tool access, constrained execution)
- Ability to define guardrails for agentic actions: approval gates, scoped permissions, auditable trails, and containment strategies
- Strong software engineering fundamentals (APIs, distributed systems, logging/telemetry); ability to review designs and code
- Experience with cloud IAM ecosystems and platform primitives (identity federation, workload identity, secretless patterns, KMS/HSM integration)
- Experience building identity 'paved roads' and internal developer platforms (IDP) patterns for identity
- Experience with privileged access management and tiering models for admin access
- Familiarity with CI/CD identity, signing, and provenance controls (build identities, artifact trust, token hardening)
- Drives measurable risk reduction and adoption across orgs
- Sets standards others follow; resolves ambiguous identity problems; leads through influence