Staff IAM Engineer, Non-Human Identity

San Francisco, CA - USA

Monthly Salary: Not Disclosed

Posted on: 4 days ago

Vacancies: 1 Vacancy

Job Summary

The Role

The Staff IAM Engineer Non-Human Identity is responsible for securing and managing all non-human identities including service accounts application identities machine credentials APIs bots and workloads across on-prem cloud and crypto infrastructure. This role ensures that automated and machine-based identities follow the same governance lifecycle and least-privilege principles as human users. You will design systems that enable secure authentication secrets management and access provisioning for automated services APIs and DevOps pipelines. This role directly protects sensitive financial data crypto custody environments and transaction systems from privilege misuse credential leakage and insider or supply chain threats.

What Youll Do

Identity Architecture & Engineering

Design implement and maintain a Non-Human Identity (NHI) framework governing all service accounts API tokens certificates and machine credentials.
Implement centralized secrets management using tools such as HashiCorp Vault or AWS Secrets Manager
Build integrations with CI/CD pipelines and cloud services (AWS GCP Azure) to enforce automated credential rotation and JIT provisioning.
Define and implement tagging ownership and classification models for non-human identities.
Develop scalable onboarding processes for applications workloads and bots that require secure authentication.

Lifecycle Management & Governance

Develop automated workflows for creation rotation deactivation and certification of service accounts and API keys.
Partner with developers and DevOps to transition hard-coded credentials to secure vaults.
Establish policies for key rotation frequency credential expiration and certificate renewal.
Integrate NHI lifecycle into IAM governance tools (Okta).
Support quarterly access reviews and certification campaigns for non-human identities.

Automation & Integration

Build automation using APIs Python PowerShell or Terraform to manage credentials and monitor access.
Integrate non-human identity telemetry into SIEM/SOAR platforms for anomaly detection.
Implement visibility dashboards to track total NHI inventory owners last use and compliance status.
Deploy Just-in-Time (JIT) credential provisioning for ephemeral workloads and containers (Kubernetes Lambda ECS etc.).

Security & Risk Management

Enforce least privilege and zero-trust principles for machine access.
Monitor for unused or excessive service accounts and remediate over-permissioned credentials.
Support incident response teams with forensics on compromised API keys or tokens.
Define detection logic for credential misuse or non-standard access patterns.
Partner with Application Security to integrate secure NHI handling into SDLC.

Compliance & Audit

Maintain audit trails for credential issuance usage and rotation events.
Produce compliance reports for SOX SOC 2 PCI DSS FFIEC and crypto-custody audits.
Collaborate with internal audit and compliance teams to validate NHI control effectiveness.
Document architecture data flows SOPs and exception processes for NHI management.

Innovation & Continuous Improvement

Evaluate emerging NHI management solutions (e.g. SPIFFE/SPIRE workload identity federation cloud-native secrets stores).
Lead proof-of-concepts to modernize credentialless or short-lived identity methods.
Advocate for security automation and the reduction of static credentials across the enterprise.

What Youll Need

Education & Experience

Bachelors degree in Computer Science Cybersecurity or related discipline.
36 years of experience in IAM DevSecOps or Security Engineering roles.
Hands-on experience with non-human identity or secrets management tools
Familiarity with cloud IAM concepts (AWS IAM Roles Azure Managed Identities GCP Service Accounts).
Experience integrating IAM or secrets systems with CI/CD pipelines and DevOps tools.

Technical Skills

Proficiency in automation and scripting (Python PowerShell or Bash).
Strong understanding of authentication standards (OIDC OAuth 2.0 SAML JWT).
Knowledge of API security key rotation policies and service-to-service authentication.
Familiarity with container and workload identities (Kubernetes ECS Lambda).
Understanding of Zero Trust machine identity and certificate lifecycle management.

Preferred Certifications

HashiCorp Certified Vault Associate
AWS Certified Security Specialty
Okta Certified Professional or Administrator
(ISC)² Certified Identity and Access Manager (CIAM) or CISSP

Required Experience:

Staff IC

The RoleThe Staff IAM Engineer Non-Human Identity is responsible for securing and managing all non-human identities including service accounts application identities machine credentials APIs bots and workloads across on-prem cloud and crypto infrastructure. This role ensures that automated and machi...

The Role

What Youll Do

Identity Architecture & Engineering

Design implement and maintain a Non-Human Identity (NHI) framework governing all service accounts API tokens certificates and machine credentials.
Implement centralized secrets management using tools such as HashiCorp Vault or AWS Secrets Manager
Build integrations with CI/CD pipelines and cloud services (AWS GCP Azure) to enforce automated credential rotation and JIT provisioning.
Define and implement tagging ownership and classification models for non-human identities.
Develop scalable onboarding processes for applications workloads and bots that require secure authentication.

Lifecycle Management & Governance

Develop automated workflows for creation rotation deactivation and certification of service accounts and API keys.
Partner with developers and DevOps to transition hard-coded credentials to secure vaults.
Establish policies for key rotation frequency credential expiration and certificate renewal.
Integrate NHI lifecycle into IAM governance tools (Okta).
Support quarterly access reviews and certification campaigns for non-human identities.

Automation & Integration

Build automation using APIs Python PowerShell or Terraform to manage credentials and monitor access.
Integrate non-human identity telemetry into SIEM/SOAR platforms for anomaly detection.
Implement visibility dashboards to track total NHI inventory owners last use and compliance status.
Deploy Just-in-Time (JIT) credential provisioning for ephemeral workloads and containers (Kubernetes Lambda ECS etc.).

Security & Risk Management

Enforce least privilege and zero-trust principles for machine access.
Monitor for unused or excessive service accounts and remediate over-permissioned credentials.
Support incident response teams with forensics on compromised API keys or tokens.
Define detection logic for credential misuse or non-standard access patterns.
Partner with Application Security to integrate secure NHI handling into SDLC.

Compliance & Audit

Maintain audit trails for credential issuance usage and rotation events.
Produce compliance reports for SOX SOC 2 PCI DSS FFIEC and crypto-custody audits.
Collaborate with internal audit and compliance teams to validate NHI control effectiveness.
Document architecture data flows SOPs and exception processes for NHI management.

Innovation & Continuous Improvement

Evaluate emerging NHI management solutions (e.g. SPIFFE/SPIRE workload identity federation cloud-native secrets stores).
Lead proof-of-concepts to modernize credentialless or short-lived identity methods.
Advocate for security automation and the reduction of static credentials across the enterprise.

What Youll Need

Education & Experience

Bachelors degree in Computer Science Cybersecurity or related discipline.
36 years of experience in IAM DevSecOps or Security Engineering roles.
Hands-on experience with non-human identity or secrets management tools
Familiarity with cloud IAM concepts (AWS IAM Roles Azure Managed Identities GCP Service Accounts).
Experience integrating IAM or secrets systems with CI/CD pipelines and DevOps tools.

Technical Skills

Proficiency in automation and scripting (Python PowerShell or Bash).
Strong understanding of authentication standards (OIDC OAuth 2.0 SAML JWT).
Knowledge of API security key rotation policies and service-to-service authentication.
Familiarity with container and workload identities (Kubernetes ECS Lambda).
Understanding of Zero Trust machine identity and certificate lifecycle management.

Preferred Certifications

HashiCorp Certified Vault Associate
AWS Certified Security Specialty
Okta Certified Professional or Administrator
(ISC)² Certified Identity and Access Manager (CIAM) or CISSP

Required Experience:

Staff IC

Key Skills

Computer Science
Docker
Kubernetes
Python
VMware
C/C++
Go
System Architecture
gRPC
OS Kernels
Perl
Distributed Systems

Apply Now

About Company

SoFi

Why do 10M+ members trust SoFi? Financial solutions for school, marriage, starting a family, home buying, retirement, or whatever’s next. Member FDIC.

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click

AI Resume Builder

Create an ATS-ready CV in minutes

AI Cover Letter

Write a personalized letter instantly

Staff IAM Engineer, Non-Human Identity

San Francisco, CA - USA

Job Summary

The Role

Lifecycle Management & Governance

Automation & Integration

Security & Risk Management

Compliance & Audit

Innovation & Continuous Improvement

Technical Skills

Preferred Certifications

The Role

Lifecycle Management & Governance

Automation & Integration

Security & Risk Management

Compliance & Audit

Innovation & Continuous Improvement

Technical Skills

Preferred Certifications

Key Skills

About Company

Related Jobs