Senior Security Engineer, Identity & Access Management

📋 Description

• Design and support the complete lifecycle of workforce identity systems, encompassing identity automation, access management, and the enforcement of least-privilege across internal systems.

• Assist in the development of secure identity design patterns for product teams utilizing ValonOS.

• Oversee and enhance Valon's IdP in collaboration with IT, including SSO integrations, MFA policies, conditional access rules, and directory synchronization.

• Establish and uphold RBAC and group-based access policies for internal applications, cloud environments, and development tools.

• Collaborate with Engineering teams to support privileged access management (PAM) for internal infrastructure.

• Create and implement AI-assisted workflows that automate and accelerate essential IAM operations.

• Assess AI-related risks across IAM pipelines, ensuring that adequate security controls are in place regarding data exposure, prompt injection, and other threats.

• Work alongside Product, Engineering, Data, Compliance, Legal, and other teams to identify and mitigate data security risks.

• Assist with various operational and on-call responsibilities, including vulnerability management, regulatory compliance (SOC 2, CCPA, NYDFS, FTC), policy development, incident response, and security reviews.

⛳️ Requirements

• Extensive hands-on experience as an IAM security engineer with demonstrated ownership of enterprise identity solutions, capable of operating independently, driving complex cross-functional initiatives, and influencing teams.

• In-depth knowledge of modern identity protocols and standards, including SAML 2.0, OIDC/OAuth 2.0, SCIM, LDAP, and related specifications.

• Proven track record of administering and scaling IdP platforms (e.g., Okta, Azure AD / Entra ID, Google Workspace), including SSO, MFA, conditional access, and directory synchronization.

• Strong background in cloud IAM (preferably GCP), covering service accounts, workload identity federation, and policy-as-code methodologies.

• Proficient in developing PAM solutions and identity vaults while enforcing least-privilege access for both human and non-human identities.

• Experience in creating AI/LLM-powered workflows, ideally in a security or operations context, with a practical understanding of the identity and access risks they may introduce.

• Familiarity with securing non-human and agentic identities, including AI service accounts, governance of API keys, and audit logging for automated systems.

• Practical knowledge of industry security and compliance frameworks, such as OWASP, NIST, CIS, and SOC 2/ISO 27001 concepts.

• Exceptional communication and collaboration skills, with the ability to convey complex security concepts to both technical and non-technical audiences.

• Experience in high-growth or startup environments is advantageous.

🏝️ Benefits

• Compensation: Competitive salary with a significant stake in the company through equity, along with a 401k plan.

• Health & well-being: We prioritize your physical and mental health with comprehensive medical, dental, and vision benefits.

• Commuter benefits: We provide pre-tax deductions for public transportation, rideshare services, and parking expenses to enhance the affordability and convenience of your commute.

• Grow together: Company-wide orientation to facilitate successful onboarding and other learning & development opportunities, including regular review cycles with 360-degree feedback.

• Play together: Quarterly budgets for team and company outings to foster camaraderie. Use it for team swag, cooking classes, or team dinners!

• Generous time off: Flexible paid time off, sick days, and 11 company holidays.

• Baby bonding time!: 12 weeks of fully paid leave for both birthing and non-birthing parents, allowing you to focus on your newest addition.