[Remote] Senior Key Management (IAM Engineer)

Note: The job is a remote job and is open to candidates in USA. Blankfactor is dedicated to engineering impact by building high-quality tech solutions for fast-moving industries. They are seeking a Senior Key Management / IAM Engineer to lead the enterprise rollout of Akeyless as a core secrets, key, and identity-enablement platform, focusing on secure, scalable adoption across the organization. Responsibilities • Design and implement an enterprise Akeyless architecture, including tenancy strategy, auth methods, access boundaries, and operational model • Stand up and harden the platform for enterprise use: environments, networking, availability, audit logging, backup/DR considerations, and upgrades • Define standards for secret lifecycle management (creation, rotation, expiration, revocation, and deletion) aligned with security policies and compliance needs • Build and maintain self-service workflows to onboard teams and applications to Akeyless with minimal friction • Implement and govern enterprise key management practices: • Encryption key generation, rotation, and separation of duties • Key hierarchy and envelope encryption patterns • Governance, auditing, and access controls for keys and secret material • Design integrations with HSMs / KMS systems and associated crypto boundary controls (including policy and operational procedures) • Establish and enforce application secrets management patterns (runtime injection, sidecar/agent patterns where applicable, CI/CD integration, and secret zero/least exposure) • Implement SSO and federated identity integration for Akeyless and related tooling (SAML/OIDC), aligning with enterprise IdP standards • Design and implement IAM patterns such as: • Workload identity and short-lived credentials • Role-based access control and least privilege enforcement • Fine-grained authorization and policy design for platform consumers • Partner with identity governance stakeholders to ensure alignment with access review and audit requirements • Design and operate enterprise PKI / certificate management workflows: • Certificate issuance/renewal automation • Integration with internal/external CAs as required • Standards for mTLS, service identity, and certificate lifecycle governance • Build tooling and automation to make certificate workflows consumable across teams and platforms • Build infrastructure and integrations enabling broad adoption (examples): • Azure integrations (identity, networking, managed services) • CI/CD integrations for secrets and cert issuance (GitHub Actions, ADO, etc., if applicable) • Kubernetes patterns for secret injection and rotation (where relevant) • Observability integrations (metrics, logs, alerts) and operational dashboards • Create documentation, onboarding guides, and reference implementations (“golden paths”) for engineering teams • Serve as escalation point for complex incidents involving identity, cryptography, and secret distribution Skills • Senior-level experience in enterprise secrets management and IAM (design + operational ownership) • Strong expertise in: Enterprise key management practices (rotation, separation of duties, auditability, crypto governance) • Application secrets management (runtime consumption patterns, rotation automation, CI/CD integration) • SSO / federated identity (SAML, OIDC), RBAC, least privilege, and secure access patterns • Vaults / HSMs and secure key storage concepts (HSM-backed keys, access controls, auditing) • PKI fundamentals and enterprise certificate lifecycle automation • Hands-on experience with Akeyless (required) and delivering it as a platform service • Hands-on experience with Azure (required), including identity and security constructs • Strong engineering discipline: automation-first mindset, high-quality documentation, and operational readiness • Experience integrating secrets and PKI workflows with Kubernetes (secret injection, rotation strategies, workload identity patterns) • Experience with regulatory/compliance-driven environments (SOC2, ISO 27001, PCI, HIPAA, etc.) and audit-ready controls • Familiarity with threat modeling, cryptographic boundary design, and secure-by-default platform guardrails • Experience building self-service internal platforms (platform engineering practices, developer enablement) • Strong scripting/programming ability (e.g., Python, Go, or similar) for automation and tooling Company Overview • Blankfactor is a team of engineers, project managers, issue solvers & tech consultants committed to developing & innovating tech solutions. It was founded in 2019, and is headquartered in San Francisco, California, USA, with a workforce of 501-1000 employees. Its website is Company H1B Sponsorship • Blankfactor has a track record of offering H1B sponsorships, with 3 in 2025, 1 in 2024. Please note that this does not guarantee sponsorship for this specific role. Apply tot his job

Apply tot his job

Apply To this Job