Security Engineer - Non-Human Identity
Role details
Job location
Tech stack
Job description
We are seeking a highly technical, hands-on Senior Non-Human Identity Engineer to lead the engineering, automation, onboarding, remediation, and operational management of non-human identities across the enterprise. This role is focused on the implementation and day-to-day engineering of machine identities, service accounts, workload identities, API credentials, certificates, secrets, and privileged application accounts supporting cloud, on-premises, and hybrid environments. This is not an architecture-only or governance-only position. The successful candidate will be expected to personally build solutions, write automation, troubleshoot authentication issues, onboard applications, integrate platforms, and drive remediation efforts. The engineer will work closely with application teams, DevOps, cloud engineering, cybersecurity, and infrastructure teams to ensure non-human identities are properly secured, monitored, and managed throughout their lifecycle. The ideal candidate combines deep IAM expertise with strong scripting, automation, cloud, and troubleshooting skills, and is comfortable operating in a fast-paced enterprise environment where hands-on execution is critical.
What You'll Do:
- Engineer, implement, and support enterprise non-human identity solutions across cloud, on-premises, and hybrid environments.
- Develop and maintain automated provisioning, credential rotation, secret management, certificate lifecycle management, and deprovisioning processes.
- Perform onboarding and migration of service accounts, managed identities, workload identities, application accounts, and machine credentials into enterprise identity management platforms.
- Configure, deploy, and support privileged access controls for non-human identities using PAM and secrets management technologies.
- Work directly with development, application, and infrastructure teams to eliminate hardcoded credentials and replace legacy authentication methods with modern identity solutions.
- Design, build, and maintain automation using PowerShell, Python, REST APIs, Terraform, and other scripting or orchestration technologies.
- Integrate identity controls into CI/CD pipelines and DevSecOps workflows.
- Troubleshoot and resolve authentication, authorization, federation, certificate, token, and credential-related issues across enterprise applications.
- Support large-scale remediation initiatives involving dormant service accounts, excessive permissions, unmanaged secrets, and identity-related security vulnerabilities.
- Configure and administer identity platforms, including directory services, cloud identity providers, PAM solutions, certificate authorities, and secrets vaults.
- Monitor non-human identity activity and investigate suspicious authentication events, credential misuse, or policy violations.
- Conduct access reviews and entitlement analysis to ensure least-privilege principles are maintained.
- Create operational runbooks, implementation guides, engineering standards, and technical documentation.
- Partner with Security Operations and Incident Response teams during investigations involving machine identities and application credentials.
- Participate in after-hours support activities, major incident response, and maintenance activities when required.
Requirements
- Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Engineering, or equivalent experience.
- 7+ years of hands-on experience in Identity and Access Management, Cybersecurity Engineering, Infrastructure Engineering, or Cloud Security.
- 5+ years of direct experience managing non-human identities, service accounts, application identities, workload identities, or machine authentication technologies.
- Strong hands-on experience administering Microsoft Entra ID, Active Directory, or similar identity platforms.
- Experience implementing and supporting secrets management, credential vaulting, and privileged access solutions.
- Strong scripting and automation skills using PowerShell, Python, Bash, or similar technologies.
- Experience working with OAuth 2.0, OpenID Connect, SAML, Kerberos, LDAP, certificates, and PKI technologies.
- Experience supporting Azure, AWS, Google Cloud, or multi-cloud environments.
- Ability to analyze logs, troubleshoot authentication failures, and resolve complex identity-related issues.
- Experience working within enterprise change management, incident management, and operational support processes.
- Strong verbal and written communication skills with the ability to collaborate across technical teams.
What Could Set You Apart:
- Hands-on experience with CyberArk, HashiCorp Vault, Delinea, BeyondTrust, SailPoint, Microsoft Entra Workload Identities, or similar platforms.
- Experience managing certificate lifecycles and public/private key infrastructure.
- Experience securing Kubernetes, containers, microservices, and cloud-native applications.
- Familiarity with Infrastructure as Code technologies such as Terraform, Bicep, ARM, or CloudFormation.
- Experience with SIEM platforms and identity security monitoring.
- CISSP, CISM, Security+, Microsoft Identity and Access Administrator, CyberArk Defender/Sentry, or related certifications.
Benefits & conditions
At Edward Jones, we are building a place where everyone feels like they belong. We're proud of our associates' contributions to the firm and the recognitions we have received.
Check out our U.S. awards and accolades: Insights & Information Blog Postings about Edward Jones
Check out our Canadian awards and accolades: Insights & Information Blog Postings about Edward Jones