[Remote] Principal Security Engineer - Temporary

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. Achieve is a leading digital personal finance company that provides innovative financial solutions. They are seeking a Principal Security Engineer to architect the next generation of Identity, transitioning the enterprise to a Risk-Based Authorization model and designing comprehensive Identity solutions to secure their critical assets.ResponsibilitiesContinuous Adaptive Trust: Transition the enterprise from static, role-based access to a Risk-Based Authorization model that evaluates signals (device posture, behavior, location) in real-timeEnhance the enterprise Identity strategy, roadmap, and architecture in alignment with business goals and security policiesDesign and architect comprehensive Identity solutions, including identity lifecycle management, non-human lifecycle management, authentication (MFA, SSO, passwordless), authorization, access governance, and Privileged Access Management (PAM)Evaluate and select appropriate Identity technologies and platformsCreate and maintain detailed architectural documentation for Identity solutionsLead the strategy and architecture for comprehensive Identity and Access Management (IAM) solutions, explicitly managing User Identities, Workload & Machine Identities (including Service Mesh, Kubernetes, Lambda, and APIs), and other non-human identities across on-premises and cloud environments to govern access rights and privilegesLead the implementation and integration of Identity solutions across various on-premises and cloud environments (e.g., Azure AD, AWS, GCP, Okta, Entra)Integrate Identity systems with enterprise applications, platforms, and services using standard protocols (SAML, OAuth, OpenID Connect, SCIM)Design and implement strategies to secure non-human machine identities, service accounts, APIs, and automation, utilizing Zero Standing Privilege principles and engineering "Just-in-Time" (JIT) access workflows to eliminate persistent administrative overhead, reduce the blast radius of potential compromises, and enforce strict, least-privilege, and Zero Trust security principlesDevelop and configure identity provisioning and de-provisioning workflowsPartner with the SOC to build ITDR capabilities that detect and automatically neutralize identity-based attacks, such as session hijacking, token theft, and MFA fatigueAct as a "Security Partner" for engineering teams to foster secure development practicesDrive successful adoption by collaborating with diverse stakeholders (business units, technology teams, application developers) and translating complex cryptographic and identity concepts into clear business value for product owners and executive leadershipProvide technical leadership and guidance, championing and delivering self-service Identity APIs and SDKs to enable developers to build secure products with minimal friction (Developer Experience - DevEx)Provide technical leadership, mentorship and guidance to Identity Engineers and other team membersSkillsBachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field8+ years in Cybersecurity/Engineering, with a proven track record of moving legacy organizations towards a Zero Trust architecture5+ years focused on identity and access managementProven experience in designing and implementing enterprise-scale Identity solutionsDrive security automation and 'Builder' Mentality by architecting and implementing automation-first solutions (e.g., scripts, APIs, Infrastructure as Code) to eliminate reliance on manual governance processes and ensure security policy is enforced at scale and embedded into developer workflowsHands-on experience with leading IAM platforms and technologies, such as: Identity Federation: Azure AD/Entra, Okta, Ping Identity, ADFS; IGA (Identity Governance and Administration): SailPoint, Saviynt, Oracle Identity Manager; PAM (Privileged Access Management): CyberArk, Delinea, BeyondTrust; Directory Services: Active Directory, Azure Active Directory, LDAPDeep knowledge of IAM principles, best practices, and security modelsProficiency in scripting languages (e.g., PowerShell, Python) for automation and integrationUnderstanding of network security, operating systems, and database conceptsFamiliarity with API security and microservices architectureDeep mastery of identity protocols and standards: IODC, OAuth 2.0, SAML, and SCIM, with a specific focus on mTLS and JWT securityExpert-level experience with cloud-native IAM (AWS IAM, Azure Entra ID, GCP Cloud IAM) and managing identity in distributed microservices architecturesStrong experience with Terraform and container orchestration (Kubernetes)Excellent analytical and problem-solving skillsStrong communication (written and verbal) and interpersonal skillsAbility to work independently and as part of a collaborative teamStrong project management and organizational skillsProven ability to strategically influence and expertly negotiate with stakeholders across all organizational levelsA Master's degree is a plusCISSP (Certified Information Systems Security Professional)CISM (Certified Information Security Manager)Relevant vendor certifications (e.g., Microsoft Certified: Identity and Access Administrator Associate/Expert, Okta Certified Professional/Administrator/Consultant)Benefits401 (k) with employer matchMedical, dental, and vision with HSA and FSA optionsCompetitive vacation and sick time off, as well as dedicated volunteer daysAccess to wellness support through Employee Assistance Program, physical and mental health wellness programsPet care discounts for your furry family membersFinancial support in times of hardship with our Achieve Care FundA safe place to connect and a commitment to diversity and inclusion through our six employee resource groupsCompany OverviewAchieve provides digital personal finance solutions to help clients improve their financial well-being. It was founded in 2002, and is headquartered in Tempe, Arizona, USA, with a workforce of 1001-5000 employees. Its website is https://www.achieve.com.Company H1B SponsorshipAchieve has a track record of offering H1B sponsorships, with 1 in 2026, 13 in 2025, 8 in 2024, 6 in 2023, 18 in 2022, 12 in 2021. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Require 24 SY - Instructional Assistant (Multiple Vacancies) in Peoria, AZ

Remote

Experienced Customer Service Representative – Delivering Exceptional Support for Innovative Technology Products and Services at blithequark (Work From Home)

Remote

Technical Services Consultant

Remote

**Experienced Full Stack Database Analyst – Data Insights and Analytics at arenaflex**

Remote

Structural Steel Detailer

Remote

**Financial Analyst - arenaflex Data Entry Nigeria**

Remote

Accounting Payable Clerk

Remote

Senior Safety and Risk Management Consultant _ Remote: CA

Remote

Experienced Remote Customer Service Representative – Delivering Exceptional Support and Solutions to Diverse Clients at blithequark

Remote

Supervisory Toxicologist or Supervisory Chemist (Forensic)

Remote
← Back