{"schemaVersion":"jobsearcher.job.v1","id":"77fd5a0eeea2bfe2f7a22ab5","url":"https://jobsearcher.com/jobs/77fd5a0eeea2bfe2f7a22ab5","canonicalUrl":"https://jobsearcher.com/jobs/77fd5a0eeea2bfe2f7a22ab5","title":"IAM Architect","description":"Voleon is a technology company that applies state-of-the-art AI and machine learning techniques to real-world problems in finance. For nearly two decades, we have led our industry and worked at the frontier of applying AI/ML to investment management. We have become a multibillion-dollar asset manager, and we have ambitious goals for the future.Your colleagues will include internationally recognized experts in artificial intelligence and machine learning research as well as highly experienced finance and technology professionals. In addition to our enriching and collegial working environment, we offer highly competitive compensation and benefits packages, technology talks by our experts, a beautiful modern office, daily catered lunches, and more.As an IAM Architect, you will define and execute our identity and access management strategy across our hybrid infrastructure. Reporting directly to the CISO, you will be responsible for designing and implementing modern identity solutions that protect our critical intellectual property while enabling our research, engineering, and operations teams to move quickly. Initially working as a senior individual contributor, you will architect solutions across on-premise Linux environments, Kubernetes clusters, Windows systems, cloud identity providers, and public cloud platforms. As our IAM program matures, you will build and lead a team to scale our identity management capabilities. This role is a means to make a difference: you will establish credibility with senior technical leaders and transform identity management by focusing on high-risk areas while being mindful of production requirements.ResponsibilitiesDesign and implement IAM strategy across hybrid infrastructure - Linux, Kubernetes, Windows, AWS, Azure, and cloud identity providersArchitect identity solutions that bridge POSIX-based authentication with modern cloud platforms (OIDC, SAML, federation), migrating from legacy modelsImplement privileged access management - just-in-time access, least privilege, periodic reviews, and accountability for shared service accountsExtend zero-trust capabilities beyond current SASE remote access to broader infrastructurePartner cross-functionally with Security Engineering, Infrastructure, DevOps, and Corp IT to integrate identity controls without disrupting productionDefine the IAM roadmap — prioritize high-risk areas, translate business requirements into technical solutions, and establish credibility with senior engineering and research leadersBuild the IAM team - hire, mentor, and lead IAM engineers as the program scalesRequirements8+ years of experience in identity and access management, security engineering, or infrastructure engineering with focus on authentication/authorizationDeep expertise in hybrid identity architectures bridging on-premise (LDAP, FreeIPA, Active Directory) and cloud identity platforms (AWS IAM, Azure AD/Entra, Google Workspace)Strong understanding of modern authentication protocols: OIDC, SAML, OAuth2, LDAP, KerberosHands-on experience implementing identity solutions in Linux-heavy environments with POSIX requirementsExperience with cloud IAM platforms (AWS IAM / Identity Center, Azure AD, GCP IAM) including roles, policies, federation, and service accountsKnowledge of privileged access management (PAM) tools and patterns (CyberArk, HashiCorp Vault, AWS Secrets Manager, or similar)Understanding of zero-trust architecture principles and implementation patternsDemonstrated ability to balance security requirements with operational workflows and production stabilityProven track record working with senior technical leaders and building organizational trustStrong communication skills to explain complex identity concepts to both technical and non-technical stakeholdersExperience or strong interest in building and leading technical teamsPreferred QualificationsExperience with Kubernetes service account management and pod identity patternsFamiliarity with infrastructure-as-code (Terraform, Ansible) for identity provisioningExperience implementing SCIM for automated user lifecycle managementBackground in financial services, hedge funds, or high-security research environmentsExperience with compliance frameworks (SOC 2, ISO 27001) as they relate to identityCertifications such as CISSP, CCSP, or vendor-specific identity certificationsBachelor's or Master's degree in Computer Science, Information Security, or related field“Friends of Voleon” Candidate Referral ProgramIf you have a great candidate in mind for this role and would like to have the potential to earn $15,000 if your referred candidate is successfully hired and employed by The Voleon Group, please use this form to submit your referral. For more details regarding eligibility, terms and conditions please make sure to review the Voleon Referral Bonus Program.Equal Opportunity EmployerThe Voleon Group is an Equal Opportunity employer. Applicants are considered without regard to race, color, religion, creed, national origin, age, sex, gender, marital status, sexual orientation and identity, genetic information, veteran status, citizenship, or any other factors prohibited by local, state, or federal law.Compensation Range: $280K - $310K","company":"Voleon Group","rawCompany":"voleon group","city":"Berkeley","state":"CA","isRemote":false,"isActive":false,"createdAt":"2026-05-06T08:22:07.632Z","occupations":[{"code":"15-1299.08","title":"Computer Systems Engineers/Architects","slug":"computer-systems-engineers-architects"},{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"},{"code":"15-1244.00","title":"Network and Computer Systems Administrators","slug":"network-and-computer-systems-administrators"}],"industries":[{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"},{"code":"513210","title":"Software Publishers","slug":"software-publishers"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"IAM Architect","description":"Voleon is a technology company that applies state-of-the-art AI and machine learning techniques to real-world problems in finance. For nearly two decades, we have led our industry and worked at the frontier of applying AI/ML to investment management. We have become a multibillion-dollar asset manager, and we have ambitious goals for the future.Your colleagues will include internationally recognized experts in artificial intelligence and machine learning research as well as highly experienced finance and technology professionals. In addition to our enriching and collegial working environment, we offer highly competitive compensation and benefits packages, technology talks by our experts, a beautiful modern office, daily catered lunches, and more.As an IAM Architect, you will define and execute our identity and access management strategy across our hybrid infrastructure. Reporting directly to the CISO, you will be responsible for designing and implementing modern identity solutions that protect our critical intellectual property while enabling our research, engineering, and operations teams to move quickly. Initially working as a senior individual contributor, you will architect solutions across on-premise Linux environments, Kubernetes clusters, Windows systems, cloud identity providers, and public cloud platforms. As our IAM program matures, you will build and lead a team to scale our identity management capabilities. This role is a means to make a difference: you will establish credibility with senior technical leaders and transform identity management by focusing on high-risk areas while being mindful of production requirements.ResponsibilitiesDesign and implement IAM strategy across hybrid infrastructure - Linux, Kubernetes, Windows, AWS, Azure, and cloud identity providersArchitect identity solutions that bridge POSIX-based authentication with modern cloud platforms (OIDC, SAML, federation), migrating from legacy modelsImplement privileged access management - just-in-time access, least privilege, periodic reviews, and accountability for shared service accountsExtend zero-trust capabilities beyond current SASE remote access to broader infrastructurePartner cross-functionally with Security Engineering, Infrastructure, DevOps, and Corp IT to integrate identity controls without disrupting productionDefine the IAM roadmap — prioritize high-risk areas, translate business requirements into technical solutions, and establish credibility with senior engineering and research leadersBuild the IAM team - hire, mentor, and lead IAM engineers as the program scalesRequirements8+ years of experience in identity and access management, security engineering, or infrastructure engineering with focus on authentication/authorizationDeep expertise in hybrid identity architectures bridging on-premise (LDAP, FreeIPA, Active Directory) and cloud identity platforms (AWS IAM, Azure AD/Entra, Google Workspace)Strong understanding of modern authentication protocols: OIDC, SAML, OAuth2, LDAP, KerberosHands-on experience implementing identity solutions in Linux-heavy environments with POSIX requirementsExperience with cloud IAM platforms (AWS IAM / Identity Center, Azure AD, GCP IAM) including roles, policies, federation, and service accountsKnowledge of privileged access management (PAM) tools and patterns (CyberArk, HashiCorp Vault, AWS Secrets Manager, or similar)Understanding of zero-trust architecture principles and implementation patternsDemonstrated ability to balance security requirements with operational workflows and production stabilityProven track record working with senior technical leaders and building organizational trustStrong communication skills to explain complex identity concepts to both technical and non-technical stakeholdersExperience or strong interest in building and leading technical teamsPreferred QualificationsExperience with Kubernetes service account management and pod identity patternsFamiliarity with infrastructure-as-code (Terraform, Ansible) for identity provisioningExperience implementing SCIM for automated user lifecycle managementBackground in financial services, hedge funds, or high-security research environmentsExperience with compliance frameworks (SOC 2, ISO 27001) as they relate to identityCertifications such as CISSP, CCSP, or vendor-specific identity certificationsBachelor's or Master's degree in Computer Science, Information Security, or related field“Friends of Voleon” Candidate Referral ProgramIf you have a great candidate in mind for this role and would like to have the potential to earn $15,000 if your referred candidate is successfully hired and employed by The Voleon Group, please use this form to submit your referral. For more details regarding eligibility, terms and conditions please make sure to review the Voleon Referral Bonus Program.Equal Opportunity EmployerThe Voleon Group is an Equal Opportunity employer. Applicants are considered without regard to race, color, religion, creed, national origin, age, sex, gender, marital status, sexual orientation and identity, genetic information, veteran status, citizenship, or any other factors prohibited by local, state, or federal law.Compensation Range: $280K - $310K","datePosted":"2026-05-06T08:22:07.632Z","dateModified":"2026-05-06T08:22:07.632Z","hiringOrganization":{"@type":"Organization","name":"Voleon Group","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Berkeley","addressRegion":"CA","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"77fd5a0eeea2bfe2f7a22ab5"},"url":"https://jobsearcher.com/jobs/77fd5a0eeea2bfe2f7a22ab5"}}