All roles

Open role

[Remote] Principal Security Engineer - Temporary

Remote · United Arab Emirates Full-time

Note: The job is a remote job and is open to candidates in USA. Achieve is a leading digital personal finance company that provides innovative financial solutions. They are seeking a Principal Security Engineer to architect the next generation of Identity, transitioning the enterprise to a Risk-Based Authorization model and designing comprehensive Identity solutions to secure their critical assets.

Responsibilities

  • Continuous Adaptive Trust: Transition the enterprise from static, role-based access to a Risk-Based Authorization model that evaluates signals (device posture, behavior, location) in real-time
  • Enhance the enterprise Identity strategy, roadmap, and architecture in alignment with business goals and security policies
  • Design and architect comprehensive Identity solutions, including identity lifecycle management, non-human lifecycle management, authentication (MFA, SSO, passwordless), authorization, access governance, and Privileged Access Management (PAM)
  • Evaluate and select appropriate Identity technologies and platforms
  • Create and maintain detailed architectural documentation for Identity solutions
  • Lead the strategy and architecture for comprehensive Identity and Access Management (IAM) solutions, explicitly managing User Identities, Workload & Machine Identities (including Service Mesh, Kubernetes, Lambda, and APIs), and other non-human identities across on-premises and cloud environments to govern access rights and privileges
  • Lead the implementation and integration of Identity solutions across various on-premises and cloud environments (e.g., Azure AD, AWS, GCP, Okta, Entra)
  • Integrate Identity systems with enterprise applications, platforms, and services using standard protocols (SAML, OAuth, OpenID Connect, SCIM)
  • Design and implement strategies to secure non-human machine identities, service accounts, APIs, and automation, utilizing Zero Standing Privilege principles and engineering "Just-in-Time" (JIT) access workflows to eliminate persistent administrative overhead, reduce the blast radius of potential compromises, and enforce strict, least-privilege, and Zero Trust security principles
  • Develop and configure identity provisioning and de-provisioning workflows
  • Partner with the SOC to build ITDR capabilities that detect and automatically neutralize identity-based attacks, such as session hijacking, token theft, and MFA fatigue
  • Act as a "Security Partner" for engineering teams to foster secure development practices
  • Drive successful adoption by collaborating with diverse stakeholders (business units, technology teams, application developers) and translating complex cryptographic and identity concepts into clear business value for product owners and executive leadership
  • Provide technical leadership and guidance, championing and delivering self-service Identity APIs and SDKs to enable developers to build secure products with minimal friction (Developer Experience - DevEx)
  • Provide technical leadership, mentorship and guidance to Identity Engineers and other team members

Skills

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
  • 8+ years in Cybersecurity/Engineering, with a proven track record of moving legacy organizations towards a Zero Trust architecture
  • 5+ years focused on identity and access management
  • Proven experience in designing and implementing enterprise-scale Identity solutions
  • Drive security automation and 'Builder' Mentality by architecting and implementing automation-first solutions (e.g., scripts, APIs, Infrastructure as Code) to eliminate reliance on manual governance processes and ensure security policy is enforced at scale and embedded into developer workflows
  • Hands-on experience with leading IAM platforms and technologies, such as: Identity Federation: Azure AD/Entra, Okta, Ping Identity, ADFS; IGA (Identity Governance and Administration): SailPoint, Saviynt, Oracle Identity Manager; PAM (Privileged Access Management): CyberArk, Delinea, BeyondTrust; Directory Services: Active Directory, Azure Active Directory, LDAP
  • Deep knowledge of IAM principles, best practices, and security models
  • Proficiency in scripting languages (e.g., PowerShell, Python) for automation and integration
  • Understanding of network security, operating systems, and database concepts
  • Familiarity with API security and microservices architecture
  • Deep mastery of identity protocols and standards: IODC, OAuth 2.0, SAML, and SCIM, with a specific focus on mTLS and JWT security
  • Expert-level experience with cloud-native IAM (AWS IAM, Azure Entra ID, GCP Cloud IAM) and managing identity in distributed microservices architectures
  • Strong experience with Terraform and container orchestration (Kubernetes)
  • Excellent analytical and problem-solving skills
  • Strong communication (written and verbal) and interpersonal skills
  • Ability to work independently and as part of a collaborative team
  • Strong project management and organizational skills
  • Proven ability to strategically influence and expertly negotiate with stakeholders across all organizational levels
  • A Master's degree is a plus
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • Relevant vendor certifications (e.g., Microsoft Certified: Identity and Access Administrator Associate/Expert, Okta Certified Professional/Administrator/Consultant)

Benefits

  • 401 (k) with employer match
  • Medical, dental, and vision with HSA and FSA options
  • Competitive vacation and sick time off, as well as dedicated volunteer days
  • Access to wellness support through Employee Assistance Program, physical and mental health wellness programs
  • Pet care discounts for your furry family members
  • Financial support in times of hardship with our Achieve Care Fund
  • A safe place to connect and a commitment to diversity and inclusion through our six employee resource groups

Company Overview

  • Achieve provides digital personal finance solutions to help clients improve their financial well-being. It was founded in 2002, and is headquartered in Tempe, Arizona, USA, with a workforce of 1001-5000 employees. Its website is https://www.achieve.com.
  • Company H1B Sponsorship

  • Achieve has a track record of offering H1B sponsorships, with 1 in 2026, 13 in 2025, 8 in 2024, 6 in 2023, 18 in 2022, 12 in 2021. Please note that this does not guarantee sponsorship for this specific role.
  • More open positions

    [Remote] Security Engineer I (Full-Time) - United States

    Work from home Full-time role

    [Remote] Service Now Customer Support Engineer II (Full-Time) - United States

    Work from home Full-time role

    [Remote] Senior Mobile Engineer, Deliver

    Work from home Full-time role

    [Remote] Security Engineer - Email Security

    Work from home Full-time role

    [Remote] Account Executive III, Strategic Alliances

    Work from home Full-time role

    Senior Technical Business Analyst job at T. Rowe Price in Owings Mills, MD

    Work from home Full-time role

    REMOTE DIETITIAN-KY LICENSE REQUIRED (Louisville, KY, US, 40018)

    Work from home Full-time role

    [Remote] Software Engineer

    Work from home Full-time role

    Director, Collections

    Work from home Full-time role

    Remote Customer Service Representative – Part‑Time Virtual Support for Travel & Hospitality at careerzynith

    Work from home Full-time role

    Air Quality Engineer I/II

    Work from home Full-time role

    [Remote] ADC Sales Representative-iMatrix

    Work from home Full-time role

    IT Project Manager (USA) - North American Service Delivery Group

    Work from home Full-time role

    [Remote] Senior / Regulatory Affairs Consultant (Small Molecules and Biologics)

    Work from home Full-time role

    Applied AI Engineer, Work From Home

    Work from home Full-time role

    Construction Executive

    Work from home Full-time role

    Go-to-Market Engineer - London, United Kingdom

    Work from home Full-time role

    Pre-Certification/ Authorization Manager

    Work from home Full-time role

    Needed: Freelance Writers for Flexible, Consist...

    Work from home Full-time role

    Engineer 1, Software Development & Engineering - Mobile Development

    Work from home Full-time role

    Southwest Hiring Remote, Southwest Airlines Remote Positions Apply Today

    Work from home Full-time role