Palantir Technologies is hiring a Senior Identity Security Engineer

Responsibilities

• Own the day-to-day identity security posture across corporate, production, customer, and US Government identity planes
• Drive the rollout of agent identity infrastructure - short-lived credentials, lifecycle bound to a human principal, controlled workload onboarding
• Architect authentication, federation, and authorization systems - including SAML, OIDC, and policy-driven access control models (RBAC, ABAC, policy-as-code) - across workforce and workload identity
• Scale non-human identity patterns across service, workload, and agent populations - short-lived credentials, mTLS, identity-based networking
• Drive adoption of just-in-time access patterns across the identity program, partnering with platform and engineering teams on governance rollout and policy enforcement
• Lead identity threat modeling on a regular cadence; publish findings and track remediation
• Serve as a primary security reviewer on identity architecture decisions and cross-team RFCs
• Research and drive adoption of emerging identity security primitives and standards in partnership with Security Engineers across InfoSec
• Partner with engineering teams across Palantir to reduce the attack surface of identity integrations at scale

Requirements

• 5+ years of experience in Information Security, Identity and Access Management, or an equivalent discipline, with demonstrated depth in identity-specific security
• Hands-on production experience with at least one enterprise identity provider (Entra ID, Okta, or equivalent), including its governance and security surface
• Deep technical proficiency in identity protocols (SAML, OIDC, OAuth 2.0, SCIM, FIDO2, WebAuthn) and their attack surface
• Working proficiency in Go, Python, PowerShell, or TypeScript - enough to prototype tooling, analyze identity-handling code for security defects, scale automation across the environment, and engage in code review
• Strong communication skills and ability to communicate to a wide-ranging audience - from engineer-facing design reviews to leadership-facing risk calls

Nice to Have

• Experience with cloud IAM and workload identity patterns - service accounts and identity-based access in distributed environments
• Experience designing or evaluating non-human identity (NHI) architectures - service, workload, and agent - and a strong point of view on where the industry is headed
• Familiarity with privileged access management and secrets management patterns at scale
• A track record of reducing standing access and shifting organizations toward just-in-time access postures in production environments
• Experience with identity governance platforms and a clear-eyed view of their security implications
• Identity threat detection and response experience, including detection engineering against identity telemetry
• Red team, offensive security, or incident response background - especially with an identity focus
• Exposure to regulated environments (FedRAMP, SOX, IL-levels)
• Desire to further the identity security community through substantive contributions (e.g. conference talks, blog posts, public tool development, RFCs)
• Current US security clearance, or eligibility to obtain clearance

Benefits

• Employees (and their eligible dependents) can enroll in medical, dental, and vision insurance as well as voluntary life insurance
• Employees are automatically covered by Palantir’s basic life, AD&D and disability insurance
• Commuter benefits
• Take what you need paid time off, not accrual based
• 2 weeks paid time off built into the end of each year (subject to team and business needs)
• 10 paid holidays throughout the calendar year
• Supportive leave of absence program including time off for military service and medical events
• Paid leave for new parents and subsidized back-up care for all parents
• Fertility and family building benefits including but not limited to adoption, surrogacy, and preservation
• Stipend to help with expenses that come with a new child
• Employees can enroll in Palantir’s 401k plan

Work Arrangement

On-site

Additional Information

• Total compensation for this position may also include Restricted Stock units, sign-on bonus and other potential future incentives.
• This estimate excludes the value of any potential sign-on bonus; the value of any benefits offered; and the potential future value of any long-term incentives.
• In keeping consistent with Palantir’s values and culture, we believe employees are “better together” and in-person work affords the opportunity for more creative outcomes.
• Therefore, we encourage employees to work from our offices to foster connectivity and innovation.
• Many teams do offer hybrid options (WFH a day or two a week), allowing our employees to strike the right trade-off for their personal productivity.
• Based on business need, there are a few roles that allow for “Remote” work on an exceptional basis.
• If you are applying for one of these roles, you must work from the state in which you are employed.
• If the posting is specified as Onsite, you are required to work from an office.
• Palantir values excellence regardless of background. We are proud to be an Equal Opportunity Employer for all, including but not limited to Veterans and those with disabilities.
• Palantir is committed to making the application and hiring process accessible to everyone and will provide a reasonable accommodation for those living with a disability.
• Please note that you will never be asked to submit a payment or share financial information to participate in our interview process.
• If you suspect that you've been contacted by a scammer, we recommend you cease all communication with the individual and consider reporting them to the relevant authorities, such as the US FBI Internet Crime Complaint Center (IC3).