Senior Security Engineer, Identity & Access Management

About The Position

Requirements

• Extensive hands-on IAM security engineer with proven ownership of enterprise identity solutions, able to operate autonomously, drive complex cross-functional efforts, and influence across teams
• Deep expertise in modern identity protocols and standards: SAML 2.0, OIDC/OAuth 2.0, SCIM, LDAP, and related specifications
• Proven experience administering and scaling IdP platforms (e.g., Okta, Azure AD / Entra ID, Google Workspace) including SSO, MFA, conditional access, and directory sync
• Solid background in cloud IAM (GCP preferred), including service accounts, workload identity federation, and policy-as-code approaches
• Strong expertise in building PAM solutions / identity vaults and enforcing least-privilege across human and non-human identities
• Experience building AI/LLM-powered workflows — ideally in a security or operations context — with a practical understanding of the identity and access risks they introduce
• Familiarity with securing non-human and agentic identities, including AI service accounts, API key governance, and audit logging for automated systems
• Applied knowledge with industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts)
• Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders.
• 5+ years in security engineering roles with a core focus on identity and access management
• Bachelor's degree in Information Security, Computer Science, Technology or related field
• Relevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar)
• Hands-on experience with an enterprise IdP (Okta, Entra ID, or Google Workspace) including SSO, MFA, SCIM
• Deep understanding of authentication and authorization models across applications - SAML, OIDC/OAuth 2.0, RBAC, ABAC, and API access controls
• Hands-on experience with modern identity security technologies and tooling

Nice To Haves

• Experience working in high-growth or startup environments is a plus.

Responsibilities

• Design and support end-to-end lifecycle of workforce identity systems including identity automation, access management, and least-privilege enforcement across internal systems
• Support design of secure identity design patterns for product teams building on ValonOS
• Manage and evolve Valon's IdP in conjunction with IT including SSO integrations, MFA policies, conditional access rules, and directory synchronization
• Define and enforce RBAC and group-based access policies for internal applications, cloud environments, and development tooling
• Support privileged access management (PAM) for internal infrastructure in conjunction with Engineering teams
• Design and build AI-assisted workflows that automate and accelerate core IAM operations
• Evaluate AI risks across IAM pipelines, ensuring appropriate security controls around data exposure, prompt injection and other threats
• Collaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for data security risks
• Support other operational and on-call duties such as vulnerability management, regulatory compliance (SOC 2, CCPA, NYDFS, FTC), policy development, incident response and security reviews.

Benefits

• Base Compensation Band: $180K - 230K.
• Competitive salary with a meaningful stake in the company via equity, and 401k plan
• Comprehensive medical, dental, & vision benefits
• Pre-tax deductions for public transportation, rideshare services, and parking expenses
• Learning & development opportunities including regular review cycles that feature 360 degree feedback
• Quarterly budgets for team and company outings.
• Flexible paid time off, sick days, and 11 company holidays
• 12 weeks off for both birthing and non-birthing parents - fully paid