Staff Security Engineer, Privileged Access (PAM)

About NscaleNscale is the GPU cloud engineered for AI. We provide cost-effective, high-performance infrastructure for AI start-ups and large enterprise customers. Nscale enables AI-focused companies to achieve superior results by reducing the complexity of AI development. Our GPU cloud bolsters technical capabilities and directly supports strategic business outcomes, including cost management, rapid innovation, and environmental responsibility.We thrive on a culture of relentless innovation, ownership, and accountability, where every team member takes pride in their work and drives it with excellence and urgency. As an Nscaler, you'll build trust through openness and transparency, where everyone is inspired to do their best work. If you join our team, you'll be contributing to building the technology that powers the future.About the RoleWe're hiring a Staff Security Engineer focused on Privileged Access and Access Automation to build Nscale's privileged access operating model across enterprise systems, SaaS administration, infrastructure, production environments, source control, data platforms, and emergency access paths.This role sits inside the identity control plane and is intentionally execution-focused. You'll work across Identity, Endpoint, Security Data, Network Security, Platform Engineering, IT, and service owners to turn privileged access into a practical engineering mechanism with request, approval, justification, time-bound elevation, session or event evidence, automated revocation, break-glass, and clean audit trails.This role is critical because standing privilege is one of the highest-risk patterns in a fast-growing infrastructure company. Your work will help make privileged access secure, fast, measurable, and recoverable so engineers can move quickly without relying on manual reviews, tribal knowledge, or permanent admin rights.What you'll be doingPrivileged Access WorkflowsBuild privileged access workflows across enterprise SaaS admin roles, production systems, cloud consoles, infrastructure management systems, source control, data platforms, endpoint admin, and emergency access pathsDesign access patterns that support request, approval, justification, time-bound elevation, and automated revocationDefine practical controls that reduce reliance on permanent admin rights across high-risk environmentsEstablish clean audit trails for privileged access activity across critical systemsJIT Access and Governance ControlsImplement JIT access patterns with approval, justification, expiry, revocation, and evidence collectionCreate a privileged access baseline that defines who can approve access, what justification is required, how long access lasts, what evidence is captured, and how revocation worksOwn exception governance for access paths that cannot yet meet the standardDrive entitlement cleanup and stale privilege reduction through automationBreak-Glass and Tiering ModelDesign break-glass access standards, ownership models, monitoring, and recovery proceduresTest emergency access workflows and validate break-glass readinessDevelop a tiering model for privileged access covering Tier 0 and Tier 1 systems, admin paths, sensitive groups, service-owner roles, and high-risk workflowsIdentify the top 10 highest-risk standing privileges and create remediation pathsTelemetry, Detection, and MeasurementDefine privileged access telemetry requirements for detection, investigations, audit, compliance, and executive reportingPartner with Security Data to establish privileged access detections and source-health requirementsTrack metrics including standing privilege reduction, JIT adoption, stale admin cleanup, break-glass test success, approval SLA, and access review closureBuild an inventory of top admin paths, owners, approvers, access methods, logging, expiry, and current riskKPIsStanding privilege reductionJIT adoptionStale admin cleanupBreak-glass test successAbout You7+ years in identity security, privileged access, security engineering, infrastructure security, or related engineering rolesHands-on experience designing or operating privileged access, JIT, break-glass, access request, approval, or access review workflowsStrong understanding of authentication, authorization, RBAC, SSO, MFA, access governance, admin tiering, and least privilegeExperience automating access workflows, entitlement cleanup, evidence collection, or revocation processesStrong scripting, workflow automation, API integration, or platform engineering skillsAbility to translate access risk into practical controls that engineering and operations teams will adoptAbility to work across enterprise systems, production environments, SaaS platforms, IT, infrastructure, and compliance stakeholdersExperience with service accounts, non-human identities, workload identities, API tokens, automation accounts, or secrets governanceExperience securing production access, source control administration, data platforms, cloud administration, or endpoint admin workflowsExperience designing access evidence for audit, customer assurance, or incident responseWhat we can offer youAt Nscale, you'll find a collaborative, supportive, and innovative environment where your contributions spark real impact. We're building something extraordinary, and we want you at the core.Highly competitive US compensation package (base + bonus + equity), with performance reviews every 12 months. 🚀Join one of the fastest-growing AI infrastructure companies — your chance to directly shape how global AI capacity is planned and deployed. ✨Expect a dynamic progression plan tailored to your ambitions. Grow by leading critical cross-functional initiatives and shaping capital strategy — always with our full support.Human-First Flexibility: We treat you as humans first. 🫶🏽 Our flexible workplace trusts Nscalers to deliver, giving you the autonomy to shape your day around life's moments.Equal Opportunities StatementWe strongly encourage applications from people of colour, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from lower socio-economic backgrounds.If there's anything we can do to accommodate your specific situation, please let us know.The responsibilities outlined in this job description are not exhaustive and are intended to provide a general overview of the position. The employee may be required to perform additional duties, tasks, and responsibilities as assigned by management, consistent with the skills and qualifications required for the role.For information on how Nscale handles candidate personal data, please see our Employee & Candidate Privacy Notice: Here.Salary RangeThe range below reflects the base salary for the position. Actual compensation may vary based on job-related factors such as skill set, experience, education, and location. In addition to base salary, this role may be eligible for bonus, equity, and/or commission programs. Nscale may offer a competitive benefits package including medical, dental, vision, flexible paid time off, parental leave, and retirement plan participation.The range below reflects the base salary for the position. Actual compensation may vary based on job-related factors such as skill set, experience, education, and location. In addition to base salary, this role may be eligible for bonus, equity, and/or commission programs. Nscale may offer a competitive benefits package including medical, dental, vision, flexible paid time off, parental leave, and retirement plan participation.Salary Range$175,000—$225,000 USDFor information on how Nscale handles candidate personal data, please see our Employee & Candidate Privacy Notice: Here.