Staff Security Engineer, Privileged Access (PAM)

Nscale is a GPU cloud provider engineered for AI, offering infrastructure solutions for AI start-ups and large enterprises. They are seeking a Staff Security Engineer to focus on building privileged access workflows and implementing governance controls to secure access across various systems and environments.

Responsibilities:

• Build privileged access workflows across enterprise SaaS admin roles, production systems, cloud consoles, infrastructure management systems, source control, data platforms, endpoint admin, and emergency access paths
• Design access patterns that support request, approval, justification, time-bound elevation, and automated revocation
• Define practical controls that reduce reliance on permanent admin rights across high-risk environments
• Establish clean audit trails for privileged access activity across critical systems
• Implement JIT access patterns with approval, justification, expiry, revocation, and evidence collection
• Create a privileged access baseline that defines who can approve access, what justification is required, how long access lasts, what evidence is captured, and how revocation works
• Own exception governance for access paths that cannot yet meet the standard
• Drive entitlement cleanup and stale privilege reduction through automation
• Design break-glass access standards, ownership models, monitoring, and recovery procedures
• Test emergency access workflows and validate break-glass readiness
• Develop a tiering model for privileged access covering Tier 0 and Tier 1 systems, admin paths, sensitive groups, service-owner roles, and high-risk workflows
• Identify the top 10 highest-risk standing privileges and create remediation paths
• Define privileged access telemetry requirements for detection, investigations, audit, compliance, and executive reporting
• Partner with Security Data to establish privileged access detections and source-health requirements
• Track metrics including standing privilege reduction, JIT adoption, stale admin cleanup, break-glass test success, approval SLA, and access review closure
• Build an inventory of top admin paths, owners, approvers, access methods, logging, expiry, and current risk

Requirements:

• 7+ years in identity security, privileged access, security engineering, infrastructure security, or related engineering roles
• Hands-on experience designing or operating privileged access, JIT, break-glass, access request, approval, or access review workflows
• Strong understanding of authentication, authorization, RBAC, SSO, MFA, access governance, admin tiering, and least privilege
• Experience automating access workflows, entitlement cleanup, evidence collection, or revocation processes
• Strong scripting, workflow automation, API integration, or platform engineering skills
• Ability to translate access risk into practical controls that engineering and operations teams will adopt
• Ability to work across enterprise systems, production environments, SaaS platforms, IT, infrastructure, and compliance stakeholders
• Experience with service accounts, non-human identities, workload identities, API tokens, automation accounts, or secrets governance
• Experience securing production access, source control administration, data platforms, cloud administration, or endpoint admin workflows
• Experience designing access evidence for audit, customer assurance, or incident response