Senior Security Engineer - Non-Human Identity
Edward Jones · St Louis, MO · Today
HybridFull-time
About the role
We are seeking a highly technical, hands-on Senior Non-Human Identity Engineer to lead the engineering, automation, onboarding, remediation, and operational management of non-human identities across the enterprise.
Responsibilities
- Engineer, implement, and support enterprise non-human identity solutions across cloud, on-premises, and hybrid environments.
- Develop and maintain automated provisioning, credential rotation, secret management, certificate lifecycle management, and deprovisioning processes.
- Perform onboarding and migration of service accounts, managed identities, workload identities, application accounts, and machine credentials into enterprise identity management platforms.
- Configure, deploy, and support privileged access controls for non-human identities using PAM and secrets management technologies.
- Work closely with application teams, DevOps, cloud engineering, cybersecurity, and infrastructure teams to ensure non-human identities are properly secured, monitored, and managed throughout their lifecycle.
- Design, build, and maintain automation using PowerShell, Python, REST APIs, Terraform, and other scripting or orchestration technologies.
- Integrate identity controls into CI/CD pipelines and DevSecOps workflows.
- Troubleshoot and resolve authentication, authorization, federation, certificate, token, and credential-related issues across enterprise applications.
- Support large-scale remediation initiatives involving dormant service accounts, excessive permissions, unmanaged secrets, and identity-related security vulnerabilities.
- Configure and administer identity platforms, including directory services, cloud identity providers, PAM solutions, certificate authorities, and secrets vaults.
- Monitor non-human identity activity and investigate suspicious authentication events, credential misuse, or policy violations.
- Create operational runbooks, implementation guides, engineering standards, and technical documentation.
- Partner with Security Operations and Incident Response teams during investigations involving machine identities and application credentials.
- Participate in after-hours support activities, major incident response, and maintenance activities when required.
Requirements
- Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Engineering, or equivalent experience.
- 7+ years of hands-on experience in Identity and Access Management, Cybersecurity Engineering, Infrastructure Engineering, or Cloud Security.
- 5+ years of direct experience managing non-human identities, service accounts, application identities, workload identities, or machine authentication technologies.
- Strong hands-on experience administering Microsoft Entra ID, Active Directory, or similar identity platforms.
- Experience implementing and supporting secrets management, credential vaulting, and privileged access solutions.
- Strong scripting and automation skills using PowerShell, Python, Bash, or similar technologies.
- Experience working with OAuth 2.0, OpenID Connect, SAML, Kerberos, LDAP, certificates, and PKI technologies.
- Experience supporting Azure, AWS, Google Cloud, or multi-cloud environments.
- Ability to analyze logs, troubleshoot authentication failures, and resolve complex identity-related issues.
- Experience working within enterprise change management, incident management, and operational support processes.
- Strong verbal and written communication skills with the ability to collaborate across technical teams.
Qualifications
- Hands-on experience with CyberArk, HashiCorp Vault, Delinea, BeyondTrust, SailPoint, Microsoft Entra Workload Identities, or similar platforms.
- Experience managing certificate lifecycles and public/private key infrastructure.
- Familiarity with Infrastructure as Code technologies such as Terraform, Bicep, ARM, or CloudFormation.
- Experience with SIEM platforms and identity security monitoring.
- CISSP, CISM, Security+, Microsoft Identity and Access Administrator, CyberArk Defender/Sentry, or related certifications.
Skills
- Hands-on experience with CyberArk, HashiCorp Vault, Delinea, BeyondTrust, SailPoint, Microsoft Entra Workload Identities, or similar platforms.
- Experience managing certificate lifecycles and public/private key infrastructure.
- Familiarity with Infrastructure as Code technologies such as Terraform, Bicep, ARM, or CloudFormation.
- Experience with SIEM platforms and identity security monitoring.
- CISSP, CISM, Security+, Microsoft Identity and Access Administrator, CyberArk Defender/Sentry, or related certifications.
Benefits
- Medical and prescription drug, dental, vision, voluntary benefits (such as accident, hospital indemnity, and critical illness).
- Short- and long-term disability, basic life, and basic AD&D coverage.
- 401(k) retirement plan, and tax-advantaged accounts: health savings account, and flexible spending account.
- Ten paid holidays and 15 days of vacation for new associates beginning on January 1 of each year, as well as sick time, personal days, and a paid day for volunteerism.
- Eligibility for bonuses and profit sharing.
- Employee Assistance Program.
Pay
Compensation provided for using, not obtaining, the rating.
Schedule
Effective June 1, 2026, candidates that live within a commutable distance from our Tempe, AZ and St. Louis, MO home office locations are expected to work in the office four days per week. Before June 1, 2026, candidates that live within a commutable distance from our Tempe, AZ and St. Louis, MO home office locations are expected to work in the office three days per week, with preference for Tuesday through Thursday.