Principal Security Engineer (IAM / Zero Trust)

Vaco is partnering with a fintech organization to hire a Principal Security Engineer focused on Identity and Access Management as part of a broader shift toward modern, Zero Trust architecture. This is a high-impact, hands-on role centered on designing and building scalable identity systems that support a cloud-native, distributed environment.


This role goes beyond traditional IAM. The focus is on evolving identity into a dynamic, risk-aware control plane across both human and non-human access. The ideal candidate is a builder who can operate at the architecture level while still driving implementation, automation, and integration across complex systems.


The role is ideally based in Tempe with a hybrid schedule, but remote candidates will be considered.


What You'll Be Doing

• Define and evolve enterprise Identity strategy, architecture, and roadmap aligned to Zero Trust principles
• Design and implement modern IAM solutions across user, application, and machine identities
• Transition access models from static RBAC to risk-based and adaptive authorization frameworks
• Architect identity lifecycle management including provisioning, deprovisioning, and governance workflows
• Design authentication and authorization solutions including MFA, SSO, and passwordless approaches
• Lead efforts to secure non-human identities including service accounts, APIs, and distributed workloads
• Implement Just-in-Time (JIT) access and least privilege models to reduce standing access risk
• Integrate IAM solutions across cloud and enterprise platforms using protocols such as SAML, OAuth, OpenID Connect, and SCIM
• Partner with SOC and security teams to build detection and response capabilities for identity-based threats
• Develop automation-first solutions using scripting, APIs, and Infrastructure as Code
• Provide technical leadership and mentorship to engineering teams and influence secure development practices
• Collaborate with business and technical stakeholders to drive adoption and align identity strategy with business needs

Required Experience

• 8 years of experience in cybersecurity, security engineering, or related fields
• 5 years focused on Identity and Access Management
• Proven experience designing and implementing enterprise-scale IAM solutions
• Strong understanding of Zero Trust architecture and modern identity security principles
• Hands-on experience with IAM platforms such as Okta, Entra ID, Ping, or similar
• Experience with identity governance and PAM tools such as SailPoint, Saviynt, or CyberArk
• Strong understanding of identity protocols including OAuth, OpenID Connect, SAML, and SCIM
• Experience securing cloud-native environments across AWS, Azure, or GCP
• Experience with scripting and automation using tools such as Python or PowerShell
• Familiarity with microservices and API-driven architectures

Nice to Have

• Experience in fintech or other regulated environments
• Experience with Kubernetes, service mesh, or container-based architectures
• Familiarity with Terraform or Infrastructure as Code practices
• Experience building identity threat detection and response capabilities
• Security certifications such as CISSP, CISM, or vendor-specific IAM certifications

A Special Note to Applicants

• The current volume of automated and AI-generated applications is on the rise. If you have read this posting in full and believe this role genuinely aligns with your experience, we encourage you to apply thoughtfully.
• Applicants who include the word "Blue Steel" somewhere in their resume or cover note, or who reach out directly via LinkedIn to the recruiter who appreciates a good Zoolander reference, will help us route submissions more effectively

Compensation

• Hourly rate: $75-90/hr
• 1-year W2 contract through Vaco
• Eligible for Vaco benefits including health, dental, vision, and 401(k)

Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual's skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company's 401(k) retirement plan. Additional disclaimer: Unless otherwise noted in the job description, the position Vaco/Highspring is filing for is occupied. Please note, however, that Vaco/Highspring is regularly asked to provide talent to other organizations. By submitting to this position, you are agreeing to be included in our talent pool for future hiring for similarly qualified positions. Submissions to this position are subject to the use of AI to perform preliminary candidate screenings, focused on ensuring minimum job requirements noted in the position are satisfied. Further assessment of candidates beyond this initial phase within Vaco/Highspring will be otherwise assessed by recruiters and hiring managers. Vaco/Highspring does not have knowledge of the tools used by its clients in making final hiring decisions and cannot opine on their use of AI products.


Vaco by Highspring values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.

EEO Notice


Vaco by Highspring is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law.


Vaco by Highspring and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco by Highspring and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact View email address on click.appcast.io .


Vaco by Highspring also wants all applicants to know their rights that workplace discrimination is illegal .


By submitting to this position, you agree that you will be giving Vaco by Highspring the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco by Highspring about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco by Highspring agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal.

Privacy Notice


Vaco by Highspring and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco by Highspring") respects your privacy and are committed to providing transparent notice of our policies.

• California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here .
• Virginia residents may access our state specific policies here .
• Residents of all other states may access our policies here .
• Canadian residents may access our policies in English here and in French here .
• Residents of countries governed by GDPR may access our policies here .

Pay Transparency Notice


Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:

• the individual's skill sets, experience and training;
• licensure and certification requirements;
• office location and other geographic considerations;
• other business and organizational needs.

With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.