Sr. Principal IAM Security Engineer

Job Requisition  # 26WD96445

Location: Remote Eligible

Team: Cyber Defense – IAM

Autodesk’s Cyber Defense team is looking for a Sr. Principal IAM Security Engineer to lead the strategy and execution for modern Identity and Access Management across human and non-human identities, including service accounts, workloads, secrets-backed identities, federated identities, and emerging AI/agentic identity patterns. You’ll design and drive scalable, secure-by-default identity guardrails for workforce and platform/product environments, enabling engineering teams to move fast while reducing systemic identity risk.

You’ll lead key initiatives such as Zero Trust enforcement ,
Non-Human Identity (NHI) governance ,
IAM Threat Management and automation of identity workflows , while working across multiple business units to align platforms, reduce risk, and build seamless access experiences.

• Define the enterprise and platform IAMstrategyfor human identities, NHI, and AI/agent identities, including lifecycle, authentication, authorization, and auditing standards.
• Establish identity reference architectures, patterns, and paved roads for product teams and internal engineering.

• Build and operationalize controls for service identities, workload identities, API identities, bots, and automation accounts across cloud, CI/CD, and runtime environments.
• Drive adoption of short-lived, federated credentials where feasible; reduce static secrets and unmanaged service accounts.
• Implement lifecycle governance for NHI: creation standards, ownership, rotation/attestation, inactivity reaping, and incident response playbooks.

• Define secure patterns for AI acting on behalf of users or services, including delegated authorization, scoped tokens, and least-privilege access models.
• Partner with AI platform teams to implement guardrails: identity provenance, policy enforcement, auditing, and kill-switch mechanisms for misbehaving agents.
• Ensure AI identity behaviors are measurable and governable (logging, traceability, approvals for sensitive actions, segmentation of duties).

• Embed AI and machine learning capabilities into IAM platforms and security tooling to enable intelligent, automated identity governance — including access decisioning, anomaly detection, and agent behavior monitoring.
• Design, build, and deploy purpose-built AI agents and ML-powered security systems that autonomously execute IAM functions — including identity lifecycle management, entitlement reviews, and real-time response to identity-based threats.
• Fine-tune andoptimizeexisting AI models against Autodesk-specific identity and access data to improve accuracy of threat detection, behavioral anomaly identification, and access risk scoring within the IAM environment.

• Build/standardize authorization models (RBAC/ABAC/ReBAC as appropriate) across workforce and product systems.
• Drive consistent policy as code, access reviews, and privileged access workflows.
• Define standards for token scopes, claims, session constraints, step-up auth, and sensitive action protections.

• Improve detection/response for identity threats: anomalous token use, privilege escalation, credential misuse, service-account sprawl.
• Create metrics and reporting for identity posture and platform adoption (coverage, drift, exceptions, time-to-remediate).
• Lead identity-related investigations and post-incident improvements.

• Serve as a senior technical leader influencing engineering orgs, platform teams, and security; mentor others and raise the bar on identity engineering.
• Translate risk into pragmatic engineering requirements; drive roadmaps across multiple teams.

• 10+ years in IAM / security engineering, including designing identity architectures at enterprise scale.
• Proven experience securing non-human identities across cloud, CI/CD, and production runtimes.
• Deep knowledge of auth standards: OAuth2, OIDC,…