Lead AI Engineer, Identity & Access Management

Role Overview

The Lead AI Engineer, Identity & Access Management is a senior, hands-on technical role that blends deep Identity & Access Management expertise with modern AI engineering capability. This is not a purely advisory or architectural position. We are looking for a builder and a leader: someone who can design, develop, and deliver production-grade agentic systems while also setting the technical direction, mentoring others, and representing the CISO organization at the enterprise level.

This individual will own three critical, interconnected bodies of work that are central to New York Life’s Cybersecurity strategy:

• IAM Orchestration & MCP Gateway: Own the engineering and enterprise adoption of New York Life’s IAM Orchestration and MCP Identity Gateway capability. This includes driving onboarding of internal teams and AI agents, governing authentication, delegation, authorization, and policy enforcement across human and non-human access patterns, and leading integration efforts across the enterprise identity stack.
• Cyber Multi-Agent Ecosystem – Engineering & Delivery: Serve as the primary AI engineer and technical lead responsible for building and delivering the Cyber Multi-Agent Ecosystem Vision. This is the core of the role: architecting and developing a centralized, governed, agentic platform that transforms Cyber and IAM operations through intelligent automation, orchestrated AI agents, MCP tooling, and a unified identity and data layer, deployed on Google Cloud Platform (Gemini Enterprise Agent Platform, FKA Vertex AI) and/or Amazon AgentCore.
• AI Security Review Board (SRB) Representation: Represent the CISO organization on the Enterprise Security Review Board for all AI-related submissions. The engineer will assess AI system proposals, evaluate agentic and non-human identity risks, and provide authoritative security guidance to ensure all AI deployments meet enterprise governance and compliance requirements.

Successful candidates will have a strong software and systems engineering foundation, hands-on experience building agentic and AI systems on Gemini Enterprise Agent Platform (FKA Vertex) and/or Amazon AgentCore, and the leadership presence to drive cross-functional delivery and represent Cybersecurity at the enterprise level. This role is as much about building the future as it is about securing it.

What You'll Do

IAM Orchestration & MCP Gateway – Engineering & Adoption

• Own the engineering, configuration, and ongoing operation of the enterprise IAM Orchestration and MCP Identity Gateway platform.
• Drive onboarding and adoption across internal teams, applications, and AI agents, serving as the primary technical point of contact for integration efforts.
• Engineer and maintain the gateway as the centralized enforcement layer for OAuth 2.0-based authentication, token delegation, and policy-driven authorization (via OPA) across human and non-human access patterns.
• Design and implement MCP integrations that expose backend enterprise systems as standardized, secure tool endpoints consumable by AI agents.
• Ensure the platform provides robust rate limiting, quota management, kill-switch controls, and full audit logging in alignment with enterprise risk and compliance requirements.
• Collaborate with identity platform teams (IDP, PAM, IGA, Directory Services) to maintain seamless identity orchestration across the enterprise stack.
• Define and execute an integration roadmap to extend gateway capabilities, including human-in-the-loop controls and cross-cloud identity flows.

Cyber Multi-Agent Ecosystem – AI Engineering & Technical Leadership

This is the primary and most critical body of work for this role. The engineer will serve as both hands-on builder and technical lead for New York Life’s Cyber Multi-Agent Ecosystem. This is a strategic transformation from traditional, UI-driven IAM systems to an agentic, API-first architecture that enables intelligent automation, real-time decisioning, and near-zero manual intervention across Cyber operations.

• Lead the design, development, and phased delivery of the Cyber Multi-Agent Ecosystem, functioning as the primary AI engineer and technical lead for the initiative.
• Architect and implement a centralized, multi-agent platform on Gemini Enterprise Agent Platform (FKA Vertex) and/or Amazon AgentCore, integrating MCP tooling, vector databases, and retrieval-augmented generation (RAG) architectures for intelligent Cyber and IAM automation.
• Develop and operationalize AI agents across Cyber sub-domains including Identity Governance (UAG), Privileged Access Management (PAM), Web Access Management (WAM), Active Directory, and LDAP enabling end-to-end workflow automation and near real-time SLAs.
• Design and implement Agent Card standards, a Central Agent Registry, and Agent-to-Agent (A2A) communication protocols to support a governed, extensible multi-agent operating model.
• Build an OPA-based policy engine for runtime authorization, Separation of Duties (SoD) enforcement, and governance across all agents and pipelines.
• Establish AI inventory and lifecycle management practices to ensure all deployed agents are registered, governed, audited, and compliant with enterprise security standards.
• Define and enforce Secure Development & Deployment (SDD) guardrails for the agentic ecosystem, including controls for prompt injection mitigation, execution isolation, and unsafe automation prevention.
• Partner with AI platform, data engineering, and cloud infrastructure teams to architect and finalize the unified data layer (databases, vector stores, caching) that underpins the agentic ecosystem.
• Provide technical leadership and mentorship to sub-domain teams (UAG, PAM, WAM, AD, LDAP), enabling each team to contribute agents and tools aligned to central standards.
• Maintain strong delivery governance — managing the linkage between Jira backlog, agent development, and production execution to ensure traceability and accountability end-to-end.
• Drive POC-first, incrementally scaled rollout across IAM domains, building reusable agentic components centrally for re-use across the ecosystem.

AI Security Review Board (SRB) – CISO Representation

• Serve as the CISO organization’s designated representative on the Enterprise Security Review Board (SRB), providing authoritative security assessment and approval recommendations for all AI-related submissions.
• Assess AI system and agentic workflow proposals for security risk, including prompt injection, privilege escalation, unauthorized data access, synthetic identity abuse, and unsafe automation patterns.
• Evaluate proposed AI architectures for alignment with enterprise IAM, zero trust, and cloud security standards prior to production approval.
• Provide clear, actionable security guidance and remediation requirements to AI development and product teams during the SRB process.
• Maintain and evolve the enterprise AI security governance framework, contributing to standards, guardrails, and reference architectures leveraged across the organization.
• Represent the CISO organization credibly across cross-functional governance forums, including Architecture Review Boards and enterprise AI working groups.

Core IAM Engineering

• Design and implement identity, authentication, and authorization solutions for both traditional and AI-enabled systems, treating AI agents as first-class non-human identities.
• Define and enforce lifecycle management, access controls, and revocation for autonomous agents, machine identities, and service accounts using least-privilege principles.
• Implement delegated and “on-behalf-of” authorization patterns to distinguish human-initiated from agent-initiated actions for audit and compliance purposes.
• Apply least-privilege and scope-limiting controls to prevent privilege escalation in automated and multi-agent workflows.
• Design and support enterprise IAM solutions across Identity Governance & Administration (IGA), Privileged Access Management (PAM), Web Access Management (WAM), and Directory Services.
• Integrate IAM controls across hybrid and cloud environments, with strong hands-on experience in GCP and AWS.
• Implement modern authentication and authorization frameworks including OAuth 2.0, MFA, and password less authentication.

Key Skills

Agentic AI Engineering

• Strong hands-on experience with agent frameworks such as LangGraph, ADK (Agent Development Kit), AutoGen, or equivalent programmatic agent frameworks
• Experience designing and building multi-agent systems, including planning, tool execution, and orchestration patterns
• Strong prompt engineering and evaluation skills for production-grade systems

Memory & State Management

• Experience designing short-term and long-term memory architectures for AI agents
• Strong understanding of conversation/session state management and persistence strategies
• Hands-on experience with vector databases and retrieval-based memory systems
• Familiarity with state stores such as Redis, Firestore, Postgres, or equivalent

Tooling, MCP & API Engineering

• Experience building agent-consumable tools and function interfaces using schema-driven APIs
• Strong understanding of Model Context Protocol (MCP) and tool abstraction patterns
• Experience designing and exposing secure, identity-aware APIs using OAuth2, mTLS, service accounts, and secrets management

Cloud & Platforms

• Strong hands-on experience with Google Cloud Platform (Gemini Enterprise Agent Platform (FKA Vertex) preferred)
• Experience with Amazon AgentCore or AWS Bedrock Agents is a plus

Security, Identity & Threat Domain

• Deep IAM expertise across IGA, PAM, WAM, Active Directory, and LDAP
• Hands-on experience with SailPoint IIQ, CyberArk, PingIdentity, and directory services
• Strong understanding of SIEM platforms and identity-related threat patterns, including privilege escalation, anomalous access, and insider risk

What You'll Bring

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or equivalent practical experience.
• 10+ years of combined experience in identity & access management, security engineering, and/or AI/software engineering — with a demonstrated track record of both hands-on development and technical leadership.
• Strong hands-on experience building and deploying AI agents and agentic pipelines on Google Cloud Platform (GCP), with specific expertise in Gemini Enterprise Agent Platform (FKA Vertex).
• Hands-on experience with Amazon AgentCore or equivalent managed agentic AI frameworks (e.g., AWS Bedrock Agents) for deploying and securing AI agent workflows at scale.
• Demonstrated experience as an AI engineer or AI developer: writing production code, building agent frameworks, integrating LLMs into operational systems, and designing multi-agent orchestration architectures.
• Working knowledge of multi-agent orchestration patterns, retrieval-augmented generation (RAG) architectures, vector databases, MCP tooling, and Agent-to-Agent (A2A) communication protocols.
• Experience building or operating an IAM Orchestration or MCP Identity Gateway platform, with hands-on knowledge of OAuth 2.0 token flows, policy-as-code enforcement (OPA or equivalent), and identity-aware API gateway patterns.
• Experience securing agentic systems against prompt injection, privilege escalation, execution boundary violations, and unsafe automation, embedding these controls into the development lifecycle.
• 7+ years of IAM domain experience across Identity Governance & Administration (IGA), Privileged Access Management (PAM), Web Access Management (WAM), and/or Directory Services.
• Proven experience managing non-human identities (service accounts, APIs, workloads, autonomous agents) using least privilege and lifecycle governance principles.
• Deep understanding of identity and access protocols: OAuth 2.0, OpenID Connect (OIDC), SAML, LDAP, and modern token-based authorization models.
• Strong software engineering and automation skills (Python, PowerShell, Java or equivalent) with demonstrated ability to deliver production systems, not just prototypes.
• Experience with enterprise IAM platforms such as SailPoint (IGA), CyberArk (PAM), PingFederate/PingIdentity (WAM/Federation), and directory services (Active Directory, LDAP).
• Demonstrated ability to lead cross-functional technical delivery, mentor engineers, and drive alignment across organizational boundaries.
• Strong communication skills and able to articulate complex AI and security concepts clearly to both technical teams and executive or governance audiences.

Preferred Qualifications

• Familiarity with machine and workload identity standards (e.g., SPIFFE/SPIRE, workload identity federation, secrets management).
• Experience designing Agent Card standards, Central Agent Registries, and governed A2A communication frameworks in a multi-agent environment.
• Experience establishing AI inventory and lifecycle management practices for autonomous agents in enterprise production environments.
• Exposure to policy-as-code and fine-grained authorization models beyond OPA (e.g., Cedar, attribute-based access control frameworks).
• Experience supporting Zero Trust architectures and cloud-native security patterns.
• Prior experience serving on or supporting a Security Review Board or Architecture Review Board, particularly for AI or cloud system proposals.
• Prior experience in a large enterprise or regulated financial services environment.
• Relevant certifications (e.g., Google Professional Cloud Security Engineer, Google Professional ML Engineer, AWS Security Specialty, AWS Machine Learning Specialty, SailPoint, CyberArk, CISSP, CISM).

Pay Transparency

Salary Range: $147,500-$211,000

Overtime eligible: Exempt

Discretionary bonus eligible: Yes

Sales bonus eligible: No

Actual base salary will be determined based on several factors but not limited to individual’s experience, skills, qualifications, and job location. Additionally, employees are eligible for an annual discretionary bonus. In addition to base salary, employees may also be eligible to participate in an incentive program.

Company Overview

At New York Life, our 180-year legacy of purpose and integrity fuels our future. As we evolve into a more technology-, data-, and AI-enabled organization, we remain grounded in the values that drive lasting impact.

Our diverse business portfolio creates opportunities to make a difference across industries and communities—inviting bold thinking, collaborative problem-solving, and purpose-driven innovation. Here, you’ll find the rare balance of long-standing stability and forward momentum, supported by an inclusive team that honors tradition while embracing progress.

As a Fortune 100 mutual company, we offer a place to grow your skills, contribute to meaningful work, and deliver solutions that matter. Your ideas drive what’s next, and your growth po