AI IAM Architect

LPL Financial
Fort Mill, United States of America
16 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
$ 256K

Job location

Remote
Fort Mill, United States of America

Tech stack

Computer-Aided Design
API
Artificial Intelligence
Amazon Web Services (AWS)
Computer Security
Continuous Integration
Data Security
Identity and Access Management
Intrusion Detection and Prevention
OAuth
OpenID
Ping (Networking Utility)
Azure
Zero Trust Network Access
Azure
JSON Web Token
Runbook
Security Assertion Markup Language (SAML)
Systems Integration
Cyberark
Customer Identity Access Management
AI Platforms
Api Gateway
SailPoint
Microservices

Job description

We are seeking an experienced Identity and Access Management (IAM) Architect with a strong AI and agent-integration focus to lead the design, proof-of-concept (POC), and hands-on implementation of identity patterns for AI workloads, conversational agents, and AI platform integrations across the enterprise. The ideal candidate combines deep IAM architecture expertise with practical engineering skills-building POCs, configuring OAuth/OIDC flows, and partnering directly with AI engineering teams to secure agent runtimes, tool access, and human-in-the-loop experiences.

This role owns IAM architecture for AI use cases, including delegated and service-to-service access, API gateway/BFF token flows, scoped credentials, and governance alignment. You will design and validate OAuth/OIDC patterns (Auth Code + PKCE, OBO, token exchange, client credentials) across identity providers (PingOne AIC, Entra ID), gateways, and agent platforms. The AI IAM Architect partners across AI/platform engineering, IAM, security, and enterprise architecture to define reusable, secure, and production-ready identity standards for agents., * Discover AI/agent identity requirements across users, services, runtimes, tools, and APIs.

  • Assess existing SSO, MFA, federation, and API authorization models; identify gaps in delegation, token lifecycle, scopes, secrets, and auditability.
  • Design enterprise IAM patterns (user context propagation, delegation chains, BFF sessions, least-privilege access) and OAuth/OIDC client models.
  • Define standards for securing agent tools, data access, and cross-domain integrations; align to zero trust and regulatory controls.
  • Produce architecture artifacts (CAD/HLD/PSS) and reference implementations.
  • Lead and build IAM POCs (end-to-end flows, token exchange, gateway enforcement, delegated agent access).
  • Configure/test identity flows; troubleshoot tokens, scopes, and integrations.
  • Implement or guide IAM integrations across gateways, BFFs, agent orchestration, and observability.
  • Transition validated patterns to IAM engineering for production rollout.
  • Define agent identity lifecycle (registration, credential rotation, revocation, environment separation).
  • Integrate IAM across AI platform components; support CI/CD and IaC for IAM configurations.
  • Establish patterns for human-in-the-loop controls, break-glass access, and rate limiting.
  • Maintain documentation, decision records, diagrams, and runbooks.
  • Deliver POC summaries, evaluations, and implementation guidance; communicate risks and dependencies.
  • Ensure regulatory compliance; partner on threat modeling and controls (secrets, PAM, audit evidence).
  • Serve as IAM SME for AI initiatives; mentor engineers.
  • Deliver production-ready IAM patterns and reduce identity risk across AI workloads.

Requirements

  • 10+ years in IAM, security architecture, or platform engineering with significant IAM scope.
  • 2+ years building IAM POCs and troubleshooting OAuth 2.0 / OIDC flows (Auth Code + PKCE, refresh tokens, client credentials, token exchange, OBO).
  • 2+ years with PingOne AIC and/or Microsoft Entra ID.

Core Competencies:

  • Hands-on experience designing identity for APIs, microservices, and BFF architectures.
  • Experience integrating IAM with API gateways, AI/ML platforms, and modern application stacks.
  • Strong knowledge of SAML, OAuth, OIDC, JWT, scopes, and authorization patterns.
  • Familiarity with agent/tool identity models and secure integration patterns.
  • Ability to translate AI requirements into secure identity designs; strong communication skills.

Preferences:

  • Experience delivering AI/ML agents or copilots to production.
  • Experience with SailPoint, CyberArk/Delinea, or Auth0/CIAM.
  • Knowledge of AI-aware API gateways (e.g., Kong).
  • Experience with IAM modernization or M&A programs.
  • Relevant certifications (CISSP, CCSP, Entra, Ping, SailPoint, AWS).
  • Familiarity with zero trust and identity threat detection.

Benefits & conditions

Actual base salary varies based on factors, including but not limited to, relevant skill, prior experience, education, base salary of internal peers, demonstrated performance, and geographic location. Additionally, LPL Total Rewards package is highly competitive, designed to support your success at work, at home, and at play - such as 401K matching, health benefits, employee stock options, paid time off, volunteer time off, and more. Your recruiter will be happy to discuss all that LPL has to offer!

About the company

LPL Financial Holdings Inc. (Nasdaq: LPLA) is among the fastest growing wealth management firms in the U.S. As a leader in the financial advisor-mediated marketplace(6) , LPL supports over 32,000 financial advisors and the wealth management practices of approximately 1,100 financial institutions, servicing and custodying approximately $2.3 trillion in brokerage and advisory assets on behalf of approximately 8 million Americans. The firm provides a wide range of advisor affiliation models, investment solutions, fintech tools and practice management services, ensuring that advisors and institutions have the flexibility to choose the business model, services, and technology resources they need to run thriving businesses. For further information about LPL, please visit www.lpl.com. At LPL, independence means that advisors and institution leaders have the freedom they deserve to choose the business model, services, and technology resources that allow them to run a thriving business. They have the flexibility to do business their way. And they have the freedom to manage their client relationships, because they know their clients best. Simply put, we take care of our advisors and institutions, so they can take care of their clients.

Apply for this position