AI Identity & Endpoint Controls Lead
About the role
The Associate Director leads the design, selection, and implementation of enterprise cybersecurity solutions spanning non-human identity (NHI) and credential management — including agentic AI identities — and endpoint software execution and configuration controls across Windows and macOS.
Responsibilities
- Own the technical strategy, architecture, and roadmap for NHI and credential security, agentic AI identity governance, and endpoint execution control across Windows and macOS.
- Lead and develop a team of senior security engineers, direct contingent workers and professional services engagements to deliver program outcomes.
- Evaluate, select, and deploy enterprise platforms for secrets management, agentic identity governance, and endpoint application allow-listing — leading vendor selection, proof of value (POV) exercises, and integration into the broader security stack.
- Design and operationalize the full credential lifecycle for non-human identities — vaulting, brokered access, short-lived credentials, workload identity, rotation, attestation, and decommissioning — for services, automation, CI/CD, and AI agents.
- Build the AI security control plane: enforcement points, approval and exception workflows, audit telemetry, and policy guardrails governing how agents and programmatic identities access tools, data, and endpoints.
- Partner with AI platform owners and engineering teams to make secure credential use and policy-compliant tool access the default in developer workflows.
- Lead endpoint execution control and configuration hardening — allow-listing, code-signing trust, script and installer controls, policy authoring, staged rollouts, exception handling, and continuous compliance.
- Build detection and reporting for credential misuse and execution-control bypass; partner with SecOps and Cyber Incident Response on playbooks and response.
- Author standards, reference architectures, and technical documentation; serve as a principal-level reviewer and mentor across identity and endpoint security initiatives.
Requirements
- 8+ years of experience in security engineering, identity engineering, platform engineering, or a closely related domain, with demonstrated principal-level technical leadership.
- Demonstrated ability to drive complex initiatives across multiple teams, balancing risk reduction, delivery timelines, and stakeholder alignment.
- Ability to navigate ambiguous and sometimes conflicting requirements and priorities, cut through noise to make decisions and take action, incorporate feedback constructively, and maintain strong judgment when sustained direction is needed—delivering short-term progress while building toward long-term solutions.
- Experience leading and scaling delivery through a mix of direct reports, contingent workers, and/or professional services partners.
- Deep understanding of non-human identity patterns and programmatic credential use in modern systems (microservices, CI/CD, IaC, automation, and APIs).
- Hands-on experience implementing credential security controls such as secrets management/vaulting, PKI/cert lifecycle, token issuance/exchange, short-lived credentials, and automated rotation.
- Strong knowledge of authentication and authorization concepts (OAuth 2.0, OIDC, SAML, JWT, mTLS, key management, least privilege, scoped permissions).
- Endpoint platform familiarity across Windows and macOS, including OS security primitives, software distribution, and device management concepts.
- Experience implementing endpoint execution controls and configuration baselines across Windows and macOS, including policy rollout, exception management, and measurable enforcement outcomes.
- Familiarity and hands-on experience with modern AI platforms and developer assistants (e.g., OpenAI, Anthropic, GitHub Copilot), including how they are integrated and governed in enterprise environments.
- Strong cybersecurity fundamentals and experience designing preventive/detective controls and control-plane architectures (policy, enforcement, monitoring) that scale across platforms and teams.
- Able to translate risk into pragmatic designs and to influence across Security, IT, and Product/Engineering stakeholders.
- Strong written communication and documentation skills; ability to define standards and drive adoption.
Qualifications
- Experience with enterprise secrets/token platforms (e.g., HashiCorp Vault, Conjur, Azure Key Vault, AWS Secrets Manager, GCP Secret Manager) and integrating them into developer platforms.
- Experience with GxP regulated environments.
- Familiarity with workload identity and federation patterns (e.g., SPIFFE/SPIRE, cloud workload identity, Kubernetes service account federation).
- Familiarity with endpoint management ecosystems (e.g., Microsoft Intune, Jamf, MDM configuration profiles, Group Policy).
- Experience with Windows Defender Application Control (WDAC) and code-signing strategies; macOS notarization and signing enforcement at scale.
- Background building security guardrails for AI/automation systems (e.g., agent tool permissioning, policy-as-code, approval workflows, and audit logging for autonomous actions).
- Experience with threat modeling, red-team/blue-team collaboration, and defining measurable security outcomes.
Pay & Benefits
Pay Range: $158,600.00 - $285,500.00
Benefits: Competitive healthcare, family planning benefits, generous paid time off, savings and investments, location-specific perks and extras.
About Moderna
Moderna is a science-led biopharmaceutical company focused on using its proprietary messenger RNA (mRNA) platform to create, manufacture and advance therapeutics and vaccines for serious diseases. The company is building a broad portfolio of mRNA-based products, including human vaccines, such as its experimental vaccine against the coronavirus disease 2019 (COVID-19), MRNA-1273, and MRNA-3278, as well as potential treatments for a number of other illnesses. Moderna is also building its pipeline with a preclinical product candidate library that aims to tackle a wide variety of difficult-to-treat diseases. For more information, visit modernatx.com.
Equal Opportunity
Moderna is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants regardless of criminal histories, race, color, sex, gender identity or expression, age, religion, national origin, ancestry or citizenship, ethnicity, disability, military or protected veteran status, genetic information, sexual orientation, marital or familial status, or any other personal characteristic protected under applicable law.
Export Control Notice
This position may involve access to technology or data that is subject to U.S. export control laws, including the Export Administration Regulations (EAR). As such, employment is contingent upon the applicant’s ability to access export-controlled information in accordance with U.S. law. Due to the nature of the work and regulatory requirements, only individuals who qualify as U.S. persons (citizens, permanent residents, asylees, or refugees) are eligible for this position.