Senior Cybersecurity Engineer-IAM And/ OR Cloud Security (AI Agent security)

Joining Amex Tech means discovering and shaping your contribution to something big. Here, you can work alongside talented tech teams and build a unique career with the Powerful Backing of American Express. With a range of opportunities to work with the latest technologies, and a commitment to back the broader engineering community through open source, our mission is to power your success. Because Amex Tech is powered by our technology, our culture, and our colleagues.

The Technology organization enables and accelerates the company's growth strategies, delivering global capabilities and services in support of Amex's customers and colleagues, while maintaining 24/7 servicing and availability to ensure an uninterrupted, high-quality customer experience. Technology provides the foundation for everything we do in the company while driving differentiation through building and leveraging innovative technology and data insights.

At American Express, our mission is to deliver the world's best customer experience every day. At the heart of this mission is our Information Security organization, enabling exceptional experiences built on a foundation of trust, service, and security. We leverage advanced technologies and data-driven insights to stay ahead of an evolving threat landscape. We foster a culture of passion, curiosity, and courage-empowering you to innovate, grow, and help shape the future of a Fortune 100 company.

Trust. Service. Security.

A Senior Cyber Security Engineer for Agentic AI IAM, and Secrets Management is responsible for securing enterprise identities, AI agents, machine identities, and secrets across hybrid environments including on-premises infrastructure and public cloud platforms.

This role leads the design, implementation, governance, and operational management of identity security capabilities that support Zero Trust principles, secure automation, and enterprise-wide access governance.

The role is accountable for translating enterprise security objectives into measurable security outcomes, operational KPIs, delivery milestones, and progressive risk reduction strategies. This includes defining security maturity targets, driving execution roadmaps, establishing measurable controls effectiveness, and continuously improving identity and secrets management posture across the organization.

The individual partners closely with infrastructure, cloud, DevOps, application, and risk teams to establish scalable identity controls, secure secrets management practices, resilient authentication and authorization architectures, and sustainable governance models that balance security, operational efficiency, and business enablement.

Vision

• Build a modern, scalable, and resilient Agentic AI IAM and secrets management ecosystem across hybrid cloud environments.

• Enable secure adoption of AI agents, automation platforms, and machine identities through policy-driven governance.

• Drive Enterprise-Wide Risk Reduction Initiatives for Application Secrets Management

• Elimination of Hardcoded Secrets

• Centralized Enterprise Secrets Vault Adoption

• Automated Secrets Rotation

• Machine Identity and Workload Identity Modernization

• CI/CD and DevSecOps Secrets Security

• Cloud-Native Secrets Governance

• Enterprise Secrets Discovery and Inventory

• Secrets Access Monitoring and Behavioral Analytics

• Zero Trust Application Authentication

• Third-Party and Vendor Secrets Governance

• AI Agent and Autonomous Workflow Secrets Security

• Deliver centralized visibility, compliance, and operational excellence for identities and access management including sustained controls and metrics delivery

Functional Requirements/ Core Technical Capabilities

• Strong experience in Agentic AI IAM architecture, identity governance, secrets management, security engineering, and enterprise IAM program delivery.
• Strong expertise in requirement gathering, current-state assessments, gap analyses, control evaluations, and target-state Agentic AI IAM security architecture design.
• Experience securing cloud-native and hybrid environments.
• Knowledge of Zero Trust architecture and machine identity security.
• Experience implementing AI/Agentic security controls and secure automation frameworks.

Platform Experience

• Microsoft Entra ID / Okta
• HashiCorp Vault, AWS Secrets Manager, Google cloud secrets manager
• AWS, Azure, Google Cloud Platform
• Kubernetes and container security platforms
• Terraform, CI/CD, DevSecOps tooling
• Bachelor's degree in Cyber security, Computer Science, Information Technology, or related discipline.
• 5+ years of experience in IAM, cloud security, or cyber security engineering.
• Strong understanding of AI agent security, machine identities, and secure automation.
• Experience managing hybrid cloud IAM and secrets management programs.
• Relevant certifications preferred:
• CISSP
• CISM
• CCSP

Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.

Operational Responsibilities

• Conduct Agentic AI IAM requirement analyses, architecture reviews, and security gap assessments across enterprise applications, cloud platforms, AI services, and infrastructure environments.
• Develop automation for access management and secrets lifecycle operations.
• Develop and implement security controls for AI agents, machine identities, APIs, workloads, and autonomous workflows.
• Monitor and remediate IAM and secrets-related risks.
• Build dashboards, reporting, and operational metrics.

IAM and Access Governance

• Lead enterprise Agentic AI IAM program execution across multiple workstreams.
• Establish program milestones, sprint objectives, and delivery timelines.
• Track program risks, issues, blockers, and remediation activities.
• Ensure successful onboarding of applications, platforms, and cloud services into IAM controls.
• Drive operationalization and transition to support teams.

Agentic and Machine Identity Security

• Establish security controls for AI agents, autonomous workflows, bots, and machine identities.
• Define policy-based authorization models for AI-driven systems.
• Secure API, workload, and machine-to-machine authentication.
• Monitor AI agent activities and machine identity risks.

Cloud and Hybrid Security

• Secure IAM controls across AWS, Azure, GCP, Kubernetes, and on-prem environments.
• Standardize identity governance across multi-cloud ecosystems.
• Implement workload identity federation and cloud-native security controls.

Security Operations and Compliance

• Monitor identity threats, privilege misuse, and secrets exposure.
• Support incident response and remediation activities.
• Ensure compliance with enterprise security standards and regulatory frameworks.
• Produce audit evidence and governance reporting.

Operational Responsibilities

• Conduct Agentic AI IAM requirement analyses, architecture reviews, and security gap assessments across enterprise applications, cloud platforms, AI services, and infrastructure environments.
• Develop automation for access management and secrets lifecycle operations.
• Develop and implement security controls for AI agents, machine identities, APIs, workloads, and autonomous workflows.
• Monitor and remediate IAM and secrets-related risks.
• Build dashboards, reporting, and operational metrics.

IAM and Access Governance

• Lead enterprise Agentic AI IAM program execution across multiple workstreams.
• Establish program milestones, sprint objectives, and delivery timelines.
• Track program risks, issues, blockers, and remediation activities.
• Ensure successful onboarding of applications, platforms, and cloud services into IAM controls.
• Drive operationalization and transition to support teams.

Agentic and Machine Identity Security

• Establish security controls for AI agents, autonomous workflows, bots, and machine identities.
• Define policy-based authorization models for AI-driven systems.
• Secure API, workload, and machine-to-machine authentication.
• Monitor AI agent activities and machine identity risks.

Cloud and Hybrid Security

• Secure IAM controls across AWS, Azure, GCP, Kubernetes, and on-prem environments.
• Standardize identity governance across multi-cloud ecosystems.
• Implement workload identity federation and cloud-native security controls.

Security Operations and Compliance

• Monitor identity threats, privilege misuse, and secrets exposure.
• Support incident response and remediation activities.
• Ensure compliance with enterprise security standards and regulatory frameworks.
• Produce audit evidence and governance reporting.