Hard Rock

Principal Identity Engineer

Hard Rock$130K — $180K *
US-AnywhereRemote in Florida, US
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in identity and access management or related field
  • Hands-on expertise with modern enterprise identity platforms, specifically Microsoft Entra ID
  • Proficiency in identity protocols and methods such as SAML, OIDC, OAuth 2.0
  • Experience with automating identity lifecycle across SaaS and multi-cloud environments
  • Scripting skills in PowerShell, Microsoft Graph API, or Python
  • Proven track record of designing least privilege, just-in-time access
  • Excellent communication skills, able to engage with technical and executive audiences
  • Familiarity with AI in security or engineering processes.

Responsibilities

  • Own identity architecture and roadmap for Microsoft Entra ID
  • Design Conditional Access policies balancing security and user experience
  • Drive implementation of phishing-resistant, passwordless authentication methods
  • Manage privileged access processes using Microsoft Entra PIM
  • Automate identity lifecycle management for accurate access controls
  • Conduct access reviews and maintain entitlement governance
  • Govern service identities and partner on secrets management across cloud platforms
  • Lead Zero Trust identity strategy aligned with NIST and CISA models.

Benefits

  • Competitive pay and benefits
  • Flexible vacation allowance
  • Hybrid or remote working options
  • Startup culture supported by a secure global brand.
Full Job Description
Whatre the Position?

Identity is the control plane of modern security. In a Zero Trust world, every access decision - for every employee, every administrator, and every machine - flows through the identity systems you will own. Were looking for a Principal Identity Engineer to be the technical authority on how Hard Rock Digital decides who (and what) can access which systems, when, and under what conditions.

This is a deliberately senior, high-trust role - one of three Principal openings reporting directly to our VP Security / CISO - because identity is not a slice of our security program; it is the backbone the rest of it is built on.

Youll be our first dedicated identity hire, inside a 16-person security organization spanning Security Operations, Risk Management, and Architecture & Engineering. Day-to-day provisioning and helpdesk sit with our IT team; your job is architecture, automation, and governance that make access safe.

If you think in terms of blast radius, least privilege, and phishing-resistant authentication - and you like owning a domain end to end rather than a corner of it - youll feel at home here.

What Youll Do

Identity & Access Architecture
  • Own the security architecture, standards, authentication methods, and roadmap for Microsoft Entra ID, our primary identity provider - partnering with IT on tenant operations
  • Design and continuously refine Conditional Access policies that balance strong protection with a smooth experience for a globally distributed workforce
  • Advance our rollout of phishing-resistant, passwordless authentication (passkeys, certificate-based, FIDO2)
  • Own federation and single sign-on across our SaaS estate (SAML, OIDC, OAuth 2.0, SCIM provisioning)


Privileged & Just-in-Time Access
  • Own our privileged access model using Microsoft Entra PIM - separate admin identities, just-in-time elevation, and approval workflows
  • Design and maintain break-glass procedures and safeguards for our most sensitive administrative paths
  • Reduce standing privilege across the environment and make least privilege, just in time the default


Identity Lifecycle & Access Governance
  • Automate the joiner-mover-leaver lifecycle so access is granted, changed, and revoked accurately and promptly
  • Build and run access reviews and entitlement governance, partnering with our GRC team on audit evidence (ISO 27001, SOC 2, PCI DSS, GLI-19/GLI-33)
  • Make access decisions auditable, explainable, and continuously right sized


Non-Human & Workload Identity
  • Govern service principles, managed identities, and workload/federated credentials across AWS, Azure, and GCP
  • Partner on secrets governance across our secrets management platforms to shrink the number of long-lived, standing secrets
  • Partner with our Principal Cloud & Network Security Engineer, who owns service-to-service authentication (mTLS, service mesh)


Zero Trust Strategy
  • Serve as the identity authority for our Zero Trust program, aligned to NIST SP 800-207 and the CISA Zero Trust Maturity Model (Identity pillar)
  • Partner with our cloud and network security function on identity-aware access through Cloudflare Access
  • Partner with Security Operations to make identity signals (risky sign-ins, privileged elevation, MFA anomalies) first-class inputs to detection and response
  • Advise on customer identity (CIAM) and account-security architecture - partnering with our Principal Product Security Engineer, who owns the application security of player-facing account flows, and with product engineering
  • This is a big charter by design - year one is about sequencing. Youll set the identity roadmap with the CISO, with leadership backing to execute against it. Our 24/7 Security Operations team owns monitoring; youll be the escalation point for identity-related incidents.


What Were Looking For
  • 10+ years in identity and access management, security engineering, or a closely related field - or equivalent practical experience
  • Deep, hands-on expertise with a modern enterprise identity platform - Conditional Access, PIM/PAM, authentication methods, and identity governance (we run Microsoft Entra ID)
  • Strong command of identity protocols and patterns: SAML, OIDC, OAuth 2.0, SCIM, and modern MFA
  • Experience automating the identity lifecycle and integrating identity across a large SaaS and multi-cloud estate
  • Scripting and automation skills (PowerShell, Microsoft Graph API, Python) and comfort with Infrastructure as Code
  • A track record of designing least privilege, just-in-time access in a real production environment
  • Excellent written and verbal communication - you can explain an access decision to an engineer and a risk to an executive
  • Fluency with AI - you lead with it, reaching for AI tools daily to work faster and sharper; hands-on experience applying AI to security or engineering work is a must.
  • You dont need to tick every box. If youre deep in workforce identity but still growing into workload identity - or the reverse - we want to hear from you.


Bonus Points
  • Experience in a regulated industry (gaming, financial services, healthcare)
  • Exposure to customer/player identity (CIAM) and KYC providers
  • Passwordless or phishing-resistant MFA rollouts at scale
  • Familiarity with Identity Threat Detection & Response (ITDR)
  • Relevant certifications (e.g., Microsoft Identity & Access Administrator, CISSP)


Who You Are
  • Strategic and hands-on - you set direction and you build the thing
  • Fiercely focused - zero in on the control that matters most and finishes strong
  • Deeply curious - you test assumptions and keep learning as the identity landscape shifts
  • Customer obsessed about access - you treat login friction as a security outcome and design controls people dont have to fight
  • A clear communicator who builds trust across security, IT, engineering, and leadership


Why This Role Is Different

At most companies, identity is a queue of tickets buried inside an infrastructure team. Here its the backbone of our Zero Trust program: you set the strategy, you build the controls, and you answer directly to the CISO. If youve been waiting for identity to be treated as the strategic function it deserves to be, this is that role.

This is one of three Principal openings reporting to our VP Security / CISO: Identity (who and what gets access), Cloud & Network Security (where workloads run and how traffic moves), and Product Security (the code and its vulnerabilities). Apply to the one that sounds like your Tuesday.

Whats in it for you?

We offer our employees more than just competitive compensation. Our team benefits include:
  • Competitive pay and benefits
  • Flexible vacation allowance
  • A hybrid / remote working environment
  • Startup culture backed by a secure, global brand

About Hard Rock

Hard Rock is a chain of theme restaurants founded in 1971 by Isaac Tigrett and Peter Morton in London. In 1979, the cafe began covering its walls with rock and roll memorabilia, a tradition which expanded to others in the chain. In 2007, Hard Rock Cafe International (USA), Inc. was sold to the Seminole Tribe of Florida and was headquartered in Orlando, Florida until April 2018 when the corporate offices were relocated to Davie, Florida. As of July 2018, Hard Rock International has venues in 74 countries, including 185 cafes, 25 hotels, and 12 casinos.
Learn more about Hard Rock
Size
23,000 employees
Industry
Founded
1971

Similar Jobs

More Jobs at Hard Rock

More Information Technology Jobs

Find similar Principal Identity Engineer jobs: