Machine Identity Engineer

MizuhoNew York, NY
1d$111,000 - $150,000Hybrid
Match Resume

About The Position

Join Mizuho as a Machine Identity Engineer! Mizuho’s Identity and Access Management (IAM) team is in the midst of an exciting transformation. We're building a dedicated high performing IAM function that is central to the firm's cybersecurity and regulatory strategy. Our environment is dynamic, growing, and rich with opportunity. You’ll work alongside a talented group of professionals who are passionate about solving complex access challenges, automating at scale, and strengthening security posture across both on-premises and cloud environments. This is a unique chance to join our team that's shaping the future of IAM at a major financial institution. Summary We are seeking an experienced IAM Engineer with specialization in PKI, certificate lifecycle management, and secrets management to design, implement, and support identity and credential services for non-human identities across on-prem and cloud environments, with a strong emphasis on Azure-native identity services. This hands-on engineering role focuses on delivering secure and scalable solutions for managing digital certificates, encryption keys, and non-human credentials used by servers, applications, services, APIs, and cloud workloads. The ideal candidate has deep expertise in PKI infrastructure, certificate lifecycle automation, and secrets management platforms such as CyberArk CCP, Azure Key Vault, or HashiCorp Vault, along with strong working knowledge of Microsoft Entra ID workload identities, Azure Managed Identities, service principals, and cloud IAM control patterns applicable to non-human identities. This role is critical to strengthening the firm's identity security posture, enabling secure cloud adoption, and supporting compliance with regulatory and internal control requirements

Requirements

  • 7+ years of experience in Identity & Access Management, cybersecurity engineering, or related infrastructure security roles, with a strong focus on non-human identities.
  • Hands-on experience operating and supporting enterprise PKI and certificate lifecycle management platforms
  • Demonstrated experience with secrets management technologies such as CyberArk CCP/Secrets Manager, Azure Key Vault, or HashiCorp Vault.
  • Experience integrating PKI, certificates, and secrets with infrastructure platforms, applications, and automation pipelines.
  • Working knowledge of cloud workload identity concepts, including Azure Managed Identities and service principals.
  • Familiarity with security controls and regulatory expectations related to identity, credential, and key management (e.g., SOX, NIST).
  • Strong collaboration and communication skills, with the ability to work effectively across infrastructure, cloud, security, and DevOps teams.

Responsibilities

  • Manage and enhance the enterprise PKI and Venafi certificate lifecycle management platform ensuring scalable, secure, and policy-compliant certificate operations.
  • Integrate certificate-based authentication into platforms, applications, network components, and Azure-native services, minimizing manual handling and outage risk.
  • Establish and enforce certificate lifecycle standards, monitoring, and alerting to ensure certificate health, trust integrity, and regulatory compliance.
  • Deploy and support secrets management platforms (e.g., CyberArk CCP, Azure Key Vault, HashiCorp Vault) to protect non-human credentials, API keys, and sensitive configuration data.
  • Integrate secrets management with infrastructure automation and CI/CD pipelines; define and enforce rotation, expiration, and least-privilege access policies.
  • Implement and support cloud workload identity patterns (e.g., Azure Managed Identities and service principals) to enable secure, identity-based access for non-human workloads and reduce reliance on static credentials.
  • Partner with cloud and platform teams to integrate workload identities with enterprise PKI and secrets management solutions, enforce least-privilege access models, and support security, audit, and compliance requirements.
  • Maintain accurate and complete inventories of certificates, keys, secrets, and machine identities aligned with CMDBs or authorized asset repositories.
  • Ensure identity, credential, and key management controls are documented, monitored, and evidenced to support audit, risk, and regulatory requirements
  • Support regulatory exams, internal audits, and control testing activities, including evidence preparation, issue remediation, and control validation.
  • Partner with infrastructure, cloud, cybersecurity, and DevOps teams to align machine identity, certificate, and secrets controls with enterprise architecture standards.
  • Participate in design and architecture discussions to identify gaps and drive scalable, automation-friendly improvements.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

No Education Listed

Job Search Resources

Similar Machine Identity Engineer job opportunities

Identity Engineer
Accrete
Accrete • New York, NY8d • Hybrid
Identity Engineer
Intuitive Machines LLC
Intuitive Machines LLC12d • Remote
ICAM Identity Engineer
Platinum Technologies
Platinum Technologies • Tampa, FL12d • $180,000 - $190,000 • Onsite
Identity Security Engineer
Constellation Brands
Constellation Brands • San Antonio, TX6d
Implementation Engineer (Identity Engineer)
SPHERE Technology Solutions
SPHERE Technology Solutions • Newark, NJ4d
🔥 New JobIdentity & Desktop Support Engineer
Hyopsys
Hyopsys • New Berlin, WI6h • Remote
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service