As organizations adopt generative AI, securing how AI agents, models, and automated workflows access enterprise systems and data has become a core engineering challenge. As an Identity & Gen AI Engineer, you will build generative AI solutions with identity, access, and trust engineered in from the start, securing both human and non-human identities and governing how AI agents and GenAI platforms reach data and downstream systems. This role focuses on hands-on engineering, integration, and continuous enhancement of AI solutions in which identity and access controls are a first-class concern.
Work you'll doAs an Identity & Gen AI Engineer on the Identity and Access Management team, you will be responsible for...
• Build and integrate generative AI solutions, including LLM applications, retrieval-augmented generation, and AI agents, with secure access to data and downstream systems.
• Engineer authentication, authorization, and identity controls for AI agents, service accounts, and other non-human identities operating across enterprise and cloud environments.
• Develop guardrails for agentic workflows, including scoped permissions, least-privilege access, credential and secrets management, and runtime policy enforcement.
• Implement logging, monitoring, and governance that provide traceability and accountability for AI system actions.
• Collaborate with IAM, security architecture, and data teams to embed identity controls into GenAI solution delivery and operations.
• Create and maintain reference architectures, reusable patterns, and technical documentation for building and securing AI systems.
A successful candidate would possess these skills:
- Ability to work independently and collaborate as part of a team
- Effective written and verbal communication skills
- Meticulous attention to detail and quality of work product
- Ability to build and sustain professional relationships
- Ability to lead projects or workstreams
- Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
- Strong interpersonal skills and professional demeanor
- Ability to meet deadlines
- Ability to provide clear guidance to others
QualificationsRequired:
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a similar technical field
- Ability to work onsite up to 5 days a week.
- 3+ years of software engineering experience with Python or a comparable language
- 1+ year of hands-on experience building, integrating, or deploying generative AI solutions such as large language model (LLM) applications, retrieval-augmented generation (RAG), or AI agents, including use of model APIs, orchestration frameworks, and AI development tools such as Claude Code, OpenAI Codex, GitHub Copilot, or Cursor
- Working knowledge of identity and access management concepts and protocols, including authentication, authorization, single sign-on (SSO), and standards such as OpenID Connect (OIDC), Security Assertion Markup Language (SAML), OAuth, and JSON Web Token (JWT)
- Ability to travel 15%, on average, based on the work you do and the clients and industries/sectors you serve.
- Ability to obtain and maintain the necessary security clearance.
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
- Delivery Center Location & Travel Requirements:
- Hybrid Work Model: Operate under a hybrid system requiring residence within a commutable distance to one of the US Delivery Center locations (Gilbert, Lake Mary, or Mechanicsburg) or Geo-Hub locations (Atlanta, Charlotte, Dallas, Houston, and Philadelphia)
- Co-location Expectation: Spend up to 30% of working time co-located at an assigned office for orchestrated opportunities, including projects, practice sessions, training, and Moments That Matter at a Deloitte Delivery Center location, Geo-Hub location, approved site, or project location
- Travel Requirement: Maximum of 10% overnight travel for client or project purposes
- Relocation Requirement: If relocation is necessary, complete the move within 12 weeks from the start date to reside within a commutable distance
Preferred:
- Experience deploying generative AI solutions to production environments
- Hands-on experience with identity and access management platforms such as SailPoint, Okta, or Microsoft Entra ID
- Experience securing non-human or machine identities, service accounts, secrets, and credentials using tools such as HashiCorp Vault or CyberArk
- Experience with AI agent frameworks and protocols such as LangChain, LangGraph, or Model Context Protocol (MCP)
- Experience with fine-grained authorization or policy-as-code using tools such as Open Policy Agent (OPA), Cedar, or OpenFGA
- Familiarity with AI and LLM security risks such as the OWASP Top 10 for LLM Applications, prompt injection, and excessive agency
- Experience applying AI governance and risk frameworks such as the NIST AI Risk Management Framework (AI RMF)
- 2+ years of experience building or deploying workloads in cloud environments such as Amazon Web Services (AWS) and Microsoft Azure
- Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or a cloud engineering certification such as AWS Certified Solutions Architect or Microsoft Certified: Azure Solutions Architect
- 1+ year of experience supporting federal government environments
- 1+ year of experience with infrastructure-as-code or automation technologies such as Terraform or Ansible