Autodesk Ltd. is seeking a Senior Principal IAM Security Engineer to lead the strategy, design, and execution of secure, scalable identity solutions across the enterprise. You will drive key initiatives like Zero Trust enforcement, Non-Human Identity governance, and automation of identity workflows as part of our Cyber Defense team.
What You'll Do
- Act as a strategic IAM lead and subject matter expert, driving secure identity architecture across SailPoint, Entra ID (Azure AD), AWS IAM, and PAM platforms.
- Drive the implementation of Zero Trust identity controls: phishing-resistant MFA, device-aware conditional access, and least-privilege enforcement.
- Define and govern lifecycle management, classification, and policy for Non-Human Identities (NHIs) such as service accounts and automation agents.
- Manage and enhance Threat Detection platforms and CIEM components.
- Design and deploy Role-Based Access Control (RBAC) frameworks across Autodesk, enabling Day 1 access automation and alignment to job functions.
- Build and maintain integrations between IAM platforms and enterprise systems using APIs, SCIM, Webhooks, and other protocols.
- Develop automation for provisioning, deprovisioning, access reviews, and certification workflows using scripting languages like Python, PowerShell, or equivalent.
- Partner across business units to influence platform teams, drive adoption of identity standards, and streamline access governance practices.
- Collaborate with Compliance and Audit to implement controls for SOX, SOC2, FedRAMP, and internal policy requirements.
- Serve as a mentor and technical coach to junior engineers, fostering team growth and security excellence.
- Participate in architecture reviews, incident response, and risk assessments related to IAM.
What We're Looking For
- 10+ years in IAM and Security Engineering, with 3+ years in a principal-level capacity.
- Ability to map threats against human and non-human identities and implement a strategic plan to reduce and eliminate risks.
- Deep, technology-agnostic understanding of identity security, access governance, and lifecycle management.
- Hands-on experience with SailPoint, Azure AD/Entra ID, AWS IAM, CyberArk, or equivalent platforms.
- Strong experience with coding/scripting (e.g., Python, PowerShell) and building integrations using REST APIs, SCIM, and web services.
- Proven ability to lead identity programs across hybrid cloud environments and influence cross-functional teams.
- Familiarity with compliance frameworks (SOX, SOC2, ISO 27001) and governance-focused access reviews.
- Excellent communication skills; able to influence engineers, business partners, and senior leadership.
Nice to Have
- Experience securing and automating identity for DevOps environments and CI/CD pipelines.
- Familiarity with modern authentication protocols (OAuth2, OIDC, SAML, SPIFFE).
- Strong documentation skills and a track record of policy/standards development.
- Passion for collaboration, mentoring, and building secure-by-default environments.
Technical Stack
- SailPoint, Entra ID (Azure AD), AWS IAM, PAM platforms
- Python, PowerShell, REST APIs, SCIM, Webhooks
- OAuth2, OIDC, SAML, SPIFFE
Team & Environment
This role is part of Autodesk’s Cyber Defense team.
Benefits & Compensation
- Comprehensive benefits package.
- For Canada-BC based roles, starting base salary between $143,600 and $197,450.
- Equity in the form of stock grants.
Work Mode
This is a fully remote position located in Canada-BC.
Autodesk cultivates a culture of belonging where everyone can thrive.
