Principal Engineer – Identity Governance & Administration (IGA)
Role Overview
We are seeking a Principal Engineer – Identity Governance & Administration (IGA) to serve as the technical authority and owner for enterprise-wide identity governance capabilities. This role is responsible for defining and evolving the governance, lifecycle, and policy layer that protects company intellectual property, enforces least privilege, and enables Zero Trust at scale.
This is a deeply technical, hands-on principal role with end-to-end accountability—from IGA platform evaluation and selection to governance model design, integration engineering, and long-term roadmap ownership. The ideal candidate brings expert-level experience with SailPoint, Saviynt, or equivalent enterprise IGA platforms, combined with strong systems thinking and the ability to design durable governance solutions in complex, global environments.
IGA is a Tier-0 security capability. Weak governance leads directly to over-privileged access, toxic combinations, audit failures, and elevated breach impact. This role ensures access is intentional, justified, reviewable, and continuously governed—across humans, machines, and AI-driven identities.
Key Responsibilities
IGA Architecture & Technical Ownership
- Act as the principal technical owner for Identity Governance & Administration platforms and capabilities
- Define, document, and evolve end-to-end IGA architecture, including:
- Identity lifecycle management
- Access request and approval workflows
- Role, entitlement, and policy models
- Certification and review frameworks
- Establish reference architectures, engineering standards, and design patterns for identity governance
- Own the multi-year IGA roadmap aligned with enterprise security and Zero Trust strategy
Identity Lifecycle & Access Governance
- Design and implement scalable Joiner / Mover / Leaver (JML) workflows integrated with:
- HR systems
- Directories and IAM platforms
- Cloud platforms and applications
- Build and maintain RBAC, ABAC, and policy-based access models that scale across thousands of applications
- Implement and optimize:
- Access request and approval flows
- Periodic access certifications and reviews
- Segregation of Duties (SoD) controls
- Ensure governance coverage across human, privileged, and non-human identities
Governance for Non-Human, AI & Machine Identities
- Define governance models for non-human identities, including:
- AI agent identities
- Robotic Process Automation (RPA) identities
- Service accounts, application identities, and APIs
- Ensure machine and AI identities are:
- Properly onboarded, approved, and reviewed
- Least-privileged and policy-governed
- Auditable and lifecycle-managed
- Prevent entitlement sprawl, orphaned access, and unmanaged machine identities
- Integrate non-human identity governance into enterprise access reviews and compliance reporting
Zero Trust Enablement & Risk Reduction
- Embed least privilege, continuous governance, and defense-in-depth into all access models
- Partner with IAM, Security Architecture, and Cloud teams to ensure governance supports Zero Trust enforcement
- Proactively identify and remediate:
- Access sprawl
- Toxic combinations
- Orphaned and dormant entitlements
- Reduce blast radius by ensuring access is time-bound, role-aligned, and continuously reviewed
Platform Engineering, Integration & Automation
- Evaluate, select, and implement enterprise-grade IGA platforms (SailPoint, Saviynt, or equivalent)
- Engineer robust integrations with:
- Directories and IAM systems
- Cloud platforms (AWS, Azure, GCP)
- Enterprise and SaaS applications
- Push beyond “tool configuration” to engineered governance solutions
- Increase automation to reduce manual effort, operational risk, and audit friction
Innovation, Continuity & Technical Leadership
- Continuously assess emerging IGA capabilities, identity standards, and automation opportunities
- Ensure knowledge continuity and eliminate dependency on individual resources
- Mentor senior engineers and elevate identity governance maturity across the organization
- Make high-judgment tradeoffs between speed, risk, and long-term maintainability
Required Qualifications
Experience
- 10+ years of experience in Identity & Access Management with deep specialization in IGA
- Proven experience designing and operating enterprise-scale identity governance platforms
Technical Expertise
- Expert-level hands-on experience with:
- SailPoint (IdentityIQ / IdentityNow), Saviynt, or comparable IGA platforms
- Strong understanding of:
- Identity lifecycle management (JML)
- Access governance and certification models
- RBAC, ABAC, and policy-driven access control
- Segregation of Duties (SoD) design and enforcement
- Zero Trust and identity-centric security architecture
- Experience integrating IGA platforms with:
- HR systems
- Directories and IAM platforms
- Cloud and SaaS applications
- Strong understanding of APIs, integrations, and distributed systems
Architectural & Leadership Skills
- Ability to design governance solutions that scale across global enterprises
- Strong systems thinking and long-term architectural judgment
- Proven ability to influence architecture and standards without formal authority
- Comfortable operating in ambiguous, high-impact problem spaces
Preferred Qualifications
- Experience supporting global enterprises with complex identity ecosystems
- Strong cloud identity governance experience across AWS, Azure, and/or GCP
- Background in security architecture, platform engineering, or large-scale SaaS systems
- Familiarity with privileged access governance and non-human identity risk
- Experience partnering with GRC, Audit, and Compliance teams
Why This Role Is Critical
Identity governance determines who gets access, to what, and why. Without strong IGA, Zero Trust cannot scale, audits become fragile, and security incidents have outsized impact.
This role directly protects the organization from:
- Over-privileged access and toxic combinations
- Unmanaged AI, robotic, and service identities
- Audit failures and compliance exposure
- Excessive blast radius during security incidents
This position is for an engineer who wants to define how identity governance works—not just operate tools—and who understands that governance is a core security control, not an afterthought.
#LI-7013
