Purpose:Athene is hiring an Identity and Application Security Lead- a builder who works at the intersection of identity and application security, two disciplines that share a common core of authentication, authorization, cryptography, and secure API design. This role partners with Cloud Platform, Application Development, and Information Security to design and deliver solutions that development and security teams consume directly: identity-as-code patterns, policy-as-code guardrails, integrations between security tools, and reusable components that make the secure path the easy path.
The engineer contributes across the broader security program, helping teammates with their tooling, building integrations between platforms, and driving the Security Guardians champions program.
Accountabilities:- Design and build security solutions that development teams and other security teams can consume directly - integrations between security tools, reusable patterns, libraries, guardrails, and self-service tooling.
- Define and maintain AWS and Azure identity infrastructure as code, including federated roles, non-human, AI Agent and workload identities, permissions boundaries, and Azure RBAC.
- Engineer and operate SSO, MFA, and access policy platforms including Okta (access policies, app integrations) and Entra ID (Conditional Access, app registrations, credential management, PIM).
- Implement identity frameworks for AI agents and non-human identities-issuing, rotating, and revoking credentials, client IDs/secrets, and certificates used by autonomous systems and agentic workflows.
- Perform testing and validation of application security controls across projects, in code and APIs
- Provide consulting to development teams, developers and stakeholders to incorporate secure authentication and authorization patterns (OIDC, OAuth 2.0, SAML, mTLS, API auth) into engineering design.
- Additionally, perform threat modeling, secure design review, and remediation guidance across both identity and AppSec concerns.
Qualifications and Experience:- Bachelor's degree or equivalent professional experience with 6+ years in security engineering, with deep hands-on experience across both identity and application security.
- Strong grasp of authentication and authorization primitives shared by both disciplines: OIDC, OAuth 2.0, SAML, JWT, mTLS, certificate management, and API auth patterns.
- Depth in AWS and/or Azure, especially AWS IAM, cloud secrets management, privileged access, and Azure RBAC with hands-on with IaC and CI/CD: Terraform, CloudFormation, GitHub Actions, Jenkins.
- Proficiency in one or more security automation languages e.g. Python, JS/TS, Go.
- Understanding of secure SDLC, OWASP Top 10, and how identity controls and application controls reinforce each other.
- Hands-on experience with Okta, Entra ID, SailPoint, CyberArk, GitHub Advanced Security, and/or Akamai API Security.
- Experience designing identity controls for NHIs, workload identities, and AI agents / agentic workflows.
- Experience operating SAST, DAST SCA, and API security tooling and driving remediation with development teams.
