Key skills
Identity and Access Management (IAM)SAML 2.0OIDC/OAuth 2.0SCIMLDAPOktaAzure AD / Entra IDGoogle WorkspaceSingle Sign-On (SSO)Multi-Factor Authentication (MFA)Conditional AccessDirectory SynchronizationCloud IAM (GCP)Service AccountsWorkload Identity FederationPolicy-as-CodePrivileged Access Management (PAM)AI/LLM-powered workflowsAPI Key GovernanceAudit LoggingOWASPNISTCISSOC 2ISO 27001CISSPCISMCCSKCCSPAILLMAgenticAzureGCPIAMAzure ADEntra IDOAuthSAMLSSOCommunicationCollaboration
About this role
Valon is building the AI-native operating system for regulated finance, starting with mortgage servicing. They are seeking a skilled and experienced Senior Security Engineer to own the design, implementation, and operation of IAM systems for Valon’s enterprise identity stack, ensuring secure governance of identities.
Responsibilities:
- Design and support end-to-end lifecycle of workforce identity systems including identity automation, access management, and least-privilege enforcement across internal systems
- Support design of secure identity design patterns for product teams building on ValonOS
- Manage and evolve Valon's IdP in conjunction with IT including SSO integrations, MFA policies, conditional access rules, and directory synchronization
- Define and enforce RBAC and group-based access policies for internal applications, cloud environments, and development tooling
- Support privileged access management (PAM) for internal infrastructure in conjunction with Engineering teams
- Design and build AI-assisted workflows that automate and accelerate core IAM operations
- Evaluate AI risks across IAM pipelines, ensuring appropriate security controls around data exposure, prompt injection and other threats
- Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for data security risks
- Support other operational and on-call duties such as vulnerability management, regulatory compliance (SOC 2, CCPA, NYDFS, FTC), policy development, incident response and security reviews
Requirements:
- 5+ years in security engineering roles with a core focus on identity and access management
- Bachelor's degree in Information Security, Computer Science, Technology or related field
- Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar)
- Hands-on experience with an enterprise IdP (Okta, Entra ID, or Google Workspace) including SSO, MFA, SCIM
- Deep understanding of authentication and authorization models across applications - SAML, OIDC/OAuth 2.0, RBAC, ABAC, and API access controls
- Hands-on experience with modern identity security technologies and tooling
- Extensive hands-on IAM security engineer with proven ownership of enterprise identity solutions, able to operate autonomously, drive complex cross-functional efforts, and influence across teams
- Deep expertise in modern identity protocols and standards: SAML 2.0, OIDC/OAuth 2.0, SCIM, LDAP, and related specifications
- Proven experience administering and scaling IdP platforms (e.g., Okta, Azure AD / Entra ID, Google Workspace) including SSO, MFA, conditional access, and directory sync
- Solid background in cloud IAM (GCP preferred), including service accounts, workload identity federation, and policy-as-code approaches
- Strong expertise in building PAM solutions / identity vaults and enforcing least-privilege across human and non-human identities
- Experience building AI/LLM-powered workflows — ideally in a security or operations context — with a practical understanding of the identity and access risks they introduce
- Familiarity with securing non-human and agentic identities, including AI service accounts, API key governance, and audit logging for automated systems
- Applied knowledge with industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts)
- Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders
- Experience working in high-growth or startup environments is a plus