Senior Identity & Access Management Engineer – Authentication and Authorization

About The Position

Requirements

• 8+ years of IT experience, with demonstrated expertise in Identity & Access Management (IAM), authorization, and enterprise security platforms
• 4+ years of hands‑on experience designing, implementing, and supporting authorization or IAM solutions, including centralized authorization platforms, policy‑based access control (RBAC, ABAC, PBAC), and API‑driven architectures
• Experience working with authorization platforms such as PlainID or similar policy decision engines; experience evaluating or implementing lightweight authorization solutions (e.g., AWS Verified Permissions) is a plus
• Experience integrating authorization services with IAM ecosystems, including Ping Identity Platform (authentication, federation, identity propagation) and enterprise directory services such as Radiant Logic Enterprise Directory
• Strong understanding of credential and secret management, Zero Trust principles, and secure access patterns for cloud and hybrid environments
• Experience with cloud platforms (AWS required; Azure and GCP a plus), APIs, microservices, and distributed systems
• Proficiency in Linux and Windows environments, and familiarity with databases and identity/attribute data sources
• Experience supporting production, Tier‑0 platforms with high availability, resiliency, and on‑call responsibilities
• Hands‑on experience with AWS, including EKS (Elastic Kubernetes Service), containerized workloads, and cloud‑native architectures
• Experience supporting CI/CD pipelines, build and release processes, and automated deployment workflows for security or platform services
• Familiarity with infrastructure‑as‑code and automation tools (e.g., Terraform, Helm, Ansible)
• Exposure to automation and infrastructure‑as‑code tools (e.g., Terraform, Ansible, CI/CD pipelines) and interest in leveraging AI / GenAI tools to improve engineering and operational efficiency

Responsibilities

• Engineer, operate, and continuously enhance Freddie Mac’s Centralized Authorization Management (CAM) platform using PlainID, ensuring secure and consistent authorization enforcement across enterprise applications, APIs, and microservices
• Design, implement, and support fine‑grained authorization policies using RBAC, ABAC, and PBAC models to meet evolving business and security requirements
• Partner with application and platform teams to onboard services onto CAM, troubleshoot authorization issues, and improve developer adoption of centralized authorization patterns
• Leverage AI‑assisted and GenAI tools where appropriate to improve productivity, accelerate analysis, enhance troubleshooting, and support intelligent automation—while ensuring solutions align with enterprise security, compliance, and governance standards
• Collaborate closely with IAM, infrastructure, network security, operations, and architecture teams to maintain a secure, scalable, and compliant authorization ecosystem
• Support 24X7 oncall Support