Senior IAM Engineer (Permanent – Onsite – New York, NY)

Senior IAM Engineer (Permanent – Onsite – New York, NY)

A top-tier hedge fund is seeking a highly skilled Senior IAM Engineer to strategically shape the future of its identity and access management infrastructure. This permanent position, based onsite in New York, NY, offers a high-impact engineering role at the crucial intersection of security, scale, and performance. It’s ideal for a professional who thrives in technically rigorous and demanding environments.

The Opportunity: Building the Identity Backbone of a World-Class Firm

You’ll become an integral part of a small, exceptionally skilled team responsible for building and securing the identity backbone of the firm. Your work will directly underpin the firm’s critical trading, research, and engineering operations, spanning everything from foundational directory services to cutting-edge cloud-native authentication platforms. This role offers a unique chance to influence the architecture of a world-class technology organization, working on systems that demand unparalleled reliability, speed, and security at scale, alongside engineers who value precision and measurable impact.

What You’ll Do: Driving Next-Generation Identity Platforms

As a Senior IAM Engineer, your responsibilities will blend strategic design, hands-on implementation, and leadership in highly secure, high-performance environments. You’ll be instrumental in evolving the firm’s identity and access capabilities across both on-premises and cloud infrastructures.

• Design and Implement Next-Generation Identity Platforms: You will take a leading role in the design and implementation of next-generation identity platforms. This involves architecting scalable, secure, and resilient solutions that leverage cutting-edge technologies to modernize the firm’s identity infrastructure, ensuring it meets future demands for security, performance, and user experience.
• Build and Maintain Resilient Authentication and Authorization Services: You will be responsible for meticulously building and maintaining resilient authentication and authorization services across both on-premises and cloud environments. This includes designing fault-tolerant systems, implementing robust security controls, and ensuring continuous availability for critical access pathways, directly supporting the firm’s trading, research, and engineering operations.
• Lead Firm-Wide Initiatives to Improve Security Posture: You will spearhead and lead firm-wide initiatives aimed at continuously improving the overall security posture of the organization. This involves identifying systemic vulnerabilities, proposing strategic enhancements, and driving the implementation of solutions that bolster the firm’s defenses against sophisticated cyber threats. Your leadership will directly influence the security roadmap.
• Develop Automation Pipelines Using Advanced Tools: You will be instrumental in driving operational efficiency and consistency by developing robust automation pipelines. This includes leveraging cutting-edge Infrastructure as Code (IaC) tools such as Terraform for provisioning cloud resources, Pulumi for multi-language infrastructure management, and Crossplane for extending Kubernetes to manage external resources. Your automation efforts will streamline deployments, reduce manual effort, and ensure configuration consistency.
• Extend and Integrate Key IAM Solutions: You will extend and integrate industry-leading IAM solutions into the firm’s existing ecosystem. This includes working with platforms like Azure AD (Active Directory) for cloud-based identity, Okta for identity and access management, and PingFederate (PingFed) for enterprise federation. Your expertise will ensure seamless authentication and authorization across diverse applications and services.
• Contribute to Internal Libraries and Governance Platforms: You will actively contribute to internal libraries and governance platforms developed within the firm. This involves writing high-quality code in Java, Python, or Go, creating reusable components, and enhancing platforms that enforce security policies, manage identity lifecycles, and ensure compliance. Your contributions will directly strengthen the firm’s internal security engineering capabilities.

What We’re Looking For: Your Expertise in Identity & Security Engineering

To excel as a Senior IAM Engineer at this top-tier hedge fund, you’ll need extensive experience in software or security engineering, deep expertise in IAM concepts, strong programming skills, and a proven track record of solving complex challenges.

• Extensive Software or Security Engineering Experience: You must possess 8+ years of verifiable experience in software or security engineering. This extensive background demonstrates a seasoned professional capable of tackling complex technical challenges and delivering robust, secure solutions in high-stakes environments.
• Deep Expertise in IAM Concepts: You are required to have deep expertise in core IAM concepts, including:
  • Authentication: Understanding various methods of verifying user identity (e.g., MFA, SSO, passwordless).
  • Federation: Knowledge of how identities are shared and managed across different security domains (e.g., SAML, OAuth, OpenID Connect).
  • Zero Trust: A strong grasp of Zero Trust principles, where no user or device is inherently trusted, and all access is verified.
  • PKI (Public Key Infrastructure): Understanding of digital certificates, certificate authorities, and their role in secure communication and identity.
• Experience with Foundational Identity Services: You must have hands-on experience with foundational identity services that underpin enterprise access management. This includes deep familiarity with Active Directory (for centralized user management), LDAP (Lightweight Directory Access Protocol) for directory services, and PKI (Public Key Infrastructure) components for secure digital identities and communication.
• Strong Programming Skills in Multiple Languages/Tools: You possess strong programming skills in a combination of relevant languages and tools. This includes Java, Go, Python (for application and automation development), Terraform HCL (HashiCorp Configuration Language) for Infrastructure as Code, and Rego (for policy-as-code languages like OPA). This polyglot capability ensures versatility in developing and securing diverse systems.
• Track Record of Solving Complex Challenges: You must have a proven track record of solving complex technical and organizational challenges. This indicates your ability to dissect intricate problems, devise innovative solutions, navigate cross-functional dynamics, and deliver impactful results in demanding environments.

Why This Role? Influence and Impact at Scale

This is more than a security role—it’s an exceptional chance to influence the architecture of a world-class technology organization. You’ll be working on systems that demand unparalleled reliability, blazing speed, and ironclad security at immense scale. You’ll collaborate alongside engineers who prioritize precision and measurable impact, fostering an environment where your contributions are highly valued and directly shape the firm’s technological future.