Corporate Vice President - Access Management & Authentication Engineer

Location Designation: Hybrid - 3 days per quarter 

The Access Management & Authentication Lead Engineer is a senior, hands-on technical leader responsible for the design, engineering, and governance of enterprise-wide authentication, federation, and web access management (WAM) capabilities across New York Life.

This role serves as the technical authority for access management and authentication, including single sign-on (SSO), federation, modern and passwordless authentication, multi-factor authentication (MFA), API authorization, and secure session management. The engineer partners closely with application, cloud, API, and platform teams to modernize authentication architectures while ensuring strong security posture, regulatory alignment, and consistent enforcement of access controls across hybrid and cloud environments.

In addition to engineering leadership, the role plays a key part in security architecture and assessment activities, including participation in the Security Review Board (SRB), identity-focused architecture reviews, and the development and governance of authentication and access management standards, patterns, and guardrails.

The Access Management & Authentication Lead Engineer operates as a trusted advisor to engineering and security leadership, influencing design decisions, defining reusable access patterns, and ensuring authentication and authorization controls are consistently applied across traditional applications, APIs, cloud platforms, and emerging AI-enabled systems.

What You’ll Do:

IAM Engineering

• Lead the design, engineering, and evolution of enterprise web access management (WAM) and authentication platforms supporting workforce and application access.
• Architect and expand single sign-on (SSO) and federation services using industry-standard identity and authorization protocols.
• Define and implement modern authentication strategies, including passwordless, phishing-resistant, and strong customer authentication approaches.
• Design and govern multi-factor authentication (MFA) frameworks, including adaptive, risk-based, and step-up authentication models.
• Engineer secure session management and token lifecycle controls, ensuring appropriate re-authentication, session integrity, and privilege enforcement.
• Design and integrate API authorization and access control patterns, aligning OAuth-based authorization with API gateways and platform services.
• Apply public key infrastructure (PKI) and cryptographic trust models to authentication, federation, and service-to-service access.
• Establish reusable authentication and access management patterns, guardrails, and reference architectures across web, mobile, API, and cloud environments.
• Serve as the technical authority for access management and authentication, advising architecture reviews, security assessments, and engineering teams on secure design decisions.

Security Assessments

• Perform security assessments of applications, cloud workloads, identity architectures, and vendor solutions, with a primary focus on IAM, cloud identity, and non-human identity risks.
• Serve as a senior technical contributor within the Security Review Board (SRB), leading identity-focused reviews and influencing secure architecture decisions.
• Conduct deep technical analysis of authentication flows, authorization models, role and attribute design, privilege paths, and non-human identity usage.
• Identify security gaps and risks related to IGA, PAM, WAM, MFA, cloud IAM, and workload identity, and recommend remediation strategies.
• Support the Information Security exception lifecycle, including:
• Risk analysis and documentation
• Evaluation of compensating controls
• Reassessment and expiration management
• Develop, update, and govern IAM and identity-related Security Technical Standards, reference architectures, and implementation guidance.
• Define and maintain reusable security patterns, guardrails, and assessment criteria to improve consistency across SRB reviews and security assessments.
• Partner with Architecture, Risk, and Engineering teams to resolve findings and guide teams toward compliant, secure designs.
• Clearly articulate technical risks, tradeoffs, and recommendations to senior technology and security leadership.
• Track and assess emerging risks related to cloud privilege models, non-human identities, automation, and AI-enabled systems.

What You’ll Bring:

• Bachelor’s degree in Computer Science, Information Systems, or equivalent practical experience.
• 10+ years of experience in Identity & Access Management, with deep specialization in access management, authentication, and federation technologies.
• Proven experience designing, engineering, and operating enterprise Web Access Management (WAM) platforms supporting large-scale workforce and application authentication.
• Hands-on experience with enterprise federation and access management platforms, such as PingFederate, PingProtect, or similar technologies, including authentication policy design, federation trust configuration, and token services.
• Expert-level knowledge of authentication, authorization, and federation protocols, including SAML 2.0, OAuth 2.0, and OpenID Connect.
• Strong experience architecting and scaling single sign-on (SSO) and federated identity solutions across web, mobile, API, and cloud-native environments.
• Demonstrated experience implementing modern authentication approaches, including passwordless and phishing-resistant authentication methods.
• Deep understanding of multi-factor authentication (MFA) models, including adaptive, risk-based, and step-up authentication strategies.
• Understanding of the Linux OS
• Understanding of LDAP
• Hands-on experience with API authorization and access control, including OAuth-based authorization flows and integration with API gateways or platform services.
• Strong knowledge of session management, token security, and identity token lifecycle controls, including re-authentication and privilege elevation patterns.
• Practical experience applying public key infrastructure (PKI), certificate-based authentication, and cryptographic trust models within access management and authentication architectures.
• Ability to serve as a technical authority and design reviewer, influencing architecture decisions and guiding engineering teams toward secure, scalable authentication solutions.

Preferred / Nice-to-Have Qualifications

• Proven experience delivering phishing-resistant, passwordless authentication at enterprise scale, including passkeys, FIDO2, and hardware-backed authenticators.
• Hands-on experience with adaptive, continuous, or risk-based authentication models, incorporating behavioral, device, and contextual signals.
• Strong understanding of Zero Trust access principles applied to workforce, application, and API authentication and authorization.
• Experience securing modern API and distributed architectures, including OAuth token exchange, delegation, and fine-grained authorization patterns.
• Familiarity with identity assurance and authentication strength frameworks, including step-up verification for sensitive or high-risk transactions.
• Experience applying modern trust and identity models for non-human and workload identities, such as SPIFFE/SPIRE, service-to-service authentication, or mTLS-based access patterns.
• Exposure to AI-enabled and agent-based access models, including authentication and authorization considerations for AI systems, agents, or platforms (e.g., MCP-based identity contexts, AI service identities, or policy enforcement for AI-driven workflows).
• Experience with Windows OS
• Experience with AWS and Kubernetes
• Understanding of network flows and topology
• Hands-on experience with passwordless authentication platforms, such as HYPR or similar FIDO2 / passkey-based solutions
• Programmer experience

 #LI-CD2

​

Pay Transparency

Salary Range: $147,500-$211,000 

Overtime eligible: Exempt 

Discretionary bonus eligible: Yes 

Sales bonus eligible: No 

Actual base salary will be determined based on several factors but not limited to individual’s experience, skills, qualifications, and job location. Additionally, employees are eligible for an annual discretionary bonus. In addition to base salary, employees may also be eligible to participate in an incentive program.

Our Benefits

We provide a full package of benefits for employees – and have unique offerings for a modern workforce, including leave programs, adoption assistance, and student loan repayment programs. Based on feedback from our employees, we continue to refine and add benefits to our offering, so that you can flourish both inside and outside of work. Click here to discover more about our comprehensive benefit options or visit our NYL Benefits Site.

Our Commitment to Inclusion
At New York Life, fostering an inclusive workplace is fundamental to who we are and how we serve our communities. We have a longstanding commitment to creating an environment where individuals can contribute their best and succeed together. This foundation is rooted in our core values of humanity and integrity, ensuring that every employee feels valued and supported. By embracing a broad range of perspectives and experiences, we achieve greater success and fulfill our promise of providing financial security and peace of mind to families across all communities. Click here to learn more about New York Life’s leadership in this space.​

Recognized as one of Fortune’s World’s Most Admired Companies, New York Life is committed to improving local communities through a culture of employee giving and volunteerism, supported by the Foundation. We're proud that due to our mutuality, we operate in the best interests of our policy owners. To learn more about career opportunities at New York Life, please visit the Careers page of www.NewYorkLife.com.

​Visit our LinkedIn to see how our employees and agents are leading the industry and impacting communities.

Visit our Newsroom to learn more about how our company is constantly evolving to meet our clients' and employees’ needs.

Job Requisition ID: 93297