Sr. Principal IAM Security Engineer

Sr. Principal Identity & Access Management (IAM) Security Engineer 

Location: Remote Eligible 
Team: Cyber Defense – IAM 

Autodesk’s Cyber Defense team is looking for a Sr. Principal IAM Security Engineer to lead the strategy and execution for modern Identity and Access Management across human and non-human identities, including service accounts, workloads, secrets-backed identities, federated identities, and emerging AI/agentic identity patterns. You’ll design and drive scalable, secure-by-default identity guardrails for workforce and platform/product environments, enabling engineering teams to move fast while reducing systemic identity risk. 

You’ll lead key initiatives such as Zero Trust enforcement, Non-Human Identity (NHI) governance, IAM Threat Management and automation of identity workflows, while working across multiple business units to align platforms, reduce risk, and build seamless access experiences. 

Key Responsibilities 

Identity strategy & governance 

• Define the enterprise and platform IAM strategy for human identities, NHI, and AI/agent identities, including lifecycle, authentication, authorization, and auditing standards. 

• Establish identity reference architectures, patterns, and paved roads for product teams and internal engineering. 

Non-human identity security (enterprise + platform) 

• Build and operationalize controls for service identities, workload identities, API identities, bots, and automation accounts across cloud, CI/CD, and runtime environments. 

• Drive adoption of short-lived, federated credentials where feasible; reduce static secrets and unmanaged service accounts. 

• Implement lifecycle governance for NHI: creation standards, ownership, rotation/attestation, inactivity reaping, and incident response playbooks. 

AI / agentic identity enablement 

• Define secure patterns for AI acting on behalf of users or services, including delegated authorization, scoped tokens, and least-privilege access models. 

• Partner with AI platform teams to implement guardrails: identity provenance, policy enforcement, auditing, and kill-switch mechanisms for misbehaving agents. 

• Ensure AI identity behaviors are measurable and governable (logging, traceability, approvals for sensitive actions, segmentation of duties). 

AI Identity Engineering 

• Embed AI and machine learning capabilities into IAM platforms and security tooling to enable intelligent, automated identity governance — including access decisioning, anomaly detection, and agent behavior monitoring. 

• Design, build, and deploy purpose-built AI agents and ML-powered security systems that autonomously execute IAM functions — including identity lifecycle management, entitlement reviews, and real-time response to identity-based threats. 

• Fine-tune and optimize existing AI models against Autodesk-specific identity and access data to improve accuracy of threat detection, behavioral anomaly identification, and access risk scoring within the IAM environment. 

Authorization, policy, and access modeling 

• Build/standardize authorization models (RBAC/ABAC/ReBAC as appropriate) across workforce and product systems. 

• Drive consistent policy as code, access reviews, and privileged access workflows. 

• Define standards for token scopes, claims, session constraints, step-up auth, and sensitive action protections. 

Operational excellence & incident readiness 

• Improve detection/response for identity threats: anomalous token use, privilege escalation, credential misuse, service-account sprawl. 

• Create metrics and reporting for identity posture and platform adoption (coverage, drift, exceptions, time-to-remediate). 

• Lead identity-related investigations and post-incident improvements. 

Leadership & influence 

• Serve as a senior technical leader influencing engineering orgs, platform teams, and security; mentor others and raise the bar on identity engineering. 

• Translate risk into pragmatic engineering requirements; drive roadmaps across multiple teams. 

What We’re Looking For 

• 10+ years in IAM / security engineering, including designing identity architectures at enterprise scale. 

• Proven experience securing non-human identities across cloud, CI/CD, and production runtimes. 

• Deep knowledge of auth standards: OAuth2, OIDC, SAML, JWT, token exchange, federation, and modern workload identity patterns. 

• Strong authorization design experience: modeling permissions, least privilege, policy enforcement, and access governance. 

• Experience designing or securing systems where software agents act on behalf of users/services (delegation, impersonation, tool access, constrained execution). 

• Ability to define guardrails for agentic actions: approval gates, scoped permissions, auditable trails, and containment strategies. 

• Strong software engineering fundamentals (APIs, distributed systems, logging/telemetry); ability to review designs and code. 

• Experience with cloud IAM ecosystems and platform primitives (identity federation, workload identity, secretless patterns, KMS/HSM integration). 

• Experience building identity “paved roads” and internal developer platforms (IDP) patterns for identity. 

• Experience with privileged access management and tiering models for admin access. 

• Familiarity with CI/CD identity, signing, and provenance controls (build identities, artifact trust, token hardening). 

• Drives measurable risk reduction and adoption across orgs. 

• Sets standards others follow; resolves ambiguous identity problems; leads through influence. 

This is a strategic and hands-on role for someone who wants to lead Autodesk’s enterprise identity posture, drive large-scale impact across teams, and ensure our systems are secure, automated, and aligned with Zero Trust principles.