Summary:AI agents break the assumptions traditional identity systems were built on: who is acting, on whose behalf, and with what authority. In this foundational role you will design and build the core identity and authorization building blocks that everything else in our AI security platform depends on, from how we model agent identity and delegated actions to how we decide what an agent can do at runtime. The interfaces you define set the technical direction for the teams building on top of you. This role will report directly into our Director of Engineering, Securing AI.
What You'll Do:- Design the identity model for AI agents, including delegated (on-behalf-of) actions, composite identities, and how agent activity is attributed for audit.
- Build the authorization engine that decides in real time what an agent is allowed to do, and help select the underlying policy technology such as Cedar, OPA, or AuthZEN.
- Define how we establish trust in identities issued by outside platforms such as Microsoft Entra and Salesforce, and by emerging standards like OpenID Connect for agents.
- Build authorization and continuous-evaluation capabilities that draw on the live session and decision signals our identity products already produce.
- Own the interfaces and contracts the rest of the platform builds against, and keep them clean as the platform grows.
- Act as a technical leader across teams, setting direction and raising the bar on identity and authorization.
What You'll Need:- Typically 10 or more years of software engineering experience, with deep expertise in identity, authorization, or distributed systems security.
- Hands-on experience building authorization or policy systems such as Cedar, OPA, OpenFGA, or a comparable engine.
- Working knowledge of identity and token standards such as OAuth, OpenID Connect, SPIFFE and SPIRE, or workload identity federation.
- A track record of designing systems and interfaces that other teams build on at scale.
- Ability to lead technical decisions that span multiple teams and communicate them clearly to varied audiences.
We'd Love to See:- Experience securing AI or agentic systems.
- Contributions to identity, authorization, or security standards or open source.
- Background in privileged access, secrets management, or identity governance.
For this Job, Delinea is not considering candidates that need any type of US work authorization now or in the future. This includes, but is not limited to: F1-OPT, F1-CPT, H-1B, TN, L-1, J1, etc.
We take care of our employees. We offer competitive salaries, a meaningful bonus program, and excellent benefits, including healthcare insurance, as well as pension/retirement matching, comprehensive life insurance, an employee assistance program, time off plans, and paid company holidays.