[Remote] Corporate Vice President - Access Management & Authentication Engineer Job Details | New York Life Insurance Co

Note: The job is a remote job and is open to candidates in USA. New York Life is a Fortune 100 mutual company committed to integrity and innovation, evolving into a technology-driven organization. They are seeking a Corporate Vice President - Access Management & Authentication Engineer to lead the design and governance of enterprise-wide authentication and access management capabilities, ensuring strong security and compliance across various environments.

Responsibilities

• Lead the design, engineering, and evolution of enterprise web access management (WAM) and authentication platforms supporting workforce and application access
• Architect and expand single sign-on (SSO) and federation services using industry-standard identity and authorization protocols
• Define and implement modern authentication strategies, including passwordless, phishing-resistant, and strong customer authentication approaches
• Design and govern multi-factor authentication (MFA) frameworks, including adaptive, risk-based, and step-up authentication models
• Engineer secure session management and token lifecycle controls, ensuring appropriate re-authentication, session integrity, and privilege enforcement
• Design and integrate API authorization and access control patterns, aligning OAuth-based authorization with API gateways and platform services
• Apply public key infrastructure (PKI) and cryptographic trust models to authentication, federation, and service-to-service access
• Establish reusable authentication and access management patterns, guardrails, and reference architectures across web, mobile, API, and cloud environments
• Serve as the technical authority for access management and authentication, advising architecture reviews, security assessments, and engineering teams on secure design decisions
• Perform security assessments of applications, cloud workloads, identity architectures, and vendor solutions, with a primary focus on IAM, cloud identity, and non-human identity risks
• Serve as a senior technical contributor within the Security Review Board (SRB), leading identity-focused reviews and influencing secure architecture decisions
• Conduct deep technical analysis of authentication flows, authorization models, role and attribute design, privilege paths, and non-human identity usage
• Identify security gaps and risks related to IGA, PAM, WAM, MFA, cloud IAM, and workload identity, and recommend remediation strategies
• Support the Information Security exception lifecycle, including:
• Risk analysis and documentation
• Evaluation of compensating controls
• Reassessment and expiration management
• Develop, update, and govern IAM and identity-related Security Technical Standards, reference architectures, and implementation guidance
• Define and maintain reusable security patterns, guardrails, and assessment criteria to improve consistency across SRB reviews and security assessments
• Partner with Architecture, Risk, and Engineering teams to resolve findings and guide teams toward compliant, secure designs
• Clearly articulate technical risks, tradeoffs, and recommendations to senior technology and security leadership
• Track and assess emerging risks related to cloud privilege models, non-human identities, automation, and AI-enabled systems

Skills

• Bachelor's degree in Computer Science, Information Systems, or equivalent practical experience
• 10+ years of experience in Identity & Access Management, with deep specialization in access management, authentication, and federation technologies
• Proven experience designing, engineering, and operating enterprise Web Access Management (WAM) platforms supporting large-scale workforce and application authentication
• Hands-on experience with enterprise federation and access management platforms, such as PingFederate, PingProtect, or similar technologies, including authentication policy design, federation trust configuration, and token services
• Expert-level knowledge of authentication, authorization, and federation protocols, including SAML 2.0, OAuth 2.0, and OpenID Connect
• Strong experience architecting and scaling single sign-on (SSO) and federated identity solutions across web, mobile, API, and cloud-native environments
• Demonstrated experience implementing modern authentication approaches, including passwordless and phishing-resistant authentication methods
• Deep understanding of multi-factor authentication (MFA) models, including adaptive, risk-based, and step-up authentication strategies
• Understanding of the Linux OS
• Understanding of LDAP
• Hands-on experience with API authorization and access control, including OAuth-based authorization flows and integration with API gateways or platform services
• Strong knowledge of session management, token security, and identity token lifecycle controls, including re-authentication and privilege elevation patterns
• Practical experience applying public key infrastructure (PKI), certificate-based authentication, and cryptographic trust models within access management and authentication architectures
• Ability to serve as a technical authority and design reviewer, influencing architecture decisions and guiding engineering teams toward secure, scalable authentication solutions
• Proven experience delivering phishing-resistant, passwordless authentication at enterprise scale, including passkeys, FIDO2, and hardware-backed authenticators
• Hands-on experience with adaptive, continuous, or risk-based authentication models, incorporating behavioral, device, and contextual signals
• Strong understanding of Zero Trust access principles applied to workforce, application, and API authentication and authorization
• Experience securing modern API and distributed architectures, including OAuth token exchange, delegation, and fine-grained authorization patterns
• Familiarity with identity assurance and authentication strength frameworks, including step-up verification for sensitive or high-risk transactions
• Experience applying modern trust and identity models for non-human and workload identities, such as SPIFFE/SPIRE, service-to-service authentication, or mTLS-based access patterns
• Exposure to AI-enabled and agent-based access models, including authentication and authorization considerations for AI systems, agents, or platforms (e.g., MCP-based identity contexts, AI service identities, or policy enforcement for AI-driven workflows)
• Experience with Windows OS
• Experience with AWS and Kubernetes
• Understanding of network flows and topology
• Hands-on experience with passwordless authentication platforms, such as HYPR or similar FIDO2 / passkey-based solutions
• Programmer experience

Benefits

• Overtime eligible: Exempt
• Discretionary bonus eligible: Yes
• Sales bonus eligible: No
• Employees are eligible for an annual discretionary bonus
• Employees may also be eligible to participate in an incentive program
• We provide a full package of benefits for employees – and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs

Company Overview

Company H1B Sponsorship