Senior Agentic Identity & Access Security Engineer

• Design and ship IaC-driven, self-service identity patterns that roll out firm-wide without requiring a full Active Directory cleanup first.
• Define the currently undefined agentic runtime security model: containerised code execution, permission delegation to agents, and MCP-based tool access.
• Lead the transition from long-lived secrets toward ephemeral, time-based, risk-scored credentials, scoped to task duration and issued via JWT / OIDC.
• Layer LLM / software guardrails (policy-as-text plus human review) on top of whatever hard guardrails are feasible across the estate.
• Establish an opinionated onboarding standard (e.g. mandatory MCP interfaces) and win adoption through better defaults and developer experience, not mandate alone.
• Design SIEM integration, behavioural baselining, and anomaly detection for agentic workflows, and centralise siloed audit logs to satisfy both security and regulatory requirements.
• Take bounded beachheads (for example, authenticate users and then delegate scoped access to internal systems) from vague to delivered.

• 6+ years in security architecture and/or platform engineering, with a track record of shipping production code. Principal / Staff-level depth, ideally in a high-velocity or quant / financial-services engineering culture.
• Deep, mechanical command of modern identity and authorisation: OIDC / OAuth2 / JWT — token issuance flows, claims design, and delegation / impersonation patterns.
• Hands-on HashiCorp Vault experience, including dynamic / short-lived secrets and the realities of migrating off long-lived tokens without breaking a large application estate at once.
• Keycloak policy modelling, ideally with the Terraform-driven configuration the firm already uses.
• Strong Terraform / IaC fluency — enough to design repeatable, self-service patterns that others adopt, rather than bespoke per-team setups.
• Working knowledge of the Active Directory + Entra legacy reality: nested groups, LDAP-backed role mapping, and the distribution-list-as-permission-group failure mode — able to design around the mess pragmatically.

Nice to have

• Real exposure to agentic / LLM systems and why they change the threat model — an agent actively probes and exploits standing permissions rather than stumbling onto them. That removes the “security through obscurity” cushion humans relied on.
• Familiarity with MCP as an integration / onboarding standard, and at least one agent harness (Claude Agent SDK preferred).
• Experience with just-in-time, task-scoped delegation versus standing access, and risk-gated credential issuance (e.g. a short-lived token issued against a CrowdStrike-style risk score).
• Behavioural baselining / anomaly detection for workloads — defining “normal” for a recurring workflow and catching deviation at volume.
• SIEM integration and action attribution: distinguishing an agent’s action from the human whose credentials it borrowed.
• Financial-services audit literacy
• Consulting or client-facing / pre-sales experience.