CrawlJobs Logo
I
Intellias · IT - Software Development

Senior Agentic Identity & Access Security Engineer

Poland;Spain;United Kingdom · Job Posted June 30, 2026
Apply Position
Job Link Share

Job Description

Our client is a leading global investment management company headquartered in London. It manages over $228 billion in assets and serves institutional investors, pension funds, wealth managers, and other sophisticated clients worldwide. The firm specializes in quantitative investing, alternative investments, systematic trading strategies, and technology-driven asset management. Data science, machine learning, and AI are core components of its investment and research processes. As part of our collaboration we will focus on two foundational capabilities required to enable safe and scalable AI adoption across the enterprise: Agentic Security and AI-Ready Data Foundations. What project we have for you We define how autonomous agents authenticate, obtain scoped access, and operate safely across a large, regulated financial estate where the runtime security model genuinely does not exist yet. The value, and the danger, of agentic AI is set by what an agent can reach: an agent that inherits a full user context and long-lived secrets has an effectively unlimited blast radius. Your job is to close that gap. This is a hands-on senior-level role for a security engineer who remains deeply technical and actively ships production code, operating at the intersection of enterprise IAM, platform engineering, and the emerging domain of agentic AI security. You will design and build the IaC-driven, self-service identity patterns, credential flows, and onboarding standards that make the secure way the easy way, across high-velocity teams that have long governed themselves.

Job Responsibility

  • Design and ship IaC-driven, self-service identity patterns that roll out firm-wide without requiring a full Active Directory cleanup first
  • Define the currently undefined agentic runtime security model: containerised code execution, permission delegation to agents, and MCP-based tool access
  • Lead the transition from long-lived secrets toward ephemeral, time-based, risk-scored credentials, scoped to task duration and issued via JWT / OIDC
  • Layer LLM / software guardrails (policy-as-text plus human review) on top of whatever hard guardrails are feasible across the estate
  • Establish an opinionated onboarding standard (e.g. mandatory MCP interfaces) and win adoption through better defaults and developer experience, not mandate alone
  • Design SIEM integration, behavioural baselining, and anomaly detection for agentic workflows, and centralise siloed audit logs to satisfy both security and regulatory requirements
  • Take bounded beachheads (for example, authenticate users and then delegate scoped access to internal systems) from vague to delivered

Requirements

  • 6+ years in security architecture and/or platform engineering, with a track record of shipping production code. Principal / Staff-level depth, ideally in a high-velocity or quant / financial-services engineering culture
  • Deep, mechanical command of modern identity and authorisation: OIDC / OAuth2 / JWT — token issuance flows, claims design, and delegation / impersonation patterns
  • Hands-on HashiCorp Vault experience, including dynamic / short-lived secrets and the realities of migrating off long-lived tokens without breaking a large application estate at once
  • Keycloak policy modelling, ideally with the Terraform-driven configuration the firm already uses
  • Strong Terraform / IaC fluency — enough to design repeatable, self-service patterns that others adopt, rather than bespoke per-team setups
  • Working knowledge of the Active Directory + Entra legacy reality: nested groups, LDAP-backed role mapping, and the distribution-list-as-permission-group failure mode — able to design around the mess pragmatically

Nice to have

  • Real exposure to agentic / LLM systems and why they change the threat model — an agent actively probes and exploits standing permissions rather than stumbling onto them. That removes the “security through obscurity” cushion humans relied on
  • Familiarity with MCP as an integration / onboarding standard, and at least one agent harness (Claude Agent SDK preferred)
  • Experience with just-in-time, task-scoped delegation versus standing access, and risk-gated credential issuance (e.g. a short-lived token issued against a CrowdStrike-style risk score)
  • Behavioural baselining / anomaly detection for workloads — defining “normal” for a recurring workflow and catching deviation at volume
  • SIEM integration and action attribution: distinguishing an agent’s action from the human whose credentials it borrowed
  • Financial-services audit literacy
  • Consulting or client-facing / pre-sales experience
Intellias - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Senior Agentic Identity & Access Security Engineer

8 matching positions

New

Senior Agentic Identity & Access Security Engineer

Our client is a leading global investment management company headquartered in Lo...
Location
Location
Poland; Spain; United Kingdom
Salary
Salary:
Not provided
Intellias
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years in security architecture and/or platform engineering, with a track record of shipping production code
  • Principal / Staff-level depth, ideally in a high-velocity or quant / financial-services engineering culture
  • Deep, mechanical command of modern identity and authorisation: OIDC / OAuth2 / JWT — token issuance flows, claims design, and delegation / impersonation patterns
  • Hands-on HashiCorp Vault experience, including dynamic / short-lived secrets and the realities of migrating off long-lived tokens without breaking a large application estate at once
  • Keycloak policy modelling, ideally with the Terraform-driven configuration the firm already uses
  • Strong Terraform / IaC fluency — enough to design repeatable, self-service patterns that others adopt, rather than bespoke per-team setups
  • Working knowledge of the Active Directory + Entra legacy reality: nested groups, LDAP-backed role mapping, and the distribution-list-as-permission-group failure mode — able to design around the mess pragmatically
Job Responsibility
Job Responsibility
  • Design and ship IaC-driven, self-service identity patterns that roll out firm-wide without requiring a full Active Directory cleanup first
  • Define the currently undefined agentic runtime security model: containerised code execution, permission delegation to agents, and MCP-based tool access
  • Lead the transition from long-lived secrets toward ephemeral, time-based, risk-scored credentials, scoped to task duration and issued via JWT / OIDC
  • Layer LLM / software guardrails (policy-as-text plus human review) on top of whatever hard guardrails are feasible across the estate
  • Establish an opinionated onboarding standard (e.g. mandatory MCP interfaces) and win adoption through better defaults and developer experience, not mandate alone
  • Design SIEM integration, behavioural baselining, and anomaly detection for agentic workflows, and centralise siloed audit logs to satisfy both security and regulatory requirements
  • Take bounded beachheads (for example, authenticate users and then delegate scoped access to internal systems) from vague to delivered
  • Fulltime
Read More
Arrow Right

Senior Identity Access Management Engineer

Roku is seeking a senior-level Identity Engineer to enhance its Zero-Trust archi...
Location
Location
United States , New York
Salary
Salary:
158000.00 - 279000.00 USD / Year
roku.com Logo
Roku
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience with identity and access management and automating cloud technologies, particularly within the Microsoft ecosystem
  • Strong analytical skills and attention to detail, with the ability to troubleshoot complex infrastructure and identity-related issues
  • Excellent communication skills, with the ability to clearly explain technical concepts to both technical and non-technical stakeholders
  • Deep experience with Microsoft Entra ID, including Conditional Access, Identity Governance, and Privileged Identity Management
  • Familiarity with Microsoft 365 services: Exchange Online, Defender, Purview, Sentinel, Intune, and related platforms
  • Automation and scripting skills using PowerShell, Azure CLI, and Microsoft Graph API
  • working knowledge of Azure services such as Function Apps and Logic Apps
  • Experience in onboarding and managing enterprise applications in Azure Entra ID
  • Advanced knowledge of Azure Single Sign-On (SSO) login methods, including OAuth2, OpenID Connect, and SAML, and their integration with enterprise applications
  • Knowledge of privileged access tools (Azure PIM, CyberArk, etc), secrets management (HashiCorp or Azure Key Vault), and workload identity patterns SPIFEE & SPIRE
Job Responsibility
Job Responsibility
  • Lead enterprise-wide IAM standardization, including identity lifecycle, access governance, and policy enforcement across global regions
  • Drive automation across IAM to streamline administration and deliver a smoother user experience
  • Support enterprise applications onboarding into Azure Entra ID, including SSO, Conditional Access, and role-based access control (RBAC)
  • Enhance privileged access management and implement scalable monitoring, alerting, and auditability solutions to support a secure, geographically distributed workforce
  • Collaborate with IT, Networking, and Security teams to troubleshoot identity-related issues and support global infrastructure initiatives
  • Advance Zero Trust Identity Fabric principles like continuous verification, least-privilege access, and identity-aware policy enforcement across users, devices, workloads, and non-human identities
  • Build identity automation with a DevOps mindset, writing scripts, developing pipelines, and engineering tooling from scratch rather than just configuring them
What we offer
What we offer
  • health insurance
  • equity awards
  • life insurance
  • disability benefits
  • parental leave
  • wellness benefits
  • paid time off
  • global access to mental health and financial wellness support and resources
  • healthcare (medical, dental, and vision)
  • commuter
  • Fulltime
Read More
Arrow Right

Senior Identity Access Management Engineer

Roku is seeking a senior-level Identity Engineer to enhance its Zero-Trust archi...
Location
Location
United States , Boston
Salary
Salary:
158000.00 - 279000.00 USD / Year
roku.com Logo
Roku
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience with identity and access management and automating cloud technologies, particularly within the Microsoft ecosystem.
  • Strong analytical skills and attention to detail, with the ability to troubleshoot complex infrastructure and identity-related issues.
  • Excellent communication skills, with the ability to clearly explain technical concepts to both technical and non-technical stakeholders.
  • Deep experience with Microsoft Entra ID, including Conditional Access, Identity Governance, and Privileged Identity Management.
  • Familiarity with Microsoft 365 services: Exchange Online, Defender, Purview, Sentinel, Intune, and related platforms.
  • Automation and scripting skills using PowerShell, Azure CLI, and Microsoft Graph API
  • working knowledge of Azure services such as Function Apps and Logic Apps.
  • Experience in onboarding and managing enterprise applications in Azure Entra ID.
  • Advanced knowledge of Azure Single Sign-On (SSO) login methods, including OAuth2, OpenID Connect, and SAML, and their integration with enterprise applications.
  • Knowledge of privileged access tools (Azure PIM, CyberArk, etc), secrets management (HashiCorp or Azure Key Vault), and workload identity patterns SPIFEE & SPIRE.
Job Responsibility
Job Responsibility
  • Lead enterprise-wide IAM standardization, including identity lifecycle, access governance, and policy enforcement across global regions.
  • Drive automation across IAM to streamline administration and deliver a smoother user experience.
  • Support enterprise applications onboarding into Azure Entra ID, including SSO, Conditional Access, and role-based access control (RBAC).
  • Enhance privileged access management and implement scalable monitoring, alerting, and auditability solutions to support a secure, geographically distributed workforce.
  • Collaborate with IT, Networking, and Security teams to troubleshoot identity-related issues and support global infrastructure initiatives.
  • Advance Zero Trust Identity Fabric principles like continuous verification, least-privilege access, and identity-aware policy enforcement across users, devices, workloads, and non-human identities.
  • Build identity automation with a DevOps mindset, writing scripts, developing pipelines, and engineering tooling from scratch rather than just configuring them.
What we offer
What we offer
  • Health insurance
  • equity awards
  • life insurance
  • disability benefits
  • parental leave
  • wellness benefits
  • paid time off
  • global access to mental health and financial wellness support and resources
  • healthcare (medical, dental, and vision)
  • life
  • Fulltime
Read More
Arrow Right

Senior Principal TPM - Agentic Identity & Access

Atlassian is a leading provider of collaboration software. Our software products...
Location
Location
United States , Seattle
Salary
Salary:
Not provided
themuse.com Logo
The Muse
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven track record leading organization-changing, multi-department technical programs in identity or security domains
  • Deep technical fluency in identity and access management concepts (OAuth, OIDC, SAML, authorization models, consent frameworks) with the ability to engage credibly at architecture-level discussions
  • Demonstrated ability to drive strategy and delivery across multiple engineering teams simultaneously, with competing priorities and without direct authority: influencing through clarity, trust, and frameworks
  • Experience shaping and driving platform adoption programs, not just building infrastructure, but measurably getting product teams to migrate onto prescribed patterns
  • Track record of building executive-ready narratives that drive alignment and unblock decisions at VP+ levels, in written, visual, and verbal formats
  • Experience with competitive market positioning in platform/security spaces and ability to translate external signals into internal strategy adjustments
  • Strong commercial instinct: ability to partner with product and GTM on what to monetize vs. what to include as foundational, and how to sequence accordingly
  • Familiarity with AI agent architectures, MCP (Model Context Protocol), agentic runtime patterns, and enterprise governance frameworks
  • Experience at scale SaaS companies navigating the tension between platform standardization and product-team autonomy
Job Responsibility
Job Responsibility
  • Own and drive the end-to-end program for Agentic Identity & Access across Atlassian, encompassing strategy, roadmap, and accountability mapping
  • Drive clarity across Atlassian on how agents authenticate, are authorized, and are governed when interacting with Atlassian data
  • Drive adoption of the Agentic Identity & Access golden path across all agentic runtimes and product teams
  • Lead cross-functional delivery, ensuring accountability to commitments across multiple departments. Proactively identify and resolve organizational ambiguity around ownership, accountability, and prioritization in a rapidly evolving space. Synthesize complex, multi-team program information into concise, actionable communications
  • Represent Atlassian's point of view on agentic identity and access externally, contributing to industry thought leadership
  • Drive systemic improvements to how Atlassian delivers cross-cutting, multi-org platform programs - codifying patterns, playbooks, and operating rhythms that scale. Mentor and uplift TPMs across the organization and evolve the TPM craft at Atlassian
What we offer
What we offer
  • Health and Wellness
  • Health Insurance
  • Dental Insurance
  • Vision Insurance
  • Life Insurance
  • Short-Term Disability
  • Long-Term Disability
  • FSA
  • HSA With Employer Contribution
  • Fitness Subsidies
Read More
Arrow Right

Senior Software Engineer, Identity Platform

As a Senior Software Engineer on the Identity team, you will build and evolve th...
Location
Location
United States , San Francisco
Salary
Salary:
293000.00 - 405000.00 USD / Year
openai.com Logo
OpenAI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience building and shipping production systems at product-driven technology companies
  • track record of owning meaningful technical scope
  • care deeply about reliability, safety, and performance in production environments
  • experience or interest in Authentication, Authorization, Federation, and Identity Management
  • naturally take ownership end-to-end
  • comfortable navigating unfamiliar systems
  • eager to learn whatever's needed to solve hard problems well
  • thrive in fast-moving environments
  • bringing structure to ambiguous problems
  • balancing competing priorities
Job Responsibility
Job Responsibility
  • Architect and build the next generation of Identity at OpenAI – including new use cases such as Agent identity and Sign In With ChatGPT
  • design and build our identity infrastructure for consumer internet scale, while also solving scalability bottlenecks as they arise
  • build powerful identity primitives, APIs, and internal tooling that enable product teams across OpenAI to integrate seamlessly with the account and access-control layer
  • collaborate closely with a broad set of stakeholders, including product, design, go-to-market, and other engineers
  • drive major architectural initiatives
  • mentor other engineers
  • make platform-level decisions where security, correctness, and reliability are paramount
What we offer
What we offer
  • Offers Equity
  • Medical, dental, and vision insurance for you and your family, with employer contributions to Health Savings Accounts
  • Pre-tax accounts for Health FSA, Dependent Care FSA, and commuter expenses (parking and transit)
  • 401(k) retirement plan with employer match
  • Paid parental leave (up to 24 weeks for birth parents and 20 weeks for non-birthing parents), plus paid medical and caregiver leave (up to 8 weeks)
  • Paid time off: flexible PTO for exempt employees and up to 15 days annually for non-exempt employees
  • 13+ paid company holidays, and multiple paid coordinated company office closures throughout the year for focus and recharge, plus paid sick or safe time (1 hour per 30 hours worked, or more, as required by applicable state or local law)
  • Mental health and wellness support
  • Employer-paid basic life and disability coverage
  • Annual learning and development stipend to fuel your professional growth
  • Fulltime
Read More
Arrow Right

Senior Enterprise Agentic AI Engineer

Planet DDS is building a centralized intelligence layer focused on transforming ...
Location
Location
United States , Irvine
Salary
Salary:
177000.00 - 221000.00 USD / Year
planetdds.com Logo
Planet DDS
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-7 years of experience in software engineering or applied machine learning
  • 2+ years building production deployments of agentic AI systems (tool‑using LLMs or multi‑agent workflows) with measurable business outcomes
  • Demonstrated experience productionizing AI or LLM-based systems
  • Proficiency in Python/TypeScript and building API‑first services with CI/CD
  • Hands-on experience with prompt engineering, evaluation, and optimization
  • Working knowledge of enterprise lakehouse architectures, including Delta Lake, medallion patterns, streaming ingestion, governance (Unity Catalog), and designing data layers that support high‑performance AI/agentic workflows
  • Proven ability to integrate Azure OpenAI or similar LLM platforms into orchestrated workflows
  • Experience designing and orchestrating multi-step, event-driven workflows using modern cloud-native services for serverless execution, workflow orchestration, messaging, and event-driven architecture
  • Experience designing and deploying cloud-native AI workflows in Microsoft Azure
  • Demonstrated ability to implement guardrails, output validation, and human‑in‑the‑loop patterns in production
Job Responsibility
Job Responsibility
  • Design, build, and scale production-grade agentic workflows that observe operational signals, reason across data, and take or recommend actions such as alerts, task creation, and decision support
  • Implement multi‑agent patterns (planner/worker, toolformer, delegate/reviewer) with deterministic and human‑in‑the‑loop controls
  • Architect an agentic intelligence layer atop the enterprise data lakehouse
  • Own the AI execution layer, including prompt architecture, orchestration, evaluation, monitoring, logging, and tool creation including but not limited to MCP
  • Translate business needs and operational challenges into clear technical approaches and delivery plans, resulting in scalable, reusable AI solutions
  • Partner closely with data engineering to define AI-ready schemas and data contracts
  • Instrument workflows with tracing, cost/perf dashboards, evaluation harnesses (automated + human), and drift monitoring
  • Ensure AI systems are secure, governed, auditable, and reliable
  • Drive solutions from concept to production without heavy process or handoffs
What we offer
What we offer
  • Medical, dental and vision insurance
  • Health Savings Account
  • Flexible Spending Accounts
  • Telehealth
  • 401(k) and 401(k) match
  • Life and AD&D insurance
  • Short-Term and Long-Term Disability
  • FTO or Vacation
  • Sick Time
  • Employee Well-Being program
  • Fulltime
Read More
Arrow Right

Senior Security Researcher

1Password is growing. We’ve surpassed $400M in ARR and we’re continuing to accel...
Location
Location
United States; Canada
Salary
Salary:
153000.00 - 214000.00 USD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4+ years of progressive experience in security research, offensive security, or vulnerability research
  • Education: Bachelor’s degree in Computer Science, Computer Engineering, Information Security, or a related field
  • or equivalent practical experience
  • Security research experience: Proven track record of discovering and responsibly disclosing original vulnerabilities, ideally with published CVEs, advisories, or equivalent publicly-recognized findings
  • Offensive security experience: A track record of hands-on experience in vulnerability research, exploit development, or advanced adversarial simulation techniques
  • Sufficient domain experience in two or more of the following domains: application security, Linux system internals, Windows system internals, macOS system internals, AI/Agentic security, Web application security, or Mobile application security
  • AI security experience: Familiarity with prompt injection, data poisoning, AI design architecture, AI-based attacks, and related vectors
  • Software engineering proficiency: Proficiency in one or more programming languages such as Go, Rust, Python, Ruby, JavaScript/TypeScript, or equivalent modern languages, with the ability to read and audit code for vulnerabilities
  • Integrity and ethical rigor: Consistent history of handling vulnerabilities and disclosures responsibly while engaging constructively with vendors and the research community
  • Demonstrable written and verbal communication skills, with a track record of producing technical publications, blog posts, and/or conference talks that clearly convey complex security topics
Job Responsibility
Job Responsibility
  • Vulnerability Research: Conduct original, hands-on research into application-level, protocol-level, and ecosystem-level vulnerabilities in 1Password’s products and the broader identity security landscape
  • You will discover, validate, and document novel vulnerability classes and attack chains
  • Demonstrate Exploitability: Collaborate with peers to develop proof-of-concept exploits and attack demonstrations that validate research findings, illustrate real-world risk, and support engineering teams in understanding and prioritizing remediation efforts
  • AI & Agentic Security Research: Investigate security risks at the intersection of AI and identity, including prompt injection, data poisoning, and other AI-based attack vectors
  • Your work will address the emerging challenges of agentic security at the interaction between privileged access management (PAM) and AI systems
  • Technical Publications & Thought Leadership: Author high-quality research publications, white papers, blog posts, and technical advisories
  • You will have the opportunity to present findings on podcasts, webinars, and at major security conferences that contribute to 1Password’s reputation as a thought leader in identity security
  • Community Engagement: Engage actively with the global security research community through responsible disclosure, collaborative research, open-source contributions, and participation in industry forums/events
  • Cross-functional Collaboration: Partner with Product, Engineering, and Detection teams to translate research findings into actionable security improvements. Provide evidence-based technical guidance that informs product direction and security strategy
What we offer
What we offer
  • Maternity and parental leave top-up programs
  • Competitive health benefits
  • Generous PTO policy
  • RSU program for most employees
  • Retirement matching program
  • Free 1Password account
  • Paid volunteer days
  • Peer-to-peer recognition through Bonusly
  • Remote-first work environment
  • Fulltime
Read More
Arrow Right

Senior Security Solution Architect (Pre-sales)

The Senior Security Solutions Architect at NTT DATA is a pivotal role focused on...
Location
Location
United States of America , Remote
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Advanced hands-on experience designing, implementing, integrating, and troubleshooting solutions from: Cisco (Firepower, ASA, ISE, Umbrella, SecureX, VPN solutions), Palo Alto Networks (NGFW, Panorama, GlobalProtect, Prisma Access/Cloud), Fortinet (FortiGate, FortiManager, FortiAnalyzer, FortiAuthenticator, SD-WAN), Check Point (Quantum Security Gateway, Management Server, CloudGuard, Infinity)
  • Experience with secure network design, segmentation, threat prevention, IPS/IDS, URL filtering, and advanced malware protection
  • Experience integrating logging, monitoring, and SIEM/SOAR systems
  • Experience with secure remote access, VPN architecture, and Zero Trust design
  • Experience integrating solutions into hybrid/multi-cloud environments (AWS, Azure, GCP)
  • Experience in client-facing security consulting, including requirements gathering and risk analysis
  • Experience working in Agile or DevSecOps environments preferred
  • Demonstrated ability to develop and deliver security-focused technical solutions for enterprise clients
  • Bachelor's degree in computer science, engineering, cybersecurity, or related field (or equivalent experience)
  • Strongly preferred certifications: Cisco: (CCNP Security, CCIE Security, CyberOps) and/or Palo Alto Networks: (PCNSA, PCNSE) and/or Fortinet: (NSE4-NSE7 (especially NSE5-NSE7)) and /or Check Point: (CCSA, CCSE, CCSM)
Job Responsibility
Job Responsibility
  • Contributes to the development of complex security-centric solution architectures across business, infrastructure, application, and cloud environments
  • Identifies and evaluates alternative security architectures and analyzes trade-offs in risk reduction, cost, performance, and scalability
  • Produces specifications for cloud or on-premises components with an emphasis on security controls, identity and access management, encryption standards, network segmentation, and compliance requirements
  • Designs components using modelling techniques that incorporate security-by-design principles, Zero Trust concepts, and industry frameworks (e.g., NIST CSF, ISO 27001)
  • Creates multiple design views for stakeholder concerns, including non-functional security requirements, and develops security proof-of-concepts (POCs)
  • Supports change programs with technical planning aligned to enterprise security architecture standards and regulatory requirements
  • Ensures solutions meet data protection and cybersecurity obligations (GDPR, HIPAA, PCI-DSS, SOC 2)
  • Leads understanding of client security requirements, gathers and analyzes threat/risk data, and provides expert remediation guidance
  • Advises clients on security modernization, cloud security, secure application design, and emerging cybersecurity practices
  • Recommends new security services and contributes to security go-to-market offerings
  • Fulltime
Read More
Arrow Right