More jobs:
AI IAM Architect
Job in
Fort Mill, York County, South Carolina, 29715, USA
Listed on 2026-06-27
Listing for:
LPL Financial LLC
Full Time
position Listed on 2026-06-27
Job specializations:
-
IT/Tech
Cybersecurity, AI Engineer (Applied/Software)
Job Description & How to Apply Below
Job Overview
We are seeking an experienced Identity and Access Management (IAM) Architect with a strong AI and agent-integration focus to lead the design, proof‑of‑concept (POC), and hands‑on implementation of identity patterns for AI workloads, conversational agents, and AI platform integrations across the enterprise.
Key Responsibilities- Discover AI/agent identity requirements across users, services, runtimes, tools, and APIs.
- Assess existing SSO, MFA, federation, and API authorization models; identify gaps in delegation, token lifecycle, scopes, secrets, and auditability.
- Design enterprise IAM patterns (user context propagation, delegation chains, BFF sessions, least‑privilege access) and OAuth/OIDC client models.
- Define standards for securing agent tools, data access, and cross‑domain integrations; align to zero trust and regulatory controls.
- Produce architecture artifacts (CAD/HLD/PSS) and reference implementations.
- Lead and build IAM POCs (end‑to‑end flows, token exchange, gateway enforcement, delegated agent access).
- Configure / test identity flows; troubleshoot tokens, scopes, and integrations.
- Implement or guide IAM integrations across gateways, BFFs, agent orchestration, and observability.
- Transition validated patterns to IAM engineering for production rollout.
- Define agent identity lifecycle (registration, credential rotation, revocation, environment separation).
- Integrate IAM across AI platform components; support CI/CD and IaC for IAM configurations.
- Establish patterns for human‑in‑the‑loop controls, break‑glass access, and rate limiting.
- Maintain documentation, decision records, diagrams, and runbooks.
- Deliver POC summaries, evaluations, and implementation guidance; communicate risks and dependencies.
- Ensure regulatory compliance; partner on threat modeling and controls (secrets, PAM, audit evidence).
- Serve as IAM SME for AI initiatives; mentor engineers.
- Deliver production‑ready IAM patterns and reduce identity risk across AI workloads.
- 10+ years in IAM, security architecture, or platform engineering with significant IAM scope.
- 2+ years building IAM POCs and troubleshooting OAuth 2.0 / OIDC flows (Auth Code + PKCE, refresh tokens, client credentials, token exchange, OBO).
- 2+ years with Ping One AIC and/or Microsoft Entra .
- Hands‑on experience designing identity for APIs, microservices, and BFF architectures.
- Experience integrating IAM with API gateways, AI/ML platforms, and modern application stacks.
- Strong knowledge of SAML, OAuth, OIDC, JWT, scopes, and authorization patterns.
- Familiarity with agent/tool identity models and secure integration patterns.
- Ability to translate AI requirements into secure identity designs; strong communication skills.
- Experience delivering AI/ML agents or copilots to production.
- Experience with SailPoint, Cyber Ark/Delinea, or Auth0/CIAM.
- Knowledge of AI‑aware API gateways (e.g., Kong).
- Experience with IAM modernization or M&A programs.
- Relevant certifications (CISSP, CCSP, Entra, Ping, SailPoint, AWS).
- Familiarity with zero trust and identity threat detection.
$ – $ (actual base salary varies based on relevant skill, prior experience, education, peers, performance, and geographic location).
Equal Opportunity Employer.
#J-18808-LjbffrTo View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×