IAM / CIAM Lead PAM (Infrastructure Security)

Role: IAM / CIAM Lead - PAM (Infrastructure Security)

Location: Irvine, CA (Onsite)

Experience Required: 8-10 Years

Job Summary

We are seeking a highly skilled IAM / CIAM Lead with strong Privileged Access Management (PAM) expertise to design and implement secure identity frameworks across enterprise environments. This role will focus on non-human identity security, AI-driven identity controls, and privileged access governance across multi-cloud platforms.

Key Responsibilities

IAM & PAM Leadership

• Lead the design and implementation of Privileged Access Management (PAM) solutions, including credential vaulting, session management, and privileged access workflows.

• Develop and enforce identity security standards, policies, and governance frameworks.

• Act as a Subject Matter Expert (SME) for IAM, CIAM, PAM, and AI-driven identity security.

Cloud & Identity Security

• Implement and manage multi-cloud IAM solutions across AWS, Azure, and Google Cloud Platform.

• Configure and maintain directory services such as Azure AD / Entra ID, AWS AD, and Okta.

• Enforce zero-trust security models, RBAC, ABAC, and Just-in-Time (JIT) provisioning.

Authentication & Federation

• Design and implement authentication mechanisms including:

  • SSO (Single Sign-On)

  • SAML, OIDC, OAuth2 protocols

  • API authentication and SCIM provisioning

AI & Non-Human Identity Security

• Secure non-human identities and AI agents using:

  • Least privilege enforcement

  • Policy-based guardrails

  • Mutual TLS and secure token exchange

• Work with emerging standards such as Model Context Protocol (MCP) for AI identity integration.

Infrastructure & Automation

• Automate IAM processes using tools such as:

  • Terraform, Ansible, Pulumi, Cloud-init, Python

• Integrate IAM with API gateways and service meshes (Kong, Istio, Apigee).

• Manage machine identities using certificates and frameworks like SPIFFE/SPIRE.

Security Operations & Governance

• Perform threat modeling and risk assessments, including insider threat scenarios.

• Support incident response, root cause analysis, and remediation for IAM-related security issues.

• Collaborate with Technology Risk and Security teams to implement compliance controls.

• Drive integration with enterprise security platforms and identify automation opportunities.

Stakeholder Management

• Lead cross-functional collaboration with engineering, security, and business teams.

• Deliver status updates, demos, training sessions, and technical guidance to stakeholders.

Required Skills

Top 3 Required Skills

• Strong expertise in IAM / CIAM and Privileged Access Management (PAM)

• Hands-on experience with authentication protocols (SAML, OAuth2, OIDC) and Zero Trust

• Experience with multi-cloud IAM (AWS, Azure, Google Cloud Platform) and automation tools

Technical Skills

• IAM & PAM Tools: CyberArk, StrongDM, Azure Key Vault, AWS Secrets Manager

• Cloud Platforms: AWS, Azure, Google Cloud Platform

• Identity & Access: SSO, SAML, OAuth2, OIDC, SCIM, RBAC, ABAC

• Automation: Terraform, Ansible, Pulumi, Python

• Infrastructure Security: API Gateways, Service Mesh (Kong, Istio, Apigee)

• Machine Identity: Certificates, SPIFFE/SPIRE

• Security Concepts: Zero Trust, Threat Modeling, OWASP Top 10 (IAM risks)

Preferred Qualifications

• Experience with AI security and agentic identity systems

• Knowledge of Model Context Protocol (MCP) and AI identity frameworks

• Experience in large enterprise or regulated environments

• Strong leadership and stakeholder management experience

Key Skills

• Identity & Access Management (IAM)

• Customer Identity & Access Management (CIAM)

• Privileged Access Management (PAM)

• Cloud Security

• Zero Trust Architecture

• API Security & Federation

• IAM Automation