Skip to main content
TryApplyNow
Achieve logo

Principal Security Engineer - Temporary

Achieve
Tempe, AZ, United States (Remote)RemotePosted 11 weeks ago

Role Overview

Achieve is hiring a Principal Security Engineer - Temporary. This is a full-time remote role, with the team based in Tempe, AZ, United States (Remote). Part of Achieve's Lifecycle hiring. Full responsibilities, required qualifications, and the apply link are listed in the description below.

Resume Keywords to Include

Make sure these keywords appear in your resume to improve ATS scoring

PythonGoAWSGCPAzureKubernetesTerraformMicroservices

Job description

We are seeking a visionary Principal Security Engineer - Temporary to architect the next generation of Identity at Achieve. In the evolving Fintech landscape, Identity is no longer just a perimeter—it is our primary security fabric. You will move us beyond static governance into a world of Continuous Adaptive Trust, where identity is dynamic, risk-aware, and invisible to the end-user.

As a senior technical leader within the Information Security Engineering team, you will design and build scalable systems that secure our most critical assets: our people, our customers, and our sprawling ecosystem of non-human workloads. You aren't just managing tools; you are engineering a trust platform that enables a fast-moving, cloud-native financial enterprise.

This is a temporary assignment that we expect will go on for approximately one year.  

What you'll do:

Strategy and Design

  • Continuous Adaptive Trust: Transition the enterprise from static, role-based access to a Risk-Based Authorization model that evaluates signals (device posture, behavior, location) in real-time.

  • Enhance the enterprise Identity strategy, roadmap, and architecture in alignment with business goals and security policies.

  • Design and architect comprehensive Identity solutions, including identity lifecycle management, non-human lifecycle management, authentication (MFA, SSO, passwordless), authorization, access governance, and Privileged Access Management (PAM).

  • Evaluate and select appropriate Identity technologies and platforms.

  • Create and maintain detailed architectural documentation for Identity solutions.

  • Lead the strategy and architecture for comprehensive Identity and Access Management (IAM) solutions, explicitly managing User Identities, Workload & Machine Identities (including Service Mesh, Kubernetes, Lambda, and APIs), and other non-human identities across on-premises and cloud environments to govern access rights and privileges.

Implementation and Integration

  • Lead the implementation and integration of Identity solutions across various on-premises and cloud environments (e.g., Azure AD, AWS, GCP, Okta, Entra).

  • Integrate Identity systems with enterprise applications, platforms, and services using standard protocols (SAML, OAuth, OpenID Connect, SCIM).

  • Design and implement strategies to secure non-human machine identities, service accounts, APIs, and automation, utilizing Zero Standing Privilege principles and engineering "Just-in-Time" (JIT) access workflows to eliminate persistent administrative overhead, reduce the blast radius of potential compromises, and enforce strict, least-privilege, and Zero Trust security principles.

  • Develop and configure identity provisioning and de-provisioning workflows.

  • Partner with the SOC to build ITDR capabilities that detect and automatically neutralize identity-based attacks, such as session hijacking, token theft, and MFA fatigue.

Collaboration and Leadership

  • Act as a "Security Partner" for engineering teams to foster secure development practices.

  • Drive successful adoption by collaborating with diverse stakeholders (business units, technology teams, application developers) and translating complex cryptographic and identity concepts into clear business value for product owners and executive leadership.

  • Provide technical leadership and guidance, championing and delivering self-service Identity APIs and SDKs to enable developers to build secure products with minimal friction (Developer Experience - DevEx).

  • Provide technical leadership, mentorship and guidance to Identity Engineers and other team members.

What you'll bring:

Education

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

  • A Master's degree is a plus.

Experience & Mindset

  • 8+ years in Cybersecurity/Engineering, with a proven track record of moving legacy organizations towards a Zero Trust architecture.

  • Fintech/High-Growth Experience: Experience working in regulated environments where speed and compliance must coexist.

  • 5+ years focused on identity and access management.

  • Proven experience in designing and implementing enterprise-scale Identity solutions.

  • Drive security automation and "Builder" Mentality by architecting and implementing automation-first solutions (e.g., scripts, APIs, Infrastructure as Code) to eliminate reliance on manual governance processes and ensure security policy is enforced at scale and embedded into developer workflows.

  • Hands-on experience with leading IAM platforms and technologies, such as:

    • Identity Federation: Azure AD/Entra, Okta, Ping Identity, ADFS

    • IGA (Identity Governance and Administration): SailPoint, Saviynt, Oracle Identity Manager

    • PAM (Privileged Access Management): CyberArk, Delinea, BeyondTrust

    • Directory Services: Active Directory, Azure Active Directory, LDAP

Skills

  • Technical Skills:

    • Deep knowledge of IAM principles, best practices, and security models.

    • Proficiency in scripting languages (e.g., PowerShell, Python) for automation and integration.

    • Understanding of network security, operating systems, and database concepts.

    • Familiarity with API security and microservices architecture.

  • Protocols:

    • Deep mastery of identity protocols and standards: IODC, OAuth 2.0, SAML, and SCIM, with a specific focus on mTLS and JWT security.

  • Cloud-Native Identity: Expert-level experience with cloud-native IAM (AWS IAM, Azure Entra ID, GCP Cloud IAM) and managing identity in distributed microservices architectures.

  • Infrastructure: Strong experience with Terraform and container orchestration (Kubernetes).

  • Soft Skills:

    • Excellent analytical and problem-solving skills.

    • Strong communication (written and verbal) and interpersonal skills.

    • Ability to work independently and as part of a collaborative team.

    • Strong project management and organizational skills.

    • Proven ability to strategically influence and expertly negotiate with stakeholders across all organizational levels.

Certifications (Preferred but not required)

  • CISSP (Certified Information Systems Security Professional)

  • CISM (Certified Information Security Manager)

  • Relevant vendor certifications (e.g., Microsoft Certified: Identity and Access Administrator Associate/Expert, Okta Certified Professional/Administrator/Consultant).

All your information will be kept confidential according to EEO guidelines.

Achieve well-being with:

  • 401 (k) with employer match
  • Medical, dental, and vision with HSA and FSA options  
  • Competitive vacation and sick time off, as well as dedicated volunteer days
  • Access to wellness support through Employee Assistance Program, physical and mental health wellness programs
  • Pet care discounts for your furry family members
  • Financial support in times of hardship with our Achieve Care Fund
  • A safe place to connect and a commitment to diversity and inclusion through our six employee resource groups

Join Achieve, change the future.

At Achieve, we’re changing millions of lives.
From the single parent trying to catch up on bills to the entrepreneur needing a loan for the next phase of growth, you’ll get to be a part of their journey to a better financial future. We’re proud to have over 3,000 employees in mostly hybrid and 100% remote roles across the United States with hubs in Arizona, California, and Texas. We are strategically growing our teams with more remote, work-from-home opportunities every day to better serve our members. A career at Achieve is more than a job—it’s a place where you can make a true impact, have a sense of belonging, establish a fulfilling career, and put your well-being first.

Attention Agencies & Search Firms: We do not accept unsolicited candidate resumes or profiles. Please do not reach out to anyone within Achieve to market your services or candidates. All inquiries should be directed to Talent Acquisition only. We reserve the right to hire any candidates sent unsolicited and will not pay any fees without a contract signed by Achieve’s Talent Acquisition leader.

 

#LI-KM1

About Achieve

Achieve logo

Achieve

achievegroup.asia

LifecycleHires remote

29 other open roles at Achieve on TryApplyNow.

Frequently Asked Questions

How do I apply for the Principal Security Engineer - Temporary position at Achieve?

Use the Apply button above to submit your application directly to Achieve. Most applications take less than 5 minutes if your resume and contact details are ready, and you'll be routed to the employer's official application system to finish.

Is the Principal Security Engineer - Temporary role at Achieve remote?

Yes. This is a remote role. The team is based in Tempe, AZ, United States (Remote), but the position itself does not require relocating to that office.

What does a Principal Security Engineer - Temporary at Achieve earn?

Achieve has not disclosed a salary range in this posting. Many employers share specifics later in the interview process; you can also ask during a recruiter screen if compensation transparency is important to you.

When was the Principal Security Engineer - Temporary role at Achieve posted?

This role was posted on April 17, 2026 (83 days ago). It's still listed as actively hiring; we re-confirm openings against the source system multiple times per day and remove closed roles.

AI-powered job search

Get every job scored to your resume

Upload your resume and get jobs ranked, your resume tailored, and employee contacts found automatically.

Get started free

No credit card to start