Staff IAM Engineer, Non-Human Identity jobs in United States
cer-icon
Apply on Employer Site
company-logo

SoFi · 2 months ago

Staff IAM Engineer, Non-Human Identity

positionSan Francisco, CA
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
date3+ years exp

SoFi is a next-generation financial services company and national bank using innovative technology to transform personal finance. The Staff IAM Engineer, Non-Human Identity is responsible for securing and managing non-human identities across various infrastructures, ensuring adherence to governance and security principles. This role involves designing systems for secure authentication and access provisioning while protecting sensitive financial data from potential threats.

CreditCredit CardsFinancial ServicesFinTechLendingWealth Management
check
H1B Sponsor Likelynote

Responsibilities

Design, implement, and maintain a Non-Human Identity (NHI) framework governing all service accounts, API tokens, certificates, and machine credentials
Implement centralized secrets management using tools such as HashiCorp Vault or AWS Secrets Manager
Build integrations with CI/CD pipelines and cloud services (AWS, GCP, Azure) to enforce automated credential rotation and JIT provisioning
Define and implement tagging, ownership, and classification models for non-human identities
Develop scalable onboarding processes for applications, workloads, and bots that require secure authentication
Develop automated workflows for creation, rotation, deactivation, and certification of service accounts and API keys
Partner with developers and DevOps to transition hard-coded credentials to secure vaults
Establish policies for key rotation frequency, credential expiration, and certificate renewal
Integrate NHI lifecycle into IAM governance tools (Okta)
Support quarterly access reviews and certification campaigns for non-human identities
Build automation using APIs, Python, PowerShell, or Terraform to manage credentials and monitor access
Integrate non-human identity telemetry into SIEM/SOAR platforms for anomaly detection
Implement visibility dashboards to track total NHI inventory, owners, last use, and compliance status
Deploy Just-in-Time (JIT) credential provisioning for ephemeral workloads and containers (Kubernetes, Lambda, ECS, etc.)
Enforce least privilege and zero-trust principles for machine access
Monitor for unused or excessive service accounts and remediate over-permissioned credentials
Support incident response teams with forensics on compromised API keys or tokens
Define detection logic for credential misuse or non-standard access patterns
Partner with Application Security to integrate secure NHI handling into SDLC
Maintain audit trails for credential issuance, usage, and rotation events
Produce compliance reports for SOX, SOC 2, PCI DSS, FFIEC, and crypto-custody audits
Collaborate with internal audit and compliance teams to validate NHI control effectiveness
Document architecture, data flows, SOPs, and exception processes for NHI management
Evaluate emerging NHI management solutions (e.g., SPIFFE/SPIRE, workload identity federation, cloud-native secrets stores)
Lead proof-of-concepts to modernize credentialless or short-lived identity methods
Advocate for security automation and the reduction of static credentials across the enterprise

Qualification

Non-Human Identity managementSecrets managementCloud IAM conceptsAutomationScriptingAuthentication standardsAPI securityZero Trust principlesContainer identitiesCollaborationProblem-solving

Required

Bachelor's degree in Computer Science, Cybersecurity, or related discipline
3–6 years of experience in IAM, DevSecOps, or Security Engineering roles
Hands-on experience with non-human identity or secrets management tools
Familiarity with cloud IAM concepts (AWS IAM Roles, Azure Managed Identities, GCP Service Accounts)
Experience integrating IAM or secrets systems with CI/CD pipelines and DevOps tools
Proficiency in automation and scripting (Python, PowerShell, or Bash)
Strong understanding of authentication standards (OIDC, OAuth 2.0, SAML, JWT)
Knowledge of API security, key rotation policies, and service-to-service authentication
Familiarity with container and workload identities (Kubernetes, ECS, Lambda)
Understanding of Zero Trust, machine identity, and certificate lifecycle management

Preferred

HashiCorp Certified Vault Associate
AWS Certified Security – Specialty
Okta Certified Professional or Administrator
(ISC)² Certified Identity and Access Manager (CIAM) or CISSP

Benefits

Comprehensive and competitive benefits

Company

SoFi

twittertwittertwitter
Glassdoor3.6
company-logo
SoFi is a finance company that offers a range of lending and wealth management services.
dateFounded in 2011
location
San Francisco, California, USA
people-size1001-5000 employees
web-link
https://www.sofi.com

H1B Sponsorship

SoFi has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (213)
2024 (117)
2023 (131)
2022 (118)
2021 (81)
2020 (42)

Funding

Current Stage
Public Company
Total Funding
$12.25B
Key Investors
Fortress Investment GroupPGIMQatar Investment Authority
2025-12-04Post Ipo Equity· $1.5B
2025-07-29Post Ipo Equity· $1.5B
2025-04-17Post Ipo Debt· $3.2B

Leadership Team

leader-logo
Anthony Noto
CEO
linkedin
leader-logo
Jeremy Rishel
Chief Technology Officer
linkedin

Recent News

Business Wire
NerdWallet Announces its 2026 Best-Of Awards Winners
2026-01-07
thefly.com
SoFi sinks after BofA resumes at Underperform post capital raise
2026-01-06
dcm.com
dcm ventures - portfolio
2025-12-31
Company data provided by crunchbase