Talent.com
Staff IAM Engineer, Non-Human Identity
Staff IAM Engineer, Non-Human IdentitySoFi • San Francisco, California, USA
Staff IAM Engineer, Non-Human Identity

Staff IAM Engineer, Non-Human Identity

SoFi • San Francisco, California, USA
22 days ago
Job type
  • Full-time
Job description

The Role

The Staff IAM Engineer Non-Human Identity is responsible for securing and managing all non-human identities including service accounts application identities machine credentials APIs bots and workloads across on-prem cloud and crypto infrastructure. This role ensures that automated and machine-based identities follow the same governance lifecycle and least-privilege principles as human users. You will design systems that enable secure authentication secrets management and access provisioning for automated services APIs and DevOps pipelines. This role directly protects sensitive financial data crypto custody environments and transaction systems from privilege misuse credential leakage and insider or supply chain threats.

What Youll Do

Identity Architecture & Engineering

  • Design implement and maintain a Non-Human Identity (NHI) framework governing all service accounts API tokens certificates and machine credentials.
  • Implement centralized secrets management using tools such as HashiCorp Vault or AWS Secrets Manager
  • Build integrations with CI / CD pipelines and cloud services (AWS GCP Azure) to enforce automated credential rotation and JIT provisioning.
  • Define and implement tagging ownership and classification models for non-human identities.
  • Develop scalable onboarding processes for applications workloads and bots that require secure authentication.

Lifecycle Management & Governance

  • Develop automated workflows for creation rotation deactivation and certification of service accounts and API keys.
  • Partner with developers and DevOps to transition hard-coded credentials to secure vaults.
  • Establish policies for key rotation frequency credential expiration and certificate renewal.
  • Integrate NHI lifecycle into IAM governance tools (Okta).
  • Support quarterly access reviews and certification campaigns for non-human identities.

    • Automation & Integration

  • Build automation using APIs Python PowerShell or Terraform to manage credentials and monitor access.
  • Integrate non-human identity telemetry into SIEM / SOAR platforms for anomaly detection.
  • Implement visibility dashboards to track total NHI inventory owners last use and compliance status.
  • Deploy Just-in-Time (JIT) credential provisioning for ephemeral workloads and containers (Kubernetes Lambda ECS etc.).

    • Security & Risk Management

  • Enforce least privilege and zero-trust principles for machine access.
  • Monitor for unused or excessive service accounts and remediate over-permissioned credentials.
  • Support incident response teams with forensics on compromised API keys or tokens.
  • Define detection logic for credential misuse or non-standard access patterns.
  • Partner with Application Security to integrate secure NHI handling into SDLC.

    • Compliance & Audit

  • Maintain audit trails for credential issuance usage and rotation events.
  • Produce compliance reports for SOX SOC 2 PCI DSS FFIEC and crypto-custody audits.
  • Collaborate with internal audit and compliance teams to validate NHI control effectiveness.
  • Document architecture data flows SOPs and exception processes for NHI management.

    • Innovation & Continuous Improvement

  • Evaluate emerging NHI management solutions (e.g. SPIFFE / SPIRE workload identity federation cloud-native secrets stores).
  • Lead proof-of-concepts to modernize credentialless or short-lived identity methods.
  • Advocate for security automation and the reduction of static credentials across the enterprise.

    • What Youll Need

    Education & Experience

  • Bachelors degree in Computer Science Cybersecurity or related discipline.
  • 36 years of experience in IAM DevSecOps or Security Engineering roles.
  • Hands-on experience with non-human identity or secrets management tools
  • Familiarity with cloud IAM concepts (AWS IAM Roles Azure Managed Identities GCP Service Accounts).
  • Experience integrating IAM or secrets systems with CI / CD pipelines and DevOps tools.

    • Technical Skills

  • Proficiency in automation and scripting (Python PowerShell or Bash).
  • Strong understanding of authentication standards (OIDC OAuth 2.0 SAML JWT).
  • Knowledge of API security key rotation policies and service-to-service authentication.
  • Familiarity with container and workload identities (Kubernetes ECS Lambda).
  • Understanding of Zero Trust machine identity and certificate lifecycle management.

    • Preferred Certifications

  • HashiCorp Certified Vault Associate
  • AWS Certified Security Specialty
  • Okta Certified Professional or Administrator
  • (ISC)² Certified Identity and Access Manager (CIAM) or CISSP

    • Required Experience :

    Staff IC

    Key Skills

    Computer Science,Docker,Kubernetes,Python,VMware,C / C++,Go,System Architecture,gRPC,OS Kernels,Perl,Distributed Systems

    Employment Type : Full-Time

    Experience : years

    Vacancy : 1

    Create a job alert for this search

    Iam Engineer • San Francisco, California, USA

    Related jobs
    Staff AI Engineer : Generative Contract Features

    Staff AI Engineer : Generative Contract Features

    Ironclad • San Francisco, CA, United States
    Full-time
    A leading AI contracting platform in San Francisco seeks a Generative AI Application Developer to drive the development of innovative legal AI features. You will work on building and deploying scala...Show more
    Last updated: 11 days ago • Promoted
    Engineer II - IAM Technologies

    Engineer II - IAM Technologies

    Exelixis • Alameda, CA, United States
    Full-time
    The Engineer II - Client Technology provides advanced engineering support across a broad range of technologies and platforms. This role plays a critical part in anticipating and resolving escalated ...Show more
    Last updated: 30+ days ago • Promoted
    IC Design Engineer

    IC Design Engineer

    Lawrence Berkeley National Laboratory • Berkeley, CA, United States
    Full-time
    Lawrence Berkeley National Laboratory's.Integrated Circuit Design Group.In this role, you will develop custom ASICs for major Laboratory projects in the fields of high-energy physics, nuclear scien...Show more
    Last updated: 30+ days ago • Promoted
    Staff Platform Engineer – Agentic AI Systems, IFS The Loops

    Staff Platform Engineer – Agentic AI Systems, IFS The Loops

    IFS • San Francisco, CA, United States
    Full-time
    Staff Platform Engineer – Agentic AI Systems, IFS The Loops.Staff Platform Engineer – Agentic AI Systems, IFS The Loops.Be among the first 25 applicants. TheLoops, an IFS company, is the first enter...Show more
    Last updated: 30+ days ago • Promoted
    Staff ML Engineer, Personalization AI - Remote

    Staff ML Engineer, Personalization AI - Remote

    Block • San Francisco, CA, US
    Remote
    Full-time
    A global technology company is seeking a Staff Machine Learning Engineer for the Tidal Personalization AI team.This role involves leading initiatives in Personalization and AI Engineering, developi...Show more
    Last updated: 15 hours ago • Promoted • New!
    ASIC Design Engineer, Kuiper ASIC Design

    ASIC Design Engineer, Kuiper ASIC Design

    Amazon • San Francisco, California, United States
    Permanent
    About the Role Amazon Leo is an initiative to launch a constellation of Low Earth Orbit satellites that will provide low‑latency, high‑speed broadband connectivity to unserved and underserved commu...Show more
    Last updated: 5 days ago • Promoted
    Staff Full-Stack Engineer : Build AI-Driven Design Tools

    Staff Full-Stack Engineer : Build AI-Driven Design Tools

    Backflip • San Francisco, CA, United States
    Full-time
    A technology firm specializing in CAD is seeking a Staff Software Engineer to develop the software backbone of their intelligent design environment. The ideal candidate will have expertise in React,...Show more
    Last updated: 14 days ago • Promoted
    Senior Staff ML Engineer — AI for Global Marketplace

    Senior Staff ML Engineer — AI for Global Marketplace

    airbnb, Inc. • San Francisco, CA, United States
    Full-time
    A leading tech company is seeking an experienced professional to enhance its machine learning capabilities.This role involves collaborating with teams across tech, product, and design to deploy AI ...Show more
    Last updated: 7 days ago • Promoted
    Staff AI Engineer

    Staff AI Engineer

    Airwallex • San Francisco, CA, United States
    Full-time
    Airwallex is the only unified payments and financial platform for global businesses.Powered by our unique combination of proprietary infrastructure and software, we empower over 150,000 businesses ...Show more
    Last updated: 30+ days ago • Promoted
    Staff Software Engineer - AI Agent Infrastructure (Healthcare)

    Staff Software Engineer - AI Agent Infrastructure (Healthcare)

    Honey Health • San Francisco, CA, US
    Full-time
    Honey Health is the all-in-one AI back office for primary and specialty care.Our AI agents autonomously handle core back-office jobs, such as aggregating patients data, processing orders and prescr...Show more
    Last updated: 21 days ago • Promoted
    Staff ML Engineer

    Staff ML Engineer

    Grindr • San Francisco, CA, United States
    Full-time
    San Francisco or Palo Alto offices (Palo Alto preferred) and will require you to be in the office on Tuesdays and Thursdays. What’s So Interesting About This Role?.At Grindr, we’re at the dawn of an...Show more
    Last updated: 30+ days ago • Promoted
    Staff Engineer, Scalable Identity & Platform

    Staff Engineer, Scalable Identity & Platform

    Clerk, Inc. • San Francisco, CA, United States
    Full-time
    A tech company specialized in identity management is looking for staff-level engineers in San Francisco, California.Candidates should have a strong background in scalable product development and pr...Show more
    Last updated: 7 days ago • Promoted
    Staff AI Platform Engineer

    Staff AI Platform Engineer

    BetterCloud • San Francisco, CA, United States
    Full-time
    The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making.With market intelligence and search built on proven AI, AlphaSense delivers insights that matt...Show more
    Last updated: 30+ days ago • Promoted
    Staff Software Engineer - IAM

    Staff Software Engineer - IAM

    Q CELLS USA Corp. • San Francisco, CA, United States
    Full-time
    We are looking for a Staff Software Engineer - IAM to join our Software Engineering team to design, develop, and scale secure authentication and authorization systems across our platform.The ideal ...Show more
    Last updated: 19 days ago • Promoted
    Staff ML Engineer

    Staff ML Engineer

    Google • San Francisco, CA, United States
    Full-time
    Google's software engineers develop the next‑generation technologies that change how billions of users connect, explore, and interact with information and one another. Our products need to handle in...Show more
    Last updated: 5 days ago • Promoted
    AI Engineer - LLM Infra

    AI Engineer - LLM Infra

    Yutori • San Francisco, CA, United States
    Full-time
    Yutori is reimagining how people interact with the web by building AI agents that can reliably do everyday digital tasks. We are building the entire stack to be agent-first, from training our own mo...Show more
    Last updated: 30+ days ago • Promoted
    Remote Senior IAM Engineer - Endpoint Privileged Management

    Remote Senior IAM Engineer - Endpoint Privileged Management

    EPAM Systems • San Francisco, CA, US
    Remote
    Full-time
    A global digital services provider is seeking a Senior IAM Engineer in San Francisco, CA.This role focuses on architecting and maintaining secure application infrastructures, specifically on Endpoi...Show more
    Last updated: 4 days ago • Promoted
    Staff AI / ML Engineer

    Staff AI / ML Engineer

    Sigma • San Francisco, CA, United States
    Full-time
    At Sigma, we’re not just adding AI—we’re building the future of how people work with data.Our platform already lets users explore billions of rows of data in seconds with a spreadsheet-like interfa...Show more
    Last updated: 30+ days ago • Promoted