Position Overview

Squarepoint is seeking an experienced Identity and Access Management (IAM) Engineer with ideally 5+ years of hands‑on experience designing and implementing complex identity solutions. This role is focused on the maturation of IAM capabilities across the firm, enabling innovation and agility, while maintaining strong security foundations.

Working with a diverse group of stakeholders, spanning developers, researchers and infrastructure teams, the candidate will act as a bridge between security and engineering, translating security strategy into practical, scalable technical solutions.

A high degree of motivation and proactivity, with a deep, low‑level understanding of modern IAM technologies and protocols, is essential in this position. This is a hands‑on engineering role, requiring the ability to design and build identity platforms rather than solely define policy or oversight. The candidate must demonstrate deep technical expertise while also being able to contribute across multiple security domains, collaborating effectively with engineering teams to solve complex problems and clearly articulate risks, trade‑offs, and mitigations to stakeholders at all levels of the organisation.

Main Duties & Responsibilities:

• Design and implement Identity and Access Management (IAM) platforms, with a strong focus on scalability, resilience and security by design.
• Deliver:
• Secrets management solutions for applications, services, and infrastructure, ensuring secure storage, rotation, access control and auditability.
• User‑to‑service and service‑to‑service authentication systems, using modern, standards‑based approaches.
• Standards‑compliant identity providers and federation services (e.g. OAuth 2.0, OpenID Connect, SAML), enabling consistent and secure identity integration across the firm.
• Authorisation systems, including fine‑grained and policy‑based access control models, to support least‑privilege and zero‑trust principles.
• Promote IAM standards, reference architectures and reusable patterns, enabling development and infrastructure teams to adopt secure identity practices with minimal friction.
• Translate complex identity and security risks into clear, actionable technical requirements and guidance for engineering teams.
• Mature IAM capabilities across the firm, continuously identifying gaps, driving improvements, and aligning solutions with evolving business and technology needs.
• Contribute across multiple security domains (e.g. application security, cloud security, platform security) where identity intersects with broader security controls.

Required Qualifications:

• 5+ years of hands-on experience in IAM or security engineering with a strong focus on building and operating identity platforms in production environments.
• Recent experience implementing secrets management, authentication systems and authorisation systems using modern, standards‑based approaches.
• Understanding IAM architectures and security design principles, with the ability to assess trade‑offs and design pragmatic, scalable solutions.
• Understanding modern IAM technologies, protocols and low‑level mechanics, with the ability to troubleshoot complex identity flows.
• Strong experience of security best practices, common attack vectors, and identity‑related threats across applications, platforms and cloud environments.
• Systems knowledge, including Linux/Unix environments, networking fundamentals, Kubernetes/container platforms, and cloud security concepts.
• Ability to translate complex identity and security risks into clear, actionable technical guidance for a broad range of stakeholders.
• Ability to read and write Python.
• Degree in Engineering, Computer Science, or STEM related field.

Nice to Have:

• Experience with infrastructure‑as‑code and security‑as‑code tooling (e.g. Terraform, Ansible), particularly for IAM, secrets management, and policy enforcement.
• Advanced coding skills in multiple major languages.
• Prior experience in high‑performance, research‑driven, or low‑latency engineering environments, where pragmatic security trade‑offs are required.