Machine Identity Engineer

Join Mizuho as a Machine Identity Engineer!

Mizuho’s Identity and Access Management (IAM) team is in the midst of an exciting transformation. We're building a dedicated high performing IAM function that is central to the firm's cybersecurity and regulatory strategy. Our environment is dynamic, growing, and rich with opportunity. You’ll work alongside a talented group of professionals who are passionate about solving complex access challenges, automating at scale, and strengthening security posture across both on‑premises and cloud environments.

This is a unique chance to join our team that's shaping the future of IAM at a major financial institution.

We are seeking an experienced IAM Engineer with specialization in PKI, certificate lifecycle management, and secrets management to design, implement, and support identity and credential services for non‑human identities across on‑prem and cloud environments, with a strong emphasis on Azure‑native identity services.

This hands‑on engineering role focuses on delivering secure and scalable solutions for managing digital certificates, encryption keys, and non‑human credentials used by servers, applications, services, APIs, and cloud workloads. The ideal candidate has deep expertise in PKI infrastructure, certificate lifecycle automation, and secrets management platforms such as Cyber Ark CCP, Azure Key Vault, or Hashi Corp Vault, along with strong working knowledge of Microsoft Entra  identities, Azure Managed Identities, service principals, and cloud IAM control patterns applicable to non‑human identities.

This role is critical to strengthening the firm's identity security posture, enabling secure cloud adoption, and supporting compliance with regulatory and internal control requirements

• Manage and enhance the enterprise PKI and Venafi certificate lifecycle management platform ensuring scalable, secure, and policy‑compliant certificate operations.

• Integrate certificate‑based authentication into platforms, applications, network components, and Azure‑native services, minimizing manual handling and outage risk.

• Establish and enforce certificate lifecycle standards, monitoring, and alerting to ensure certificate health, trust integrity, and regulatory compliance.

• Deploy and support secrets management platforms (e.g., Cyber Ark CCP, Azure Key Vault, Hashi Corp Vault) to protect non‑human credentials, API keys, and sensitive configuration data.

• Integrate secrets management with infrastructure automation and CI/CD pipelines; define and enforce rotation, expiration, and least‑privilege access policies.

• Implement and support cloud workload identity patterns (e.g., Azure Managed Identities and service principals) to enable secure, identity‑based access for non‑human workloads and reduce reliance on static credentials.

• Partner with cloud and platform teams to integrate workload identities with enterprise PKI and secrets management solutions, enforce least‑privilege access models, and support security, audit, and compliance requirements.

• Maintain accurate and complete inventories of certificates, keys, secrets, and machine identities aligned with CMDBs or authorized asset repositories.

• Ensure identity, credential, and key management controls are documented, monitored, and evidenced to support audit, risk, and regulatory requirements.

• Support regulatory exams, internal audits, and control testing activities, including evidence preparation, issue remediation, and control validation.

• Partner with infrastructure, cloud, cybersecurity, and Dev Ops teams to align machine identity, certificate, and secrets controls with enterprise architecture standards.

• Participate in design and architecture discussions to identify gaps and drive scalable, automation‑friendly improvements.

• 7+ years of experience in Identity & Access Management, cybersecurity engineering, or related infrastructure security roles, with a strong focus on non‑human identities.

• Hands‑on experience operating and supporting enterprise…