AI / Agentic Identity Engineer || Remote
Quick Overview
Job Description
AI / Agentic Identity Engineer
We are seeking a senior-level Security Engineer to support a strategic initiative to establish an identity and access management (IAM) program for AI agents; treating each agent as a governed non-human identity (NHI) with a tracked owner, a pre-approved permission set (persona), and strong workload identity. This includes both consumer-facing and internal agentic services
This role sits at the intersection of agentic AI security, identity and access management, and large-scale application security. The engineer will help design and operationalize runtime guardrails, identity-aware authorization, and policy enforcement across both guest-facing and internal systems.
This is not a traditional application security role. The ideal candidate is comfortable securing non-deterministic systems, tool-calling agents, and identity-driven control planes, while grounding solutions in proven web, API, and edge-security principles.
Engagement objectives & Key Responsibilities
Design and implement security control planes for agentic AI systems
Define runtime authorization boundaries for AI agents, including tool-level access control and least-privilege execution
Establish policy enforcement points governing agent behavior prior to high-impact actions
Support human-in-the-loop workflows for sensitive or high-risk AI-initiated actions
Design persona / agent data models (agents, personas, pre-approved permission sets, ownership, recertification).
Integrate agent registry with our IdPs, agent build platforms, and secrets/credential management.
Ensure end-to-end attribution across user → agent → tool execution chains
Implement SPIFFE/SPIRE (or equivalent) for cryptographic agent identity.
Implement OAuth 2.0/2.1, OIDC, On-Behalf-Of (RFC 8693) token exchange, and audience-bound tokens (RFC 8707); enforce least privilege and temporal / just-in-time constraints.
Build or configure connectors to discover and govern agents across on-premises and multi-cloud environments.
Apply identity/authorization patterns for Model Context Protocol (MCP) and Agent2Agent (A2A) interactions (audience binding, no token pass-through, delegation).
Collaborate on edge security controls including WAFs, bot mitigation, and API gateways
Ensure consistent enforcement from edge to API to service to AI runtime layers
Support secure cloud-native, containerized, and sandboxed deployment patterns (Google, AWS, Azure)
Define security telemetry and audit requirements for agentic systems
Support detection and response for runaway agents or excessive autonomy
Align implementations with enterprise security standards and governance expectations
Documentation & knowledge transfer. Produce architecture, runbooks, and POC findings; upskill the internal IAM team for ongoing ownership.
Required skills & experience
8+ years of experience in security engineering, application security, or platform security
Proven experience delivering enterprise IAM / non-human identity solutions.
Strong foundation in web applications and API security
Experience designing fine-grained least-privilege access models for distributed systems
Experience working with AI-enabled or automation-heavy systems
Familiarity with risks unique to agentic or autonomous systems
Ability to reason about non-deterministic execution and enforce deterministic controls
MCP Security Standards and agent runtime authorization
Experience with WAFs, API gateways, and edge security controls
Familiarity with cloud-native architectures and service-to-service security
Non-Human Identity (NHI) lifecycle management in highly dynamic environments
Deep working knowledge of OAuth 2.0/2.1, OIDC, token exchange (OBO), and modern token security (PKCE, audience binding, short-lived tokens).
Experience with workload identity: SPIFFE/SPIRE, mTLS, and PKI/certificate-based authentication.
Experience with secrets management and eliminating static/long-lived credentials.
Solid grasp of Zero Trust, least privilege, and identity lifecycle/recertification.
Ability to work closely with product, platform, AI/ML, and identity teams
Strong written and verbal communication skills
Ability to translate complex security concepts into practical guidance
Preferred / nice to have
Experience with agent frameworks or orchestration systems
Familiarity with policy-as-code or runtime enforcement models
Experience with AI/LLM security risks (e.g., OWASP Top 10 for LLM Applications, agentic threat models).
Experience in regulated or high-availability environments
Skills
Similar jobs
Stakeholder Manager and Subject Matter Expert
Booz Allen Hamilton · United States
2 minutes ago$69.4k - $158k/yrHelp Desk Support with RTSM Systems 100% Remote
Stellent IT LLC · United States
2 minutes agoMachine/Plant Operator (Food)
BCforward · Medicine Lake, United States
2 minutes ago€21/hrOracle Data Relationship Management (DRM) Architect
USG, Inc. · United States
2 minutes agoProduct Designer V (Ads/ Mobile Design)
BCforward · United States
2 minutes ago$68 - $75/hrScheduler Administrator
Decision Six Inc. · United States
2 minutes ago