Technical Lead, Identity & Access Management
About the role
We are seeking a hands-on Technical Lead to own identity end-to-end, from foundational IDP architecture through to privileged access, secrets management, and access governance for AI agents. This is a senior individual contributor role with broad technical scope and direct influence on identity engineering, security, and compliance outcomes.
You will set direction, drive implementation, and operate as the primary identity expert across the organization.
We are looking for someone who has 8 - 12+ years in identity engineering, security engineering, or a closely related discipline.
Responsibilities
- Define the long-term IAM strategy, roadmap, and operating model across the enterprise and product ecosystem.
- Assess and mature the current-state Identity Provider (IDP) architecture, identifying gaps and driving the path to a resilient, scalable design.
- Drive all identity systems toward Zero Trust principles - secure, scalable, and frictionless by default.
- Automate the full identity lifecycle beyond traditional IGA joiner-mover-leaver (JML) processes.
- Implement and enforce RBAC for human and non-human identities at scale.
- Define and operationalize least-privilege policies across all systems and environments.
- Centralize secrets management - keys, tokens, certificates - across cloud and enterprise environments.
- Design and deliver Privileged Access Management (PAM) for admin accounts spanning enterprise IT and cloud engineering.
- Implement a scalable access management model for AI agents and bots.
- Collaborate with IT Apps and infrastructure teams to enforce and enable SSO across the enterprise.
- Own the implementation and governance of authentication protocols (SAML, OIDC, OAuth 2.0) and modern identity standards.
- Partner with engineering, security, IT, compliance, and product teams to deliver access management capabilities that enable the business and satisfy audit requirements.
- Translate complex identity requirements into clear, executable technical plans and communicate tradeoffs to senior stakeholders.
Requirements
- Hands-on architecture or engineering experience in cloud environments (AWS, GCP, or Azure).
- Deep expertise in modern IAM technologies: directories (LDAP/AD), IDPs, federation, and authentication protocols (SAML, OIDC, OAuth 2.0).
- Practical experience implementing Zero Trust identity models and PAM frameworks.
- Strong understanding of identity governance, IGA tooling, and role lifecycle management.
- Hands-on experience with secrets management platforms (e.g., HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager).
- Experience building access controls for AI workloads, agents, or service accounts at scale.
- Familiarity with SCIM provisioning and automated IGA workflows.
- Excellent communication and influencing skills - you can make identity concepts accessible to non-technical audiences and drive alignment without authority.
Qualifications
- Nice to have: Security certifications such as CISSP, GIAC, or similar.
- Solid grasp of compliance frameworks relevant to identity (SOC 2, ISO 27001, NIST, or similar) and experience supporting audit processes.
Skills
- Security certifications such as CISSP, GIAC, or similar.
- Solid grasp of compliance frameworks relevant to identity (SOC 2, ISO 27001, NIST, or similar) and experience supporting audit processes.
Benefits
- Base salary is a single component of the total compensation package, which may also include equity in the form of options and/or restricted stock units, comprehensive health, dental, vision, life and disability insurance coverage, 401k retirement benefits with employer match, learning and wellness stipends, and paid time off.
Pay
The actual base salary offered to a successful candidate will additionally be influenced by a variety of factors including experience, credentials & certifications, educational attainment, skill level requirements, interview performance, and the level and scope of the position.
Schedule
We are an in-office company, and our expectation is that employees primarily work from their Applied Intuition office 5 days a week. However, we also recognize the importance of flexibility and trust our employees to manage their schedules responsibly. This may include occasional remote work, starting the day with morning meetings from home before heading to the office, or leaving earlier when needed to accommodate family commitments.