Security Engineer - Non-Human Identity

Edward D. Jones & Co., L.P.
St. Louis, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

St. Louis, United States of America

Tech stack

Microsoft Active Directory
API
Amazon Web Services (AWS)
Azure
Bash
Cloud Computing
Cloud Computing Security
Cloud Engineering
CompTIA Security+
Computer Security
DevOps
Identity and Access Management
Python
Kerberos (Protocol)
Key Management
Lightweight Directory Access Protocols (LDAP)
Microsoft Software
OAuth
Public Key Infrastructure
Powershell
Openid Connect
Azure
Security Assertion Markup Language (SAML)
Security Information and Event Management
Scripting (Bash/Python/Go/Ruby)
Google Cloud Platform
Enterprise Software Applications
Cyberark
Spring Cloud
Multi-Cloud
Cloudformation
Kubernetes
Sentry
Bicep
Hashicorp
SailPoint
REST
Terraform
Devsecops
Microservices

Job description

We are seeking a highly technical, hands-on Senior Non-Human Identity Engineer to lead the engineering, automation, onboarding, remediation, and operational management of non-human identities across the enterprise. This role is focused on the implementation and day-to-day engineering of machine identities, service accounts, workload identities, API credentials, certificates, secrets, and privileged application accounts supporting cloud, on-premises, and hybrid environments. This is not an architecture-only or governance-only position. The successful candidate will be expected to personally build solutions, write automation, troubleshoot authentication issues, onboard applications, integrate platforms, and drive remediation efforts. The engineer will work closely with application teams, DevOps, cloud engineering, cybersecurity, and infrastructure teams to ensure non-human identities are properly secured, monitored, and managed throughout their lifecycle. The ideal candidate combines deep IAM expertise with strong scripting, automation, cloud, and troubleshooting skills, and is comfortable operating in a fast-paced enterprise environment where hands-on execution is critical.

What You'll Do:

  • Engineer, implement, and support enterprise non-human identity solutions across cloud, on-premises, and hybrid environments.
  • Develop and maintain automated provisioning, credential rotation, secret management, certificate lifecycle management, and deprovisioning processes.
  • Perform onboarding and migration of service accounts, managed identities, workload identities, application accounts, and machine credentials into enterprise identity management platforms.
  • Configure, deploy, and support privileged access controls for non-human identities using PAM and secrets management technologies.
  • Work directly with development, application, and infrastructure teams to eliminate hardcoded credentials and replace legacy authentication methods with modern identity solutions.
  • Design, build, and maintain automation using PowerShell, Python, REST APIs, Terraform, and other scripting or orchestration technologies.
  • Integrate identity controls into CI/CD pipelines and DevSecOps workflows.
  • Troubleshoot and resolve authentication, authorization, federation, certificate, token, and credential-related issues across enterprise applications.
  • Support large-scale remediation initiatives involving dormant service accounts, excessive permissions, unmanaged secrets, and identity-related security vulnerabilities.
  • Configure and administer identity platforms, including directory services, cloud identity providers, PAM solutions, certificate authorities, and secrets vaults.
  • Monitor non-human identity activity and investigate suspicious authentication events, credential misuse, or policy violations.
  • Conduct access reviews and entitlement analysis to ensure least-privilege principles are maintained.
  • Create operational runbooks, implementation guides, engineering standards, and technical documentation.
  • Partner with Security Operations and Incident Response teams during investigations involving machine identities and application credentials.
  • Participate in after-hours support activities, major incident response, and maintenance activities when required.

Requirements

  • Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Engineering, or equivalent experience.
  • 7+ years of hands-on experience in Identity and Access Management, Cybersecurity Engineering, Infrastructure Engineering, or Cloud Security.
  • 5+ years of direct experience managing non-human identities, service accounts, application identities, workload identities, or machine authentication technologies.
  • Strong hands-on experience administering Microsoft Entra ID, Active Directory, or similar identity platforms.
  • Experience implementing and supporting secrets management, credential vaulting, and privileged access solutions.
  • Strong scripting and automation skills using PowerShell, Python, Bash, or similar technologies.
  • Experience working with OAuth 2.0, OpenID Connect, SAML, Kerberos, LDAP, certificates, and PKI technologies.
  • Experience supporting Azure, AWS, Google Cloud, or multi-cloud environments.
  • Ability to analyze logs, troubleshoot authentication failures, and resolve complex identity-related issues.
  • Experience working within enterprise change management, incident management, and operational support processes.
  • Strong verbal and written communication skills with the ability to collaborate across technical teams.

What Could Set You Apart:

  • Hands-on experience with CyberArk, HashiCorp Vault, Delinea, BeyondTrust, SailPoint, Microsoft Entra Workload Identities, or similar platforms.
  • Experience managing certificate lifecycles and public/private key infrastructure.
  • Experience securing Kubernetes, containers, microservices, and cloud-native applications.
  • Familiarity with Infrastructure as Code technologies such as Terraform, Bicep, ARM, or CloudFormation.
  • Experience with SIEM platforms and identity security monitoring.
  • CISSP, CISM, Security+, Microsoft Identity and Access Administrator, CyberArk Defender/Sentry, or related certifications.

Benefits & conditions

At Edward Jones, we are building a place where everyone feels like they belong. We're proud of our associates' contributions to the firm and the recognitions we have received.

Check out our U.S. awards and accolades: Insights & Information Blog Postings about Edward Jones

Check out our Canadian awards and accolades: Insights & Information Blog Postings about Edward Jones

About the company

Join a financial services firm where your contributions are valued. Edward Jones is a Fortune 500¹ company where people come first. With over 9 million clients and 20,000 financial advisors across the U.S. and Canada, we're proud to be privately-owned, placing the focus on our clients rather than shareholder returns. Behind everything we do is our purpose: We partner for positive impact to improve the lives of our clients and colleagues, and together, better our communities and society. We are an innovative, flexible, and inclusive organization that attracts, develops, and inspires performance excellence and a sense of belonging. People are at the center of our partnership. Edward Jones associates are seen, heard, respected, and supported. This is what we believe makes us the best place to start or build your career. View our Purpose, Inclusion and Citizenship Report. ¹Fortune 500, published June 2024, data as of December 2023. Compensation provided for using, not obtaining, the rating.

Apply for this position