Job Description

We're seeking a future team member for the role of Cloud Engineering to join our Cloud Platform Engineering organization. This role is located in New York City, Pittsburgh, or Lake Mary.

In this role, you'll make an impact in the following ways:

• Define and govern cloud identity and access architecture across AWS, Azure, GCP, OCI, and SaaS platforms to meet business, security, and compliance objectives
• Design and implement federation, single sign-on (SSO), and identity integration patterns using SAML, OAuth, OIDC, and related enterprise authentication standards
• Lead SCIM-based provisioning, deprovisioning, and identity lifecycle automation to strengthen joiner, mover, leaver controls across cloud and SaaS services
• Establish secure SaaS connectivity patterns, access controls, and trust relationships for enterprise platforms and third-party integrations
• Drive multicloud security strategy for human and machine identities, including privileged access, service accounts, secrets, and workload identity controls
• Partner with security, networking, platform, application, and compliance teams to implement least privilege, strong authentication, and policy-based access governance
• Define guardrails, standards, KPIs, and operational playbooks for identity security, access reviews, audit readiness, and continuous improvement
• Recruit, mentor, and develop a high-performing engineering team while guiding architecture, automation, and secure platform adoption
• Influence product, security, networking, compliance, and data teams to harness best-practice cloud solutions
• Research emerging technologies (serverless, edge, cloud AI), drive POCs, and translate findings into actionable initiatives
• Establish KPIs/SLIs/SLOs, dashboards, and playbooks for performance, reliability, and cost optimization
• Recruit, mentor, and develop a world-class team, fostering collaboration, curiosity, and a metrics-driven mindset
• Architect and oversee IaC (Terraform, CloudFormation), container platforms (Kubernetes, Docker), and CI/CD pipelines

To be successful in this role, we're seeking the following:
• 10+ years designing and operating enterprise cloud and identity platforms, with 5+ years in leadership
• Deep expertise in Cloud Security and IAM across AWS, Azure, GCP, OCI, and major SaaS platforms
• Strong hands-on experience with federation, SSO, SCIM, MFA, identity lifecycle management, and privileged access controls
• Strong understanding of authentication and authorization standards including SAML, OAuth 2.0, OpenID Connect, and modern identity architectures
• Experience securing SaaS integrations, third-party connectivity, and cross-platform trust relationships in regulated environments
• Proven ability to influence business and technical stakeholders and communicate complex identity and security concepts to executives and engineers alike

Our Benefits and Rewards:

BNY offers highly competitive compensation, benefits, and wellbeing programs rooted in a strong culture of excellence and our pay-for-performance philosophy. We provide access to flexible global resources and tools for your life's journey. Focus on your health, foster your personal resilience, and reach your financial goals as a valued member of our team, along with generous paid leaves, including paid volunteer time, that can support you and your family through moments that matter.

BNY assesses market data to ensure a competitive compensation package for our employees. The base salary for this position is expected to be between $127,000 and $273,000 per year at the commencement of employment. However, base salary if hired will be determined on an individualized basis, including as to experience and market location, and is only part of the BNY total compensation package, which, depending on the position, may also include commission earnings, discretionary bonuses, short and long-term incentive packages, and company- sponsored benefit programs.

This position is at-will and the Company reserves the right to modify base (as well as any other discretionary payment or compensation) at any time, including for reasons related to individual performance, change in geographic location, Company or individual department/team.