Senior Security Engineer, Identity & Access Management

This is a fully remote position, open to applicants in United States.

📋 Description

• Design and support the complete lifecycle of workforce identity systems, which includes identity automation, access management, and least-privilege enforcement across internal systems.

• Assist in creating secure identity design patterns for product teams utilizing ValonOS.

• Oversee and enhance Valon's Identity Provider (IdP) in collaboration with IT, incorporating SSO integrations, MFA policies, conditional access rules, and directory synchronization.

• Establish and implement Role-Based Access Control (RBAC) and group-based access policies for internal applications, cloud environments, and development tools.

• Aid in privileged access management (PAM) for internal infrastructure alongside Engineering teams.

• Conceptualize and develop AI-assisted workflows that streamline and expedite core Identity and Access Management (IAM) operations.

• Assess AI risks throughout IAM pipelines, ensuring robust security measures are in place to address data exposure, prompt injection, and other potential threats.

• Collaborate with teams from Product, Engineering, Data, Compliance, Legal, and other departments to identify and mitigate data security risks.

• Assist with additional operational and on-call responsibilities, including vulnerability management, regulatory compliance (SOC 2, CCPA, NYDFS, FTC), policy development, incident response, and security reviews.

⛳️ Requirements

• Extensive hands-on experience as an IAM security engineer with proven ownership of enterprise identity solutions, capable of operating independently, leading complex cross-functional initiatives, and influencing various teams.

• In-depth knowledge of modern identity protocols and standards, including SAML 2.0, OIDC/OAuth 2.0, SCIM, LDAP, and related specifications.

• Demonstrated experience in administering and scaling IdP platforms (e.g., Okta, Azure AD / Entra ID, Google Workspace), including SSO, MFA, conditional access, and directory synchronization.

• Strong background in cloud IAM (GCP preferred), encompassing service accounts, workload identity federation, and policy-as-code methodologies.

• Significant expertise in developing PAM solutions and identity vaults while enforcing least-privilege access for both human and non-human identities.

• Experience in creating AI/LLM-powered workflows—preferably in a security or operations context—with a practical understanding of the identity and access risks they may pose.

• Familiarity with securing non-human and agentic identities, including AI service accounts, API key governance, and audit logging for automated systems.

• Applied knowledge of industry security and compliance frameworks such as OWASP, NIST, CIS, and SOC 2/ISO 27001 concepts.

• Excellent communication and collaboration abilities, capable of articulating complex security concepts to both technical and non-technical audiences.

• Experience in high-growth or startup environments is a plus.

🏝️ Benefits

• Compensation: Competitive salary with a significant stake in the company through equity and a 401k plan.

• Health & well-being: Comprehensive medical, dental, and vision benefits to support your physical and mental well-being.

• Commuter benefits: Pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenient.

• Grow together: Company-wide orientation to facilitate a successful onboarding experience and various learning & development opportunities, including regular review cycles featuring 360-degree feedback.

• Play together: Quarterly budgets for team and company outings, which can be used for team swag, cooking classes, or team dinners!

• Generous time off: Flexible paid time off, sick days, and 11 company holidays.

• Baby bonding time!: 12 weeks of fully paid leave for both birthing and non-birthing parents, allowing you to focus on your newest addition.