[Remote] Senior Key Management (IAM Engineer)
Note: The job is a remote job and is open to candidates in USA. Blankfactor is dedicated to engineering impact by building high-quality tech solutions for fast-moving industries. They are seeking a Senior Key Management / IAM Engineer to lead the enterprise rollout of Akeyless as a core secrets, key, and identity-enablement platform, focusing on secure, scalable adoption across the organization. Responsibilities β’ Design and implement an enterprise Akeyless architecture, including tenancy strategy, auth methods, access boundaries, and operational model β’ Stand up and harden the platform for enterprise use: environments, networking, availability, audit logging, backup/DR considerations, and upgrades β’ Define standards for secret lifecycle management (creation, rotation, expiration, revocation, and deletion) aligned with security policies and compliance needs β’ Build and maintain self-service workflows to onboard teams and applications to Akeyless with minimal friction β’ Implement and govern enterprise key management practices: β’ Encryption key generation, rotation, and separation of duties β’ Key hierarchy and envelope encryption patterns β’ Governance, auditing, and access controls for keys and secret material β’ Design integrations with HSMs / KMS systems and associated crypto boundary controls (including policy and operational procedures) β’ Establish and enforce application secrets management patterns (runtime injection, sidecar/agent patterns where applicable, CI/CD integration, and secret zero/least exposure) β’ Implement SSO and federated identity integration for Akeyless and related tooling (SAML/OIDC), aligning with enterprise IdP standards β’ Design and implement IAM patterns such as: β’ Workload identity and short-lived credentials β’ Role-based access control and least privilege enforcement β’ Fine-grained authorization and policy design for platform consumers β’ Partner with identity governance stakeholders to ensure alignment with access review and audit requirements β’ Design and operate enterprise PKI / certificate management workflows: β’ Certificate issuance/renewal automation β’ Integration with internal/external CAs as required β’ Standards for mTLS, service identity, and certificate lifecycle governance β’ Build tooling and automation to make certificate workflows consumable across teams and platforms β’ Build infrastructure and integrations enabling broad adoption (examples): β’ Azure integrations (identity, networking, managed services) β’ CI/CD integrations for secrets and cert issuance (GitHub Actions, ADO, etc., if applicable) β’ Kubernetes patterns for secret injection and rotation (where relevant) β’ Observability integrations (metrics, logs, alerts) and operational dashboards β’ Create documentation, onboarding guides, and reference implementations (βgolden pathsβ) for engineering teams β’ Serve as escalation point for complex incidents involving identity, cryptography, and secret distribution Skills β’ Senior-level experience in enterprise secrets management and IAM (design + operational ownership) β’ Strong expertise in: Enterprise key management practices (rotation, separation of duties, auditability, crypto governance) β’ Application secrets management (runtime consumption patterns, rotation automation, CI/CD integration) β’ SSO / federated identity (SAML, OIDC), RBAC, least privilege, and secure access patterns β’ Vaults / HSMs and secure key storage concepts (HSM-backed keys, access controls, auditing) β’ PKI fundamentals and enterprise certificate lifecycle automation β’ Hands-on experience with Akeyless (required) and delivering it as a platform service β’ Hands-on experience with Azure (required), including identity and security constructs β’ Strong engineering discipline: automation-first mindset, high-quality documentation, and operational readiness β’ Experience integrating secrets and PKI workflows with Kubernetes (secret injection, rotation strategies, workload identity patterns) β’ Experience with regulatory/compliance-driven environments (SOC2, ISO 27001, PCI, HIPAA, etc.) and audit-ready controls β’ Familiarity with threat modeling, cryptographic boundary design, and secure-by-default platform guardrails β’ Experience building self-service internal platforms (platform engineering practices, developer enablement) β’ Strong scripting/programming ability (e.g., Python, Go, or similar) for automation and tooling Company Overview β’ Blankfactor is a team of engineers, project managers, issue solvers & tech consultants committed to developing & innovating tech solutions. It was founded in 2019, and is headquartered in San Francisco, California, USA, with a workforce of 501-1000 employees. Its website is Company H1B Sponsorship β’ Blankfactor has a track record of offering H1B sponsorships, with 3 in 2025, 1 in 2024. Please note that this does not guarantee sponsorship for this specific role. Apply tot his job
Apply tot his job
Apply To this Job
Apply tot his job
Apply To this Job