About the CompanyValon is building the AI-native operating system for regulated finance, starting with mortgage servicing.We're a Series C company backed by a16z, transforming industries that others have written off as too complex to innovate.Rather than build on top of broken legacy systems, we took a different approach: we built and operate our own mortgage servicing business managing $110+ billion in loans. This wasn't the end goal, it was how we deeply understood the complexity needed to build software that actually works in regulated industries.The results speak for themselves. We've transformed mortgage servicing from a 0% margin business into 60%+ margins while dramatically improving customer experience. Major enterprise contracts are now deploying across the industry.ValonOS is our unified platform that makes every process structured and programmable and it is perfectly positioned for the AI era. When everything flows through one system with rich data, AI agents don't just automate tasks, they continuously improve entire operations. Mortgage servicing is just the beginning of our vision to transform regulated industries and beyond.Security at ValonOur customers entrust us with some of their most sensitive and personal financial information, and it is the ultimate mission of Valon’s Security team to ensure we have sound programs, processes, and automation in place to safeguard our customers’ data. The Security team protects the infrastructure and data for processing billions of dollars of mortgage loans.In addition to protecting Valon’s internal systems, the Security team partners closely with Product and Engineering to design and deliver secure, scalable, and trustworthy capabilities for ValonOS. As AI becomes central to how Valon builds and operates, our team is responsible for securing AI-powered systems and pipelines while also leveraging AI tools to optimize security and defense capabilities. We work cross-functionally across all teams at Valon to enable security throughout the organization. We engage with external security auditors, pentesting firms, and partners to continuously evaluate Valon’s security posture.Valon offices are located in New York City and San Francisco, but we fully support remote work!About the RoleWe are seeking a skilled and experienced Senior Security Engineer, Identity & Access Management to join our team. In this role, you'll own the design, implementation, and operation of IAM systems for Valon’s enterprise identity stack that powers Valon's workforce, and support security for customer-facing authentication and authorization capabilities embedded in ValonOS. You'll be the connective tissue between IT, Engineering, and Security — ensuring every identity, human or machine, is governed consistently and securely.ResponsibilitiesDesign and support end-to-end lifecycle of workforce identity systems including identity automation, access management, and least-privilege enforcement across internal systemsSupport design of secure identity design patterns for product teams building on ValonOSManage and evolve Valon's IdP in conjunction with IT including SSO integrations, MFA policies, conditional access rules, and directory synchronizationDefine and enforce RBAC and group-based access policies for internal applications, cloud environments, and development toolingSupport privileged access management (PAM) for internal infrastructure in conjunction with Engineering teamsDesign and build AI-assisted workflows that automate and accelerate core IAM operationsEvaluate AI risks across IAM pipelines, ensuring appropriate security controls around data exposure, prompt injection and other threatsCollaborate with Product, Engineering, Data, Compliance, Legal, and other teams to identify and drive mitigation for data security risksSupport other operational and on-call duties such as vulnerability management, regulatory compliance (SOC 2, CCPA, NYDFS, FTC), policy development, incident response and security reviews.Ideal BackgroundExtensive hands-on IAM security engineer with proven ownership of enterprise identity solutions, able to operate autonomously, drive complex cross-functional efforts, and influence across teamsDeep expertise in modern identity protocols and standards: SAML 2.0, OIDC/OAuth 2.0, SCIM, LDAP, and related specificationsProven experience administering and scaling IdP platforms (e.g., Okta, Azure AD / Entra ID, Google Workspace) including SSO, MFA, conditional access, and directory syncSolid background in cloud IAM (GCP preferred), including service accounts, workload identity federation, and policy-as-code approachesStrong expertise in building PAM solutions / identity vaults and enforcing least-privilege across human and non-human identitiesExperience building AI/LLM-powered workflows — ideally in a security or operations context — with a practical understanding of the identity and access risks they introduceFamiliarity with securing non-human and agentic identities, including AI service accounts, API key governance, and audit logging for automated systemsApplied knowledge with industry security and compliance frameworks (OWASP, NIST, CIS, SOC 2/ISO 27001 concepts)Excellent communication and collaboration skills, including the ability to explain complex security concepts to both technical and non-technical stakeholders.Experience working in high-growth or startup environments is a plus.Minimum Qualifications5+ years in security engineering roles with a core focus on identity and access managementBachelor's degree in Information Security, Computer Science, Technology or related fieldRelevant security certifications (e.g., CISSP, CISM, CCSK, CCSP or similar)Hands-on experience with an enterprise IdP (Okta, Entra ID, or Google Workspace) including SSO, MFA, SCIMDeep understanding of authentication and authorization models across applications - SAML, OIDC/OAuth 2.0, RBAC, ABAC, and API access controlsHands-on experience with modern identity security technologies and toolingBenefitsBase Compensation Band: $180K - 230K. Base salary offered is determined by a number of factors including the candidate’s experience, qualifications, and skillsThis Base Compensation pay range applies to our New York City located staff and may differ according to location.Compensation: Competitive salary with a meaningful stake in the company via equity, and 401k planHealth & well-being: We’ll invest in your physical and mental well-being with comprehensive medical, dental, & vision benefitsCommuter benefits: We offer pre-tax deductions for public transportation, rideshare services, and parking expenses to make your commute more affordable and convenientGrow together: Company wide orientation for you to successfully onboard and other learning & development opportunities including regular review cycles that feature 360 degree feedbackPlay together: Quarterly budgets for team and company outings. Use it for team swag, cooking classes, or team dinners!Generous time off: Flexible paid time off, sick days, and 11 company holidaysBaby bonding time!: 12 weeks off for both birthing and non-birthing parents - fully paid so you can focus your energy on your newest additionThroughout the interview process, please remember that emails will only be from valon.com email addresses. We will never ask for any personally identifiable information during the interview process itself. Please reach out to [email protected] if you have any requests to verify the authenticity of an outreach.Valon is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. Valon makes hiring decisions based solely on qualifications, merit, and business needs at the time.