Note: This position is open exclusively to candidates currently enrolled in the Hiring Our Heroes Fellows Program. Applications from individuals not participating in the program will not be considered.
Role Overview
Capital Group is expanding Identity and Access Management coverage by modernizing Privileged Access Management (PAM) to secure critical systems and data and developing and implementing a strategy for securing non-human identities (NHIs). As a key member of the IAM Engineering team, the IAM Engineer Associate IV role is critical in protecting both human and non-human identities at scale against related new and existing security risks. The dual focused role will engineer solutions to ensure Capitals IT solutions are protected from risks associated with privileged access as well as agentic AI. Success requires expertise in security, cloud identity, and emerging technologies, plus a passion for collaboration and innovation.
Key Responsibilities
- Strategic Standards & Controls
- Research, develop, and implement standards for securing non-human identities (NHIs) using modern privileged access concepts.
- Collaborate with Technology Risk to drive security policies, standards, and robust capabilities.
- Subject Matter Expertise
- Serve as an expert in AI identity security, privileged access management, assigned product portfolios, engineering guardrails, and preventative/detective controls.
- Support IAM encryption, data privacy strategies, and secure integrations with external vendors and cloud providers.
- Stakeholder Engagement
- Lead cross-team stakeholder management through status updates, demos, training sessions, and requirements clarification
- Coach and mentor junior engineers, fostering growth and knowledge sharing within the team
- Cloud IAM & Controls Enforcement
- Support enforcement of controls with Cloud IAM services (AWS IAM, Azure Entra ID)
- Provide technical leadership to L2 support teams, including on-call rotation and occasional weekend work for deployments
- Operations & Incident Response
- Integrate with enterprise security tools and platforms; identify automation and use of AI opportunities to improve security process accuracy and efficiency
- Respond to security incidents, perform root cause analysis, and provide on-call support for IAM platforms
Qualifications
- Experience
- Minimum 7+ years as an IAM Engineer, with hands-on experience in privileged access technologies.
- Recent experience working with agentic AI and securing OWASP Top 10 non-human identity (NHI) risks.
- AI & Identity Security
- Understanding of agentic AI systems, including binding AI agents to enterprise identities and enforcing least privilege.
- Familiarity with policy-based guardrails, Model Context Protocol (MCP), mutual TLS, OAuth2 token exchanges, and AI security tools.
- Infrastructure & Automation
- Experience with API gateways and service meshes (Kong, Istio, Apigee).
- Skilled in machine identity management (certificates, workload IDs, SPIFFE/SPIRE).
- Proficient in IAM automation and administration using Terraform, Ansible, Cloud-init, Pulumi, Python, and Unix/Windows systems.
- Authentication & Authorization
- Strong proficiency in authentication technologies: SSO, federation protocols (SAML, OIDC, OAuth2), API authentication, SCIM, RBAC, ABAC, JIT provisioning, and zero-trust principles.
- Privileged Access Management
- Expertise in credential vaulting, session management, and PAM/PAW models.
- Directory Services & Cloud IAM
- Skilled in directory services and multi-cloud identity governance (Azure AD, AWS AD, EntraID, Okta).
- Experience with cloud IAM across AWS, Azure, and GCP.
- Security Awareness
- Awareness of open standards, threat modeling, insider threats, and continuous authentication.
- Professional Skills
- Strong organization, project delivery, communication, collaboration, and leadership abilities.
