Lead Cloud Security Architect WIAM

About The Position

Requirements

• 5+ years of experience in cloud security architecture, identity engineering, or IAM platform development within large, complex environments.
• Deep technical expertise in Workforce IAM and Cloud IAM, including federation, authentication flows, workload identity, entitlement models, and identity governance.
• Hands-on experience designing and implementing fine--grained authorization solutions, including standalone PBAC/ABAC architectures, policy--as---code, and authorization decision engines.
• Strong understanding of modern identity protocols and patterns (OIDC, OAuth2, SAML, JWT, service identity, API authorization).
• Experience engineering scalable authorization or IAM components, including integration with CI/CD pipelines, automation frameworks, and cloud-native services.
• Practical knowledge of cloud provider IAM (Azure, AWS, GCP), including role design, conditional access, workload identity, and cloud-native security controls.
• Familiarity with identity security requirements for AI, including secure access for AI agents, models, datasets, and prompt flows utilizing modern security controls
• Demonstrated ability to translate complex identity and authorization needs into secure, reusable architectural patterns.
• Strong scripting or automation abilities (Python, PowerShell, Terraform, or similar), with experience building tools or utilities that support IAM/PBAC capabilities.
• Excellent communication skills, with the ability to clearly articulate technical concepts to engineering, product, and security stakeholders.
• Experience working in SAFE or similar agile work methodologies.
• Hands-on, analytical problem-solver with the ability to support on-call escalations for identity and authorization issues.
• Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense. A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required. Satellite and Wireless Internet service is NOT allowed for this role.

Nice To Haves

• Bachelor's degree in Cybersecurity, IT, Computer Science or related field.
• Industry certifications such as, but not limited to, CISSP, CCSP, CISM, MS SC-300
• Experience working across both agile and waterfall based methodologies for project delivery

Responsibilities

• Architect and implement PBAC and RBAC solutions, including policy models, roles, decision engines, enforcement points, and policy‑as‑code frameworks.
• Design and operationalize fine‑grained authorization for applications, services, APIs, and data platforms, enabling contextual and attribute‑based access decisions.
• Develop an identity security framework for AI, defining identity controls, access constraints, and governance models for AI agents, models, datasets, and prompt flows.
• Integrate PBAC with workload identity, service‑to‑service authentication, and distributed access decisioning within modern cloud and microservice environments.
• Partner with application and platform teams to embed authorization-by-design into solution architecture, code, and deployment pipelines.
• Evaluate and implement fine grained authorization policies & custom RBAC roles; defining their integration points and governance processes.
• Develop automated tooling for policy validation, simulation, testing, and versioning to ensure consistent enforcement and safe policy deployment.
• Ensure authorization architecture aligns with risk, compliance, and regulatory requirements while supporting performance, reliability, and developer usability.
• Stay current on emerging trends in authorization engineering, zero trust, AI access governance, and modern identity security paradigms.

Benefits

• Humana provides medical, dental and vision benefits, 401(k) retirement savings plan, time off (including paid time off, company and personal holidays, volunteer time off, paid parental and caregiver leave), short-term and long-term disability, life insurance and many other opportunities.