Job Description
Achieve is a leading digital personal finance company. We help everyday people move from struggling to thriving by providing innovative, personalized financial solutions. By leveraging proprietary data and analytics, our solutions are tailored for each step of our member's financial journey to include personal loans, home equity loans, debt consolidation, financial tools and education. Every day, we get to help our members move their finances forward with care, compassion, and empathetic touch. We put people first and treat them like humans, not account numbers. Since 2002, Achieve has grown into one of the largest private consumer fintech unicorns in the U.S., with over $40B in enrollments for our industry-leading, tech-enabled debt resolution services business, and over $11Bn in personal and home loans originations via our banking-as-a-service partner. Job Description We are seeking a visionary Principal Security Engineer Temporary to architect the next generation of Identity at Achieve. In the evolving Fintech landscape, Identity is no longer just a perimeter—it is our primary security fabric. You will move us beyond static governance into a world of Continuous Adaptive Trust, where identity is dynamic, risk-aware, and invisible to the end-user. As a senior technical leader within the Information Security Engineering team, you will design and build scalable systems that secure our most critical assets: our people, our customers, and our sprawling ecosystem of non-human workloads. You aren't just managing tools; you are engineering a trust platform that enables a fast-moving, cloud-native financial enterprise. This is a temporary assignment that we expect will go on for approximately one year. What you'll do: Strategy and Design Continuous Adaptive Trust: Transition the enterprise from static, role-based access to a Risk-Based Authorization model that evaluates signals (device posture, behavior, location) in real-time. Enhance the enterprise Identity strategy, roadmap, and architecture in alignment with business goals and security policies. Design and architect comprehensive Identity solutions, including identity lifecycle management, non-human lifecycle management, authentication (MFA, SSO, passwordless), authorization, access governance, and Privileged Access Management (PAM). Evaluate and select appropriate Identity technologies and platforms. Create and maintain detailed architectural documentation for Identity solutions. Lead the strategy and architecture for comprehensive Identity and Access Management (IAM) solutions, explicitly managing User Identities, Workload & Machine Identities (including Service Mesh, Kubernetes, Lambda, and APIs), and other non-human identities across on-premises and cloud environments to govern access rights and privileges. Implementation and Integration Lead the implementation and integration of Identity solutions across various on-premises and cloud environments (e.g., Azure AD, AWS, GCP, Okta, Entra). Integrate Identity systems with enterprise applications, platforms, and services using standard protocols (SAML, OAuth, OpenID Connect, SCIM). Design and implement strategies to secure non-human machine identities, service accounts, APIs, and automation, utilizing Zero Standing Privilege principles and engineering "Just-in-Time" (JIT) access workflows to eliminate persistent administrative overhead, reduce the blast radius of potential compromises, and enforce strict, least-privilege, and Zero Trust security principles. Develop and configure identity provisioning and de-provisioning workflows. Partner with the SOC to build ITDR capabilities that detect and automatically neutralize identity-based attacks, such as session hijacking, token theft, and MFA fatigue. Collaboration and Leadership Act as a "Security Partner" for engineering teams to foster secure development practices. Drive successful adoption by collaborating with diverse stakeholders (business units, technology teams, application developers) and translating complex cryptographic and identity concepts into clear business value for product owners and executive leadership. Provide technical leadership and guidance, championing and delivering self-service Identity APIs and SDKs to enable developers to build secure products with minimal friction (Developer Experience - DevEx). Provide technical leadership, mentorship and guidance to Identity Engineers and other team members. Qualifications What you'll bring: Education Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related fie