Haystack
← Back to Jobs
Remote
Other

AI / Agentic Identity Engineer || Remote

AKAASA TechnologiesUnited States🇺🇸United StatesPosted 17 Jul 2026

Quick Overview

Work Type
Remote
Level
Mid Senior

Job Description

AI / Agentic Identity Engineer

We are seeking a senior-level Security Engineer to support a strategic initiative to establish an
identity and access management (IAM) program for AI agents; treating each agent as a governednon-human identity (NHI)with a tracked owner, a pre-approved permission set (persona), and strong workload identity. This includes both consumer-facing and internal agentic services

This role sits at the intersection of agentic AI security, identity and access management, and large-scale application security. The engineer will help design and operationalize runtime guardrails, identity-aware authorization, and policy enforcement across both guest-facing and internal systems.

This is not a traditional application security role. The ideal candidate is comfortable securing non-deterministic systems, tool-calling agents, and identity-driven control planes, while grounding solutions in proven web, API, and edge-security principles.


Engagement objectives & Key Responsibilities

Design and implement security control planes for agentic AI systems

Define runtime authorization boundaries for AI agents, including tool-level access control and least-privilege execution

Establish policy enforcement points governing agent behavior prior to high-impact actions

Support human-in-the-loop workflows for sensitive or high-risk AI-initiated actions

Design persona / agent data models
(agents, personas, pre-approved permission sets, ownership, recertification).

Integrate agent registry with our
IdPs, agent build platforms, and secrets/credential management.

Ensure end-to-end attribution across user → agent → tool execution chains

Implement
SPIFFE/SPIRE(or equivalent) for cryptographic agent identity.

ImplementOAuth 2.0/2.1, OIDC, On-Behalf-Of (RFC 8693) token exchange, and audience-bound tokens (RFC 8707); enforce least privilege andtemporal / just-in-timeconstraints.

Build or configure connectors to discover and govern agents across
on-premises and multi-cloud environments.

Apply identity/authorization patterns forModel Context Protocol (MCP)andAgent2Agent (A2A)interactions (audience binding, no token pass-through, delegation).

Collaborate on edge security controls including WAFs, bot mitigation, and API gateways

Ensure consistent enforcement from edge to API to service to AI runtime layers

Support secure cloud-native, containerized, and sandboxed deployment patterns (Google, AWS, Azure)

Define security telemetry and audit requirements for agentic systems

Support detection and response for runaway agents or excessive autonomy

Align implementations with enterprise security standards and governance expectations

Documentation & knowledge transfer.
Produce architecture, runbooks, and POC findings; upskill the internal IAM team for ongoing ownership.

Required skills & experience

8+ years of experience in security engineering, application security, or platform security

Proven experience delivering
enterprise IAM / non-human identitysolutions.

Strong foundation in web applications and API security

Experience designing fine-grained least-privilege access models for distributed systems

Experience working with AI-enabled or automation-heavy systems

Familiarity with risks unique to agentic or autonomous systems

Ability to reason about non-deterministic execution and enforce deterministic controls

MCP Security Standards and agent runtime authorization

Experience with WAFs, API gateways, and edge security controls

Familiarity with cloud-native architectures and service-to-service security

Non-Human Identity (NHI) lifecycle management in highly dynamic environments

Deep working knowledge of
OAuth 2.0/2.1, OIDC, token exchange (OBO), and modern token security(PKCE, audience binding, short-lived tokens).

Experience with
workload identity: SPIFFE/SPIRE, mTLS, and PKI/certificate-based authentication.

Experience with
secrets managementand eliminating static/long-lived credentials.

Solid grasp of
Zero Trust, least privilege, and identity lifecycle/recertification.

Ability to work closely with product, platform, AI/ML, and identity teams

Strong written and verbal communication skills

Ability to translate complex security concepts into practical guidance

Preferred / nice to have

Experience with agent frameworks or orchestration systems

Familiarity with policy-as-code or runtime enforcement models

Experience with
AI/LLM security risks(e.g., OWASP Top 10 for LLM Applications, agentic threat models).

Experience in regulated or high-availability environments

Skills

AWS
OAuth
OWASP
Azure
LLM
PKI
Zero Trust

Similar jobs