Responsibilities

At Workato, security is at the core of everything we do. We are looking for a Staff Security Engineer – IAM to architect and lead Workato’s Identity & Access Management (IAM) program. This role will be instrumental in defining IAM strategy, implementing scalable identity security frameworks, and measurably reducing identity-related risk across human and non-human identities, including AI systems.

You’ll work at the intersection of security, automation, AI governance, and access control, helping to secure cloud environments, orchestrate identity security operations, and enforce least privilege at scale. You’ll collaborate with Business Technology, Product & Engineering, and other teams to ensure that identity security enables business velocity while maintaining strong governance and compliance.

If you are passionate about architecting IAM programs, building frameworks hands-on, driving cross-functional execution, and reducing identity-related risk in measurable ways, this is the perfect opportunity for you.

Identity & Access Management (IAM)

• Architect and lead the enterprise IAM program and roadmap.
• Design and enhance identity lifecycle management for employees, contractors, service accounts, and AI/non-human identities.
• Build and implement IAM frameworks hands-on, aligned to Zero Trust principles.
• Implement RBAC (Role-Based Access Control), ABAC (Attribute-Based Access Control), JIT (Just-in-Time) access, and least privilege models across SaaS and cloud environments.
• Automate Joiner, Mover, Leaver (JML) processes and identity governance workflows using Workato and other automation tools.
• Manage SSO (Single Sign-On), MFA (Multi-Factor Authentication), Conditional Access, and adaptive authentication policies.
• Establish identity governance processes, including access reviews, certifications, and policy enforcement.
• Define and track IAM KPIs to measurably reduce identity-related risk.

Privileged Access Management (PAM)

• Architect and enforce Privileged Access Management controls for human and machine identities.
• Implement Just-in-Time (JIT) and ephemeral privileged access models.
• Reduce standing privileges and eliminate toxic access combinations.
• Secure administrative access across cloud, SaaS, and DevOps environments.

AI Identity Security & Governance

• Design IAM frameworks for AI systems, automation agents, and service-to-service access.
• Govern API tokens, secrets, and machine credentials lifecycle.
• Establish guardrails for AI agents interacting with production systems and sensitive data.
• Ensure least privilege access models for AI-driven workflows and integrations.

Identity Threat Detection & Response (ITDR)

• Design and implement ITDR capabilities to detect identity-based threats, including credential misuse, privilege escalation, and token abuse.
• Integrate identity telemetry into SIEM/SOAR platforms.
• Build automated response playbooks for identity-related security incidents.
• Improve Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) for identity threats

Collaboration & Cross-functional Work

• Drive cross-functional execution of IAM initiatives across Security, Business Technology, Product & Engineering, and Cloud teams.
• Partner with Product & Engineering to enforce secure identity patterns in cloud and DevOps environments.
• Provide technical leadership during security audits and compliance assessments (SOC 2, ISO 27001, GDPR, etc.).
• Educate and train employees on IAM best practices, privileged access controls, and identity security automation.
• Communicate identity risk posture and measurable improvements to leadership.

Requirements

Qualifications / Experience / Technical Skills

• 10–12 years of experience in Identity & Access Management (IAM), Security Engineering, and Security Automation in a SaaS or cloud-based environment.
• Proven experience in architecting and leading enterprise IAM programs.
• Strong experience with IAM frameworks, tools, and technologies (Okta, Azure AD / Entra ID, AWS IAM, GCP IAM, Google Workspace, etc.).
• Hands-on experience implementing RBAC, ABAC, least privilege models, and identity governance workflows.
• Experience with Privileged Access Management (PAM) solutions and Just-in-Time access models.
• Experience designing or implementing Identity Threat Detection & Response (ITDR) capabilities.
• Familiarity with identity security considerations for AI systems and machine identities.
• Strong understanding of Infrastructure as Code (IaC) principles and tools (e.g., Terraform, CloudFormation) to enforce IAM controls programmatically..
• Hands-on experience with security automation platforms (Workato preferred, Palo Alto XSOAR, Splunk SOAR, etc.).
• Proficiency in scripting and automation (Python, PowerShell, or Workato recipes for security workflows).
• Knowledge of cloud security best practices in AWS, Azure, or GCP.
• Familiarity with SOC 2, ISO 27001, GDPR, or other security compliance frameworks.
• Security certifications like CISSP, AWS Security Speciality, Okta Certified Administrator, or similar.
• May require occasional travel within India and international travel.
  
  

Soft Skills / Personal Characteristics

• Strong problem-solving and analytical skills with an automation-first mindset.
• Architect-level thinking with hands-on execution capability.
• Proven ability to drive cross-functional execution and influence stakeholders.
• Data-driven approach to reducing identity-related risk.
• Excellent communication and collaboration skills to work across teams.

(REQ ID: 2337)