Archer · 1 day ago
Identity and Access Management Engineer (Hybrid)
San Jose, CA
Full-time
Hybrid
Senior Level
$133K/yr - $200K/yr
5+ years expArcher is an aerospace company based in San Jose, California, focused on advancing sustainable air mobility through innovative aircraft design. They are seeking an Identity and Access Management Engineer to design and protect their identity ecosystem, developing enterprise-level authentication and access solutions while ensuring compliance with relevant standards.
AerospaceAir TransportationElectric VehicleManufacturing
No H1B
Responsibilities
Design and implement Zero Trust Architecture (ZTA) across Archer's enterprise network, eliminating implicit trust and enforcing continuous verification of user identity and device posture before granting access
Architect and maintain Okta as the authoritative Identity Provider (IdP) for Archer, managing Single Sign-On (SSO), Multi-Factor Authentication (MFA), and user lifecycle management across all enterprise applications and SaaS platforms
Design and implement Privileged Access Management (PAM) using Delinea, including credential vaulting, privileged session management, and automated credential rotation for administrative and service accounts
Implement Identity Governance and Administration (IGA) controls to enforce role-based access control (RBAC), segregation of duties, periodic access reviews, and just-in-time (JIT) access provisioning
Build and maintain federated identity standards (OIDC, SAML, SCIM) to enable secure integration between Archer's identity platform and third-party applications, cloud providers, and vendor systems
Conduct access control audits and design remediation strategies to ensure compliance with NIST SP 800-171 Access Control (AC) requirements, CMMC Level 2 practices, and SOX ITGC expectations for financial systems
Implement automated audit logging and session recording for all authentication and privileged access events, ensuring that individual users' actions can be uniquely traced for compliance investigations and forensic analysis
Secure third-party and contractor access by implementing time-limited, role-restricted access provisioning and automated de-provisioning upon project completion or relationship termination
Stay current with emerging identity threats, attack vectors, and security best practices, including insider threats, account takeover (ATO), and lateral movement techniques
Provide technical guidance and training to IT, application, and security teams on identity best practices and policy enforcement
Qualification
Required
5 plus years of experience in Identity and Access Management or related roles, with a minimum of 2 years in a senior or architect-level capacity
Hands-on design and implementation experience with enterprise Identity Providers such as Okta, Azure AD (Active Directory), or Ping Identity
Deep technical understanding of authentication protocols and standards, including OIDC, SAML, OAuth 2.0, and LDAP
Extensive experience designing and operating Privileged Access Management (PAM) solutions, preferably Delinea, including credential vaulting, session recording, and approval workflows
Working knowledge of RBAC (Role-Based Access Control) design and implementation, with the ability to map complex organizational hierarchies to access policies
Experience implementing and managing Multi-Factor Authentication (MFA) technologies such as FIDO2, Okta Verify, Duo Security, YubiKey, and PKI-based authentication
Strong understanding of NIST SP 800-171 and CMMC Level 2 requirements, specifically as they relate to access control, audit logging, and identity governance
Proficiency in scripting and automation using PowerShell, Python, or Bash to automate identity workflows, audit processes, and integrations
Excellent communication skills to translate complex identity architecture and compliance requirements to both technical teams and executive leadership
Preferred
Hands-on experience architecting and implementing Zero Trust Architecture (ZTA) across enterprise networks
Experience with Identity Governance and Administration (IGA) platforms such as SailPoint or Okta Identity Governance
Knowledge of SCIM (System for Cross-Domain Identity Management) and REST APIs for automating user provisioning and de-provisioning across SaaS applications and HR systems
Familiarity with aerospace, defense, or federal contractor environments, including experience with ITAR, CMMC enforcement, or DoD contract requirements
Experience conducting or participating in CMMC Level 2 assessments or NIST 800-171 compliance audits
Relevant security certifications such as CISSP, CISM, and Okta Certified Administrator, or Azure Administrator (AZ-104)
Experience with insider threat detection, behavioral analytics, and anomalous access pattern identification
Knowledge of Single Sign-On (SSO) attacks, credential stuffing, phishing-resistant MFA, and modern attack techniques against identity systems
Direct experience with compliance frameworks, ISO 27001, PCI, HIPAA, ITAR/ EAR, NIST 800-171, CMMC, CUI, and DO-326A
Advanced degrees in Computer Science, Cybersecurity, or Engineering
Company
Archer
Archer is an aerospace company that developed an electric vertical takeoff and landing aircraft tailored for urban air mobility systems.
1001-5000 employees
Funding
Current Stage
Public CompanyTotal Funding
$3.48BKey Investors
BlackRockStellantis
2025-11-06Post Ipo Equity· $650M
2025-06-12Post Ipo Equity· $850M
2025-02-11Post Ipo Equity· $300M
Leadership Team
Adam Goldstein
Founder and CEO
Tom Muniz
Chief Technology Officer
Recent News
2026-01-19
News Powered by Cision
2026-01-16
Company data provided by crunchbase