IAM Architect

About The Position

Requirements

• 8+ years of experience in identity and access management, security engineering, or infrastructure engineering with focus on authentication/authorization
• Deep expertise in hybrid identity architectures bridging on-premise (LDAP, FreeIPA, Active Directory) and cloud identity platforms (AWS IAM, Azure AD/Entra, Google Workspace)
• Strong understanding of modern authentication protocols: OIDC, SAML, OAuth2, LDAP, Kerberos
• Hands-on experience implementing identity solutions in Linux-heavy environments with POSIX requirements
• Experience with cloud IAM platforms (AWS IAM / Identity Center, Azure AD, GCP IAM) including roles, policies, federation, and service accounts
• Knowledge of privileged access management (PAM) tools and patterns (CyberArk, HashiCorp Vault, AWS Secrets Manager, or similar)
• Understanding of zero-trust architecture principles and implementation patterns
• Demonstrated ability to balance security requirements with operational workflows and production stability
• Proven track record working with senior technical leaders and building organizational trust
• Strong communication skills to explain complex identity concepts to both technical and non-technical stakeholders
• Experience or strong interest in building and leading technical teams

Nice To Haves

• Experience with Kubernetes service account management and pod identity patterns
• Familiarity with infrastructure-as-code (Terraform, Ansible) for identity provisioning
• Experience implementing SCIM for automated user lifecycle management
• Background in financial services, hedge funds, or high-security research environments
• Experience with compliance frameworks (SOC 2, ISO 27001) as they relate to identity
• Certifications such as CISSP, CCSP, or vendor-specific identity certifications
• Bachelor's or Master's degree in Computer Science, Information Security, or related field

Responsibilities

• Design and implement IAM strategy across hybrid infrastructure - Linux, Kubernetes, Windows, AWS, Azure, and cloud identity providers
• Architect identity solutions that bridge POSIX-based authentication with modern cloud platforms (OIDC, SAML, federation), migrating from legacy models
• Implement privileged access management - just-in-time access, least privilege, periodic reviews, and accountability for shared service accounts
• Extend zero-trust capabilities beyond current SASE remote access to broader infrastructure
• Partner cross-functionally with Security Engineering, Infrastructure, DevOps, and Corp IT to integrate identity controls without disrupting production
• Define the IAM roadmap — prioritize high-risk areas, translate business requirements into technical solutions, and establish credibility with senior engineering and research leaders
• Build the IAM team - hire, mentor, and lead IAM engineers as the program scales

Benefits

• highly competitive compensation and benefits packages
• technology talks by our experts
• a beautiful modern office
• catered lunches
• medical, dental and vision coverage
• life and AD&D insurance
• 20 days of paid time off
• 9 sick days
• a 401(k) plan with a company match
• “Friends of Voleon” Candidate Referral Program (potential to earn $15,000 if your referred candidate is successfully hired and employed by The Voleon Group)