[Remote] Senior Key Management (IAM Engineer)

Note: The job is a remote job and is open to candidates in USA. Blankfactor is dedicated to engineering impact by building high-quality tech solutions for fast-moving industries. They are seeking a Senior Key Management / IAM Engineer to lead the enterprise rollout of Akeyless as a core secrets, key, and identity-enablement platform, focusing on secure, scalable adoption across the organization.

Responsibilities

• Design and implement an enterprise Akeyless architecture, including tenancy strategy, auth methods, access boundaries, and operational model
• Stand up and harden the platform for enterprise use: environments, networking, availability, audit logging, backup/DR considerations, and upgrades
• Define standards for secret lifecycle management (creation, rotation, expiration, revocation, and deletion) aligned with security policies and compliance needs
• Build and maintain self-service workflows to onboard teams and applications to Akeyless with minimal friction
• Implement and govern enterprise key management practices:
• Encryption key generation, rotation, and separation of duties
• Key hierarchy and envelope encryption patterns
• Governance, auditing, and access controls for keys and secret material
• Design integrations with HSMs / KMS systems and associated crypto boundary controls (including policy and operational procedures)
• Establish and enforce application secrets management patterns (runtime injection, sidecar/agent patterns where applicable, CI/CD integration, and secret zero/least exposure)
• Implement SSO and federated identity integration for Akeyless and related tooling (SAML/OIDC), aligning with enterprise IdP standards
• Design and implement IAM patterns such as:
• Workload identity and short-lived credentials
• Role-based access control and least privilege enforcement
• Fine-grained authorization and policy design for platform consumers
• Partner with identity governance stakeholders to ensure alignment with access review and audit requirements
• Design and operate enterprise PKI / certificate management workflows:
• Certificate issuance/renewal automation
• Integration with internal/external CAs as required
• Standards for mTLS, service identity, and certificate lifecycle governance
• Build tooling and automation to make certificate workflows consumable across teams and platforms
• Build infrastructure and integrations enabling broad adoption (examples):
• Azure integrations (identity, networking, managed services)
• CI/CD integrations for secrets and cert issuance (GitHub Actions, ADO, etc., if applicable)
• Kubernetes patterns for secret injection and rotation (where relevant)
• Observability integrations (metrics, logs, alerts) and operational dashboards
• Create documentation, onboarding guides, and reference implementations (“golden paths”) for engineering teams
• Serve as escalation point for complex incidents involving identity, cryptography, and secret distribution

Skills

• Senior-level experience in enterprise secrets management and IAM (design + operational ownership)
• Strong expertise in: Enterprise key management practices (rotation, separation of duties, auditability, crypto governance)
• Application secrets management (runtime consumption patterns, rotation automation, CI/CD integration)
• SSO / federated identity (SAML, OIDC), RBAC, least privilege, and secure access patterns
• Vaults / HSMs and secure key storage concepts (HSM-backed keys, access controls, auditing)
• PKI fundamentals and enterprise certificate lifecycle automation
• Hands-on experience with Akeyless (required) and delivering it as a platform service
• Hands-on experience with Azure (required), including identity and security constructs
• Strong engineering discipline: automation-first mindset, high-quality documentation, and operational readiness
• Experience integrating secrets and PKI workflows with Kubernetes (secret injection, rotation strategies, workload identity patterns)
• Experience with regulatory/compliance-driven environments (SOC2, ISO 27001, PCI, HIPAA, etc.) and audit-ready controls
• Familiarity with threat modeling, cryptographic boundary design, and secure-by-default platform guardrails
• Experience building self-service internal platforms (platform engineering practices, developer enablement)
• Strong scripting/programming ability (e.g., Python, Go, or similar) for automation and tooling

Company Overview

• Blankfactor is a team of engineers, project managers, issue solvers & tech consultants committed to developing & innovating tech solutions. It was founded in 2019, and is headquartered in San Francisco, California, USA, with a workforce of 501-1000 employees. Its website is https://blankfactor.com/.

Company H1B Sponsorship

• Blankfactor has a track record of offering H1B sponsorships, with 3 in 2025, 1 in 2024. Please note that this does not guarantee sponsorship for this specific role.

Apply tot his job Apply To this Job