Corporate Vice President - Access Management & Authentication Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Systems, or equivalent practical experience.
• 10+ years of experience in Identity & Access Management, with deep specialization in access management, authentication, and federation technologies.
• Proven experience designing, engineering, and operating enterprise Web Access Management (WAM) platforms supporting large-scale workforce and application authentication.
• Hands-on experience with enterprise federation and access management platforms, such as PingFederate, PingProtect, or similar technologies, including authentication policy design, federation trust configuration, and token services.
• Expert-level knowledge of authentication, authorization, and federation protocols, including SAML 2.0, OAuth 2.0, and OpenID Connect.
• Strong experience architecting and scaling single sign-on (SSO) and federated identity solutions across web, mobile, API, and cloud-native environments.
• Demonstrated experience implementing modern authentication approaches, including passwordless and phishing-resistant authentication methods.
• Deep understanding of multi-factor authentication (MFA) models, including adaptive, risk-based, and step-up authentication strategies.
• Understanding of the Linux OS
• Understanding of LDAP
• Hands-on experience with API authorization and access control, including OAuth-based authorization flows and integration with API gateways or platform services.
• Strong knowledge of session management, token security, and identity token lifecycle controls, including re-authentication and privilege elevation patterns.
• Practical experience applying public key infrastructure (PKI), certificate-based authentication, and cryptographic trust models within access management and authentication architectures.
• Ability to serve as a technical authority and design reviewer, influencing architecture decisions and guiding engineering teams toward secure, scalable authentication solutions.

Nice To Haves

• Proven experience delivering phishing-resistant, passwordless authentication at enterprise scale, including passkeys, FIDO2, and hardware-backed authenticators.
• Hands-on experience with adaptive, continuous, or risk-based authentication models, incorporating behavioral, device, and contextual signals.
• Strong understanding of Zero Trust access principles applied to workforce, application, and API authentication and authorization.
• Experience securing modern API and distributed architectures, including OAuth token exchange, delegation, and fine-grained authorization patterns.
• Familiarity with identity assurance and authentication strength frameworks, including step-up verification for sensitive or high-risk transactions.
• Experience applying modern trust and identity models for non-human and workload identities, such as SPIFFE/SPIRE, service-to-service authentication, or mTLS-based access patterns.
• Exposure to AI-enabled and agent-based access models, including authentication and authorization considerations for AI systems, agents, or platforms (e.g., MCP-based identity contexts, AI service identities, or policy enforcement for AI-driven workflows).
• Experience with Windows OS
• Experience with AWS and Kubernetes
• Understanding of network flows and topology
• Hands-on experience with passwordless authentication platforms, such as HYPR or similar FIDO2 / passkey-based solutions
• Programmer experience

Responsibilities

• IAM Engineering
• Lead the design, engineering, and evolution of enterprise web access management (WAM) and authentication platforms supporting workforce and application access.
• Architect and expand single sign-on (SSO) and federation services using industry-standard identity and authorization protocols.
• Define and implement modern authentication strategies, including passwordless, phishing-resistant, and strong customer authentication approaches.
• Design and govern multi-factor authentication (MFA) frameworks, including adaptive, risk-based, and step-up authentication models.
• Engineer secure session management and token lifecycle controls, ensuring appropriate re-authentication, session integrity, and privilege enforcement.
• Design and integrate API authorization and access control patterns, aligning OAuth-based authorization with API gateways and platform services.
• Apply public key infrastructure (PKI) and cryptographic trust models to authentication, federation, and service-to-service access.
• Establish reusable authentication and access management patterns, guardrails, and reference architectures across web, mobile, API, and cloud environments.
• Serve as the technical authority for access management and authentication, advising architecture reviews, security assessments, and engineering teams on secure design decisions.
• Security Assessments
• Perform security assessments of applications, cloud workloads, identity architectures, and vendor solutions, with a primary focus on IAM, cloud identity, and non-human identity risks.
• Serve as a senior technical contributor within the Security Review Board (SRB), leading identity-focused reviews and influencing secure architecture decisions.
• Conduct deep technical analysis of authentication flows, authorization models, role and attribute design, privilege paths, and non-human identity usage.
• Identify security gaps and risks related to IGA, PAM, WAM, MFA, cloud IAM, and workload identity, and recommend remediation strategies.
• Support the Information Security exception lifecycle, including:
• Risk analysis and documentation
• Evaluation of compensating controls
• Reassessment and expiration management
• Develop, update, and govern IAM and identity-related Security Technical Standards, reference architectures, and implementation guidance.
• Define and maintain reusable security patterns, guardrails, and assessment criteria to improve consistency across SRB reviews and security assessments.
• Partner with Architecture, Risk, and Engineering teams to resolve findings and guide teams toward compliant, secure designs.
• Clearly articulate technical risks, tradeoffs, and recommendations to senior technology and security leadership.
• Track and assess emerging risks related to cloud privilege models, non-human identities, automation, and AI-enabled systems.

Benefits

• We provide a full package of benefits for employees – and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs.
• Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work.