Talent.com
Staff IAM Engineer, Non-Human Identity
Staff IAM Engineer, Non-Human IdentitySoFi • San Francisco, California, USA
Staff IAM Engineer, Non-Human Identity

Staff IAM Engineer, Non-Human Identity

SoFi • San Francisco, California, USA
20 days ago
Job type
  • Full-time
Job description

The Role

The Staff IAM Engineer Non-Human Identity is responsible for securing and managing all non-human identities including service accounts application identities machine credentials APIs bots and workloads across on-prem cloud and crypto infrastructure. This role ensures that automated and machine-based identities follow the same governance lifecycle and least-privilege principles as human users. You will design systems that enable secure authentication secrets management and access provisioning for automated services APIs and DevOps pipelines. This role directly protects sensitive financial data crypto custody environments and transaction systems from privilege misuse credential leakage and insider or supply chain threats.

What Youll Do

Identity Architecture & Engineering

  • Design implement and maintain a Non-Human Identity (NHI) framework governing all service accounts API tokens certificates and machine credentials.
  • Implement centralized secrets management using tools such as HashiCorp Vault or AWS Secrets Manager
  • Build integrations with CI / CD pipelines and cloud services (AWS GCP Azure) to enforce automated credential rotation and JIT provisioning.
  • Define and implement tagging ownership and classification models for non-human identities.
  • Develop scalable onboarding processes for applications workloads and bots that require secure authentication.

Lifecycle Management & Governance

  • Develop automated workflows for creation rotation deactivation and certification of service accounts and API keys.
  • Partner with developers and DevOps to transition hard-coded credentials to secure vaults.
  • Establish policies for key rotation frequency credential expiration and certificate renewal.
  • Integrate NHI lifecycle into IAM governance tools (Okta).
  • Support quarterly access reviews and certification campaigns for non-human identities.

    • Automation & Integration

  • Build automation using APIs Python PowerShell or Terraform to manage credentials and monitor access.
  • Integrate non-human identity telemetry into SIEM / SOAR platforms for anomaly detection.
  • Implement visibility dashboards to track total NHI inventory owners last use and compliance status.
  • Deploy Just-in-Time (JIT) credential provisioning for ephemeral workloads and containers (Kubernetes Lambda ECS etc.).

    • Security & Risk Management

  • Enforce least privilege and zero-trust principles for machine access.
  • Monitor for unused or excessive service accounts and remediate over-permissioned credentials.
  • Support incident response teams with forensics on compromised API keys or tokens.
  • Define detection logic for credential misuse or non-standard access patterns.
  • Partner with Application Security to integrate secure NHI handling into SDLC.

    • Compliance & Audit

  • Maintain audit trails for credential issuance usage and rotation events.
  • Produce compliance reports for SOX SOC 2 PCI DSS FFIEC and crypto-custody audits.
  • Collaborate with internal audit and compliance teams to validate NHI control effectiveness.
  • Document architecture data flows SOPs and exception processes for NHI management.

    • Innovation & Continuous Improvement

  • Evaluate emerging NHI management solutions (e.g. SPIFFE / SPIRE workload identity federation cloud-native secrets stores).
  • Lead proof-of-concepts to modernize credentialless or short-lived identity methods.
  • Advocate for security automation and the reduction of static credentials across the enterprise.

    • What Youll Need

    Education & Experience

  • Bachelors degree in Computer Science Cybersecurity or related discipline.
  • 36 years of experience in IAM DevSecOps or Security Engineering roles.
  • Hands-on experience with non-human identity or secrets management tools
  • Familiarity with cloud IAM concepts (AWS IAM Roles Azure Managed Identities GCP Service Accounts).
  • Experience integrating IAM or secrets systems with CI / CD pipelines and DevOps tools.

    • Technical Skills

  • Proficiency in automation and scripting (Python PowerShell or Bash).
  • Strong understanding of authentication standards (OIDC OAuth 2.0 SAML JWT).
  • Knowledge of API security key rotation policies and service-to-service authentication.
  • Familiarity with container and workload identities (Kubernetes ECS Lambda).
  • Understanding of Zero Trust machine identity and certificate lifecycle management.

    • Preferred Certifications

  • HashiCorp Certified Vault Associate
  • AWS Certified Security Specialty
  • Okta Certified Professional or Administrator
  • (ISC)² Certified Identity and Access Manager (CIAM) or CISSP

    • Required Experience :

    Staff IC

    Key Skills

    Computer Science,Docker,Kubernetes,Python,VMware,C / C++,Go,System Architecture,gRPC,OS Kernels,Perl,Distributed Systems

    Employment Type : Full-Time

    Experience : years

    Vacancy : 1

    Create a job alert for this search

    Iam Engineer • San Francisco, California, USA

    Related jobs
    Associate Development Engineer (4758C) - EECS

    Associate Development Engineer (4758C) - EECS

    InsideHigherEd • Berkeley, California, United States
    Full-time
    Associate Development Engineer (4758C) - EECS.At the University of California, Berkeley, we are dedicated to fostering a community where everyone feels welcome and can thrive.Our culture of opennes...Show more
    Last updated: 4 days ago • Promoted
    Staff AI Engineer

    Staff AI Engineer

    Tonal • San Francisco, California, United States
    Full-time
    Tonal is the world’s first all in one home gym with a simply stunning design.It has completely revolutionized the fitness journey, with adaptive weight and coaching cues powered by advanced AI tech...Show more
    Last updated: 12 days ago • Promoted
    AI / ML Platform Engineer

    AI / ML Platform Engineer

    Whatnot • San Francisco, California, United States
    Full-time
    Join the Future of Commerce with Whatnot!.Whatnot is the largest live shopping platform in North America and Europe to buy, sell, and discover the things you love. We’re re-defining e-commerce by bl...Show more
    Last updated: 17 days ago • Promoted
    Staff Software Engineer, AI and Data Technology

    Staff Software Engineer, AI and Data Technology

    Omada Health • South San Francisco, CA, United States
    Full-time
    Omada Health is on a mission to inspire and engage people in lifelong health, one step at a time.The Staff Software Engineer for AI and Data Technologies will play a critical role in advancing our ...Show more
    Last updated: 30+ days ago • Promoted
    HPC Technical Consultant (Permanent / Direct Hire)

    HPC Technical Consultant (Permanent / Direct Hire)

    Jobot • Berkeley, CA, US
    Permanent
    This Jobot Job is hosted by : Kurt Holzmuller.Are you a fit? Easy Apply now by clicking the "Apply Now" button and sending us your resume. Salary : $120,000 - $180,000 per year.We are a leading global...Show more
    Last updated: 30+ days ago • Promoted
    Staff Software Engineer AI Agents

    Staff Software Engineer AI Agents

    Goodleap • San Francisco, California, United States
    Full-time
    GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, w...Show more
    Last updated: 30+ days ago • Promoted
    Senior Staff AI Engineer

    Senior Staff AI Engineer

    Jazzx Ai • San Francisco Bay, California, United States
    Full-time
    SAIGroup is a private investment firm that has committed $1 billion to incubate and scale revolutionary AI-powered enterprise software application companies. Our portfolio, a testament to our succes...Show more
    Last updated: 30+ days ago • Promoted
    AI Engineer, Applied ML

    AI Engineer, Applied ML

    Perplexity • San Francisco, California, United States
    Full-time
    Perplexity is looking for an Applied ML Engineer to design, build, and iterate on cutting-edge AI models powering our core experience. As an expert in machine learning and artificial intelligence, y...Show more
    Last updated: 16 days ago • Promoted
    Staff Mechanical Design Engineer, Structures DesignMechanical Design Engineering • Berkeley, CA • Full time • On-site

    Staff Mechanical Design Engineer, Structures DesignMechanical Design Engineering • Berkeley, CA • Full time • On-site

    Form Energy • Berkeley, CA, United States
    Full-time
    Are you ready to build America's energy future? Form Energy is an American manufacturing and energy technology company.We're revolutionizing energy storage with cost-effective, multi-day technology...Show more
    Last updated: 30+ days ago • Promoted
    Senior / Lead Data Solution Engineer

    Senior / Lead Data Solution Engineer

    Meltwater • Redwood City, CA, United States
    Full-time
    We're thrilled to embark on the search for a seasoned.Senior / Lead Data Solution Engineer.This pivotal role offers an exciting opportunity to shape the future of technology within our organization.A...Show more
    Last updated: 30+ days ago • Promoted
    Founding AI Engineer - Lantern

    Founding AI Engineer - Lantern

    Pear Vc • San Francisco Bay, California, United States
    Full-time
    Lantern - Founding AI Engineer.Supply chains power the world - but most distributors still rely on spreadsheets, gut instinct, and clunky ERP systems to make million-dollar purchasing decisions.We’...Show more
    Last updated: 30+ days ago • Promoted
    Senior Agentic AI Engineer (Cybersecurity)

    Senior Agentic AI Engineer (Cybersecurity)

    Anomali • Redwood City, CA, United States
    Full-time
    Anomali is headquartered in Silicon Valley and is the Leading AI-Powered Security Operations Platform that is modernizing security operations. At the center of it is an omnipresent, intelligent, and...Show more
    Last updated: 8 days ago • Promoted
    Staff AI engineer

    Staff AI engineer

    Connectly • San Francisco, California, United States
    Full-time
    At Connectly we are building the future of conversational commerce in Latin America with the focus on Whatsapp.Buying on Whatsapp is ubiquitous in Latin America, yet only small businesses have made...Show more
    Last updated: 30+ days ago • Promoted
    Staff Software Engineer, Data & AI / ML

    Staff Software Engineer, Data & AI / ML

    Verse • San Francisco, California, United States
    Remote
    Full-time
    San Francisco, CA (Remote / Hybrid Available).Organizations today are under growing pressure to navigate the transition to clean energy — not just to meet sustainability goals, but to manage risk, co...Show more
    Last updated: 30+ days ago • Promoted
    Staff AI / ML Engineer

    Staff AI / ML Engineer

    Sigma Computing • San Francisco, California, United States
    Full-time
    At Sigma, we’re not just adding AI—we’re building the future of how people work with data.Our platform already lets users explore billions of rows of data in seconds with a spreadsheet-like interfa...Show more
    Last updated: 2 days ago • Promoted
    Staff AI Engineer

    Staff AI Engineer

    Airwallex • San Francisco, California, United States
    Full-time
    Airwallex is the only unified payments and financial platform for global businesses.Powered by our unique combination of proprietary infrastructure and software, we empower over 150,000 businesses ...Show more
    Last updated: 30+ days ago • Promoted
    AI Engineer

    AI Engineer

    Pathwork • San Francisco, California, United States
    Full-time
    Location : San Francisco or New York City.Pathwork is redesigning life & health insurance jobs for the AI age.M professionals in the $1T life and health insurance industry don’t need better tools; t...Show more
    Last updated: 16 days ago • Promoted
    AI Engineer

    AI Engineer

    Confidential • San Francisco, California, United States
    Remote
    Full-time
    This role is open to US Citizens, Green Card holders, GC-EAD only.Adidev is looking for an adept Machine Learning Engineer to take the helm in deploying advanced machine learning models, with a spe...Show more
    Last updated: 30+ days ago • Promoted