
IAM Architect
The Voleon Group · United States
- Hybrid
- Full-time
- $310,000 / year
- United States
Job highlights
- Define and execute IAM strategy across hybrid infrastructure.
- Design modern identity solutions protecting intellectual property.
- Architect solutions for Linux, Kubernetes, cloud, and Windows.
- Implement privileged access management and zero-trust.
- Build and lead a future IAM team.
About the role
IAM Architect
Voleon is a technology company that applies state-of-the-art machine learning techniques to real-world problems in finance. For more than a decade, we have led our industry and worked at the frontier of applying machine learning to investment management. We have become a multibillion-dollar asset manager, and we have ambitious goals for the future.
In addition to our enriching and collegial working environment, we offer highly competitive compensation and benefits packages, technology talks by our experts, a beautiful modern office, catered lunches, and more.
About the Role
As an IAM Architect, you will define and execute our identity and access management strategy across our hybrid infrastructure. Reporting directly to the CISO, you will be responsible for designing and implementing modern identity solutions that protect our critical intellectual property while enabling our research, engineering, and operations teams to move quickly. Initially working as a senior individual contributor, you will architect solutions across on-premise Linux environments, Kubernetes clusters, Windows systems, cloud identity providers, and public cloud platforms. As our IAM program matures, you will build and lead a team to scale our identity management capabilities. This role is a means to make a difference: you will establish credibility with senior technical leaders and transform identity management by focusing on high-risk areas while being mindful of production requirements.
Responsibilities
- Design and implement IAM strategy across hybrid infrastructure - Linux, Kubernetes, Windows, AWS, Azure, and cloud identity providers
- Architect identity solutions that bridge POSIX-based authentication with modern cloud platforms (OIDC, SAML, federation), migrating from legacy models
- Implement privileged access management - just-in-time access, least privilege, periodic reviews, and accountability for shared service accounts
- Extend zero-trust capabilities beyond current SASE remote access to broader infrastructure
- Partner cross-functionally with Security Engineering, Infrastructure, DevOps, and Corp IT to integrate identity controls without disrupting production
- Define the IAM roadmap — prioritize high-risk areas, translate business requirements into technical solutions, and establish credibility with senior engineering and research leaders
- Build the IAM team - hire, mentor, and lead IAM engineers as the program scales
Requirements
- 8+ years of experience in identity and access management, security engineering, or infrastructure engineering with focus on authentication/authorization
- Deep expertise in hybrid identity architectures bridging on-premise (LDAP, FreeIPA, Active Directory) and cloud identity platforms (AWS IAM, Azure AD/Entra, Google Workspace)
- Strong understanding of modern authentication protocols: OIDC, SAML, OAuth2, LDAP, Kerberos
- Hands-on experience implementing identity solutions in Linux-heavy environments with POSIX requirements
- Experience with cloud IAM platforms (AWS IAM / Identity Center, Azure AD, GCP IAM) including roles, policies, federation, and service accounts
- Knowledge of privileged access management (PAM) tools and patterns (CyberArk, HashiCorp Vault, AWS Secrets Manager, or similar)
- Understanding of zero-trust architecture principles and implementation patterns
- Demonstrated ability to balance security requirements with operational workflows and production stability
- Proven track record working with senior technical leaders and building organizational trust
- Strong communication skills to explain complex identity concepts to both technical and non-technical stakeholders
- Experience or strong interest in building and leading technical teams
Preferred Qualifications
- Experience with Kubernetes service account management and pod identity patterns
- Familiarity with infrastructure-as-code (Terraform, Ansible) for identity provisioning
- Experience implementing SCIM for automated user lifecycle management
- Background in financial services, hedge funds, or high-security research environments
- Experience with compliance frameworks (SOC 2, ISO 27001) as they relate to identity
- Certifications such as CISSP, CCSP, or vendor-specific identity certifications
- Bachelor's or Master's degree in Computer Science, Information Security, or related field
Key skills/competency
- Identity and Access Management (IAM)
- Security Architecture
- Cloud Identity Platforms (AWS IAM, Azure AD, GCP IAM)
- Hybrid Identity Architectures
- Privileged Access Management (PAM)
- Zero Trust Architecture
- Authentication Protocols (OIDC, SAML)
- Linux Security
- Kubernetes Security
- Team Leadership
Skills & topics
- IAM Architect
- Identity and Access Management
- Security Architecture
- Cloud Security
- Hybrid Cloud
- Privileged Access Management
- Zero Trust
- AWS IAM
- Azure AD
- Linux Security
- Kubernetes Security
- OIDC
- SAML
- Finance Technology
- Hedge Fund Security
How to get hired
- Tailor your resume: Highlight your 8+ years of IAM experience, hybrid architecture expertise, and protocol knowledge.
- Showcase leadership potential: Emphasize any experience in building or leading technical teams.
- Demonstrate cross-functional collaboration: Provide examples of partnering with engineering, DevOps, and IT.
- Understand Voleon's mission: Align your application with their focus on machine learning in finance.
- Prepare for technical interviews: Be ready to discuss IAM strategies and solutions for complex environments.
Technical preparation
Behavioral questions
Frequently asked questions
- What is the salary range for the IAM Architect position at The Voleon Group?
- The Voleon Group offers a competitive compensation package for the IAM Architect role, with a salary range between $280,000 and $310,000 annually.
- What are the key technical skills required for the IAM Architect role at The Voleon Group?
- Key technical skills include deep expertise in hybrid identity architectures, modern authentication protocols (OIDC, SAML), cloud IAM platforms (AWS, Azure, GCP), privileged access management, and Linux environments.
- Does The Voleon Group offer remote work for the IAM Architect position?
- While the description mentions a 'beautiful modern office' and catered lunches, it doesn't explicitly state remote work. Given the hybrid infrastructure focus and need for collaboration, it's likely a hybrid or on-site role. It's best to clarify during the application process.
- What is the career progression for an IAM Architect at The Voleon Group?
- The role starts as a senior individual contributor with the opportunity to architect and implement solutions. As the program matures, there is a clear path to build and lead an IAM team.
- What experience is preferred for the IAM Architect role at The Voleon Group?
- Preferred qualifications include experience with Kubernetes, infrastructure-as-code (Terraform, Ansible), SCIM, financial services background, and relevant security certifications like CISSP or CCSP.
- How does The Voleon Group approach identity and access management?
- The Voleon Group focuses on defining and executing an IAM strategy across hybrid infrastructure, designing modern identity solutions, implementing privileged access management, and extending zero-trust capabilities to protect intellectual property.
- What is the role of the CISO in the IAM Architect position at The Voleon Group?
- The IAM Architect reports directly to the CISO, indicating a high level of visibility and strategic importance for the role within the organization's security leadership.
- What kind of projects will an IAM Architect work on at The Voleon Group?
- Projects include designing and implementing IAM strategy across diverse environments (Linux, Kubernetes, Windows, AWS, Azure), architecting solutions that bridge on-premise and cloud identities, and implementing privileged access management.