AI Identity & Endpoint Controls Lead

ModernaTX


Job Location:

Cambridge, MA - USA

Monthly Salary: $ 158600 - 285500
Posted on: 20 hours ago
Vacancies: 1 Vacancy

Job Summary

The Role:

We are seeking an Associate Director to lead the design selection and implementation of enterprise cybersecurity solutions spanning non-human identity (NHI) and credential management including agentic AI identities and endpoint software execution and configuration controls across Windows and macOS. This is a hands-on technical leadership role: the Associate Directorwillgrow and thenleada small team ofsenior security engineerscovering NHI governance endpoint execution control and AI agentic discovery andremainsdirectly engaged in architecture decisions vendor evaluations and complex technical problem-solving alongside the team.

A core focus is building the AI security control plane the identities enforcement points telemetry and governance that make agentic AI and automation safe to operate at enterprise scale. The role defines reference architectures selects and integrates security tooling establishes credential and execution control lifecycle processes and partners across Security IT and Engineering to deliver outcomes through direct reports contingent workers and professional services partners.

Heres What Youll Do

  • Own the technical strategy architecture and roadmap for NHI and credential security agentic AI identity governance and endpoint execution and configuration control across Windows and macOS.

  • Lead and develop a team of senior security engineersdirect contingent workers and professional services engagements to deliver program outcomes.

  • Evaluate select and deploy enterprise platforms for secrets management agentic identity governance and endpoint application allow-listing leading vendor selectionproof of value (POV) exercises and integration into the broader security stack.

  • Design and operationalize the full credential lifecycle for non-human identities vaulting brokered access short-lived credentials workload identity rotation attestation and decommissioning for services automation CI/CD and AI agents.

  • Build the AI security control plane: enforcement points approval and exception workflows audit telemetry and policy guardrails governing how agents and programmatic identities access tools data and endpoints.

  • Partner with AI platformowners andengineering teams to make secure credential use and policy-compliant tool access the default in developer workflows.

  • Lead endpoint execution control and configuration hardening allow-listing code-signing trust script and installer controls policy authoring staged rollouts exception handling and continuous compliance.

  • Build detection and reporting for credential misuse and execution-control bypass; partner with SecOps andCyberIncident Responseon playbooks and response.

  • Author standards reference architectures and technical documentation; serve as a principal-level reviewer and mentor across identity and endpoint security initiatives.

Heres What Youll Need (Minimum Qualifications)

  • 8 years of experience in security engineering identity engineering platform engineering or a closely related domain with demonstrated principal-level technical leadership.

  • Demonstrated ability to drive complex initiatives across multiple teams balancing risk reduction delivery timelines and stakeholder alignment.

  • Ability to navigate ambiguous and sometimes conflicting requirements and priorities cut through noise to make decisions and take action incorporate feedback constructively and maintain strong judgment when sustained direction is neededdelivering short-term progress while building toward long-term solutions.

  • Experience leading and scaling delivery through a mix of direct reports contingent workers and/or professional services partners.

  • Deep understanding of non-human identity patterns and programmatic credential use in modern systems (microservices CI/CD IaC automation and APIs).

  • Hands-on experience implementing credential security controls such as secrets management/vaulting PKI/cert lifecycle token issuance/exchange short-lived credentials and automated rotation.

  • Strong knowledge of authentication and authorization concepts (OAuth 2.0 OIDC SAML JWT mTLS key management least privilege scoped permissions).

  • Experience designing operational processes for credential inventory ownership attestation and lifecycle governance at scale.

  • Endpoint platform familiarity across Windows and macOS including OS security primitives software distribution and device management concepts.

  • Experience implementing endpoint execution controls and configuration baselines across Windows and macOS including policy rollout exception management and measurable enforcement outcomes.

  • Familiarity and hands-on experience with modern AI platforms and developer assistants (e.g. OpenAI Anthropic GitHub Copilot) including how they are integrated and governed in enterprise environments.

  • Strong cybersecurity fundamentals and experience designing preventive/detective controls and control-plane architectures (policy enforcement monitoring) that scale across platforms and teams.

  • Ability to translate risk into pragmatic designs and to influence across Security IT and Product/Engineering stakeholders.

  • Strong written communication and documentation skills; ability to define standards and drive adoption.

Heres What Youll Bring to the Table (Preferred Qualifications)

  • Experience with enterprise secrets/token platforms (e.g. HashiCorp VaultConjurAzure Key Vault AWS Secrets Manager GCP Secret Manager) and integrating them into developer platforms.

  • Experience with GxP regulated environments

  • Experience with workload identity and federation patterns (e.g. SPIFFE/SPIRE cloud workload identity Kubernetes service account federation).

  • Familiarity with endpoint management ecosystems (e.g. Microsoft Intune Jamf MDM configuration profiles Group Policy) and security telemetry pipelines.

  • Experience with Windows Defender Application Control (WDAC) and code-signing strategies; macOS notarization and signing enforcement at scale.

  • Background building security guardrails for AI/automation systems (e.g. agent tool permissioning policy-as-code approval workflows and audit logging for autonomous actions).

  • Experience with threat modeling red-team/blue-team collaboration and defining measurable security outcomes.


Pay & Benefits

At Moderna we believe that when you feel your best you can do your best work. Thats why our benefits and well-being resources are designed to support youat work at home and everywhere in between.

  • Competitive healthcare plus voluntary benefit programs to support your unique needs
  • A holistic approach to well-being with access to fitness mindfulness and mental health support
  • Family planning benefits including fertility adoption and surrogacy support
  • Generous paid time off including vacation volunteer days sabbatical global recharge days and a discretionary year-end shutdown
  • Savings and investments to help you plan for the future
  • Location-specific perks and extras

The salary range for this role is $158600.00 - $285500.00(for positions that may be performed in California the expected salary range is $0.00 - $0.00 which reflects the range permitted under California Labor Code requirements) . This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An individuals position within the salary range will be based on several factors including but not limited to specific competencies relevant education qualifications certifications experience skills performance and business or organizational needs. The successful candidate may be eligible for an annual discretionary bonus other incentive compensation or equity award subject to company plan eligibility criteria and individual performance.

About Moderna

Since our founding in 2010 we have aspired to build the leading mRNA technology platform the infrastructure to reimagine how medicines are created and delivered and a world-class team. We believe in giving our people a platform to change medicine and an opportunity to change the world.

By living our mission values and mindsets every day our people are the driving force behind our scientific progress and our culture. Together we are creating a culture of belonging and building an organization that cares deeply for our patients our employees the environment and our communities.

We are proud to have been recognized as a Science Magazine Top Biopharma Employer a Fast Company Best Workplace for Innovators and a Great Place to Work in the U.S.

If you want to make a difference and join a team that is changing the future of medicine we invite you to visit to learn more about our current opportunities.

Our Working Model

As we build our company we have always believed an in-person culture is critical to our success. Moderna champions the significant benefits of in-office collaboration by embracing a 70/30 work model. This 70% in-office structure helps to foster a culture rich in innovation teamwork and direct mentorship. Join us in shaping a world where every interaction is an opportunity to learn contribute and make a meaningful impact.

Moderna is a smoke-free alcohol-free and drug-free work environment.

Equal Opportunities

Moderna is committed to equal employment opportunity and non-discrimination for all employees and qualified applicants without regard to a persons race color sex gender identity or expression age religion national origin ancestry or citizenship ethnicity disability military or protected veteran status genetic information sexual orientation marital or familial status or any other personal characteristic protected under applicable is a place where everyone can grow. If you meet the Basic Qualifications for the role and you would be excited to contribute to our mission every day please apply!

Moderna is an E-Verify Employer in the United States. We consider qualified applicants regardless of criminal histories consistent with legal requirements.

Accommodations

Were focused on attracting retaining developing and advancing our employees. By cultivating a workplace that values diverse experiences backgrounds and ideas we create an environment where every employee can contribute their best.

Moderna is committed to offering reasonable accommodations to qualified job applicants with disabilities. Any applicant requiring an accommodation in connection with the hiring process and/or to perform the essential functions of the position for which the applicant has applied should contact the Accommodations team at .

Export Control Notice This position may involve access to technology or data that is subject to U.S. export control laws including the Export Administration Regulations (EAR). As such employment is contingent upon the applicants ability to access export-controlled information in accordance with U.S. law. Due to the nature of the work and regulatory requirements only individuals who qualify as U.S. persons (citizens permanent residents asylees or refugees) are eligible for this position. For this role Moderna is unable to sponsor non-U.S. persons to apply for an export control license. #LI-CK1

-

The Role:We are seeking an Associate Director to lead the design selection and implementation of enterprise cybersecurity solutions spanning non-human identity (NHI) and credential management including agentic AI identities and endpoint software execution and configuration controls across Windows ...

About Company

Company Logo

Learn how we’re changing the world of medicine. Discover career opportunities, our product pipeline, and browse media resources. Meet Moderna.

View Profile View Profile