Principal Authentication Engineer (IAM) — Vice President

About The Position

Requirements

• Hands-On Principal Engineer (not architect-only): design and implement—comfortable coding, configuring, integrating products, and shipping production outcomes.
• Deep authentication expertise: OIDC/OAuth2, SAML, SSO, FIDO2/WebAuthn, PKI (CA/RA, mTLS, cert lifecycle), API auth (JWT/mTLS), and Unix/Linux authentication at enterprise scale.
• IAM platforms & integration mastery: experience with HashiCorp Vault, HSMs, CyberArk, SailPoint, Entra ID, Ping Identity, IDM/LDAP, and RCBI—covering policy design, integration, automation, and migrations.
• Resiliency and Automation at Scale: proven experience operating IAM/auth services across large, globally distributed environments with multi-region HA/DR, performance tuning, IaC (Terraform), config management (Ansible/Puppet/Chef), CI/CD, observability; strong Shell plus Python/Go.
• Security & compliance acumen: threat modeling, least privilege, PAM, secrets management, policy-as-code, and auditability for human and non-human identities (including agentic systems).
• Systems integrator mindset: ability to customize and stitch vendor products and open standards into cohesive, well-documented solutions and APIs.
• Team enablement & communication: skill in decomposing solutions into clear epics/stories, authoring ADRs/runbooks/standards, conducting reviews, coaching engineers/SREs, and producing clear written documentation to influence stakeholders in an agile squad model.
• Enterprise & industry savvy: experience navigating large-institution environments; influencing roadmaps; driving adoption of controls and best practices; typically 10+ years in IAM engineering within complex, global settings.

Responsibilities

• Lead Hands-On Authentication Engineering: design, build, integrate, and ship secure, scalable solutions for human and non-human identities (bots, service accounts, applications, agentic systems).
• Own Enterprise Authentication & Federation: implement and harden OIDC/OAuth2, SAML, SSO, FIDO2/WebAuthn, PKI (mTLS, cert lifecycle), API auth, and Unix/Linux authentication.
• Integrate and Customize IAM Platforms: deliver end-to-end integrations across Entra ID, Ping Identity, SailPoint, CyberArk, HashiCorp Vault, HSMs, IDM/LDAP, and RCBI in cloud and hybrid environments.
• Drive Reliability and Automation at Scale: operate and evolve large-scale IAM estates with HA/DR, performance tuning, IaC (Terraform), config management (Ansible/Puppet/Chef), CI/CD, observability, and safe deployment strategies.
• Harden and Govern Identity Controls: define and enforce policies for identity lifecycle, authentication, authorization, PAM, and secrets management for human and non-human identities.
• Assess and Uplift Existing Solutions: identify risks and technical debt, deliver remediation plans, and implement secure-by-default patterns with measurable outcomes.
• Translate Architecture into Executable Work: break down complex designs into clear epics, stories, runbooks, and pipelines; produce ADRs, standards, and audit-ready documentation to align engineers, SREs, POs, and QA.
• Partner and Operate Across Teams: collaborate with product/platform leads to scale adoption; participate in on-call, lead RCAs, and drive operational excellence.

Benefits

• Comprehensive employee benefits and perks in the industry.
• Opportunities for career advancement within the company.