Description

Distinguished Technologist, Cloud Native Identity and Authorization

This role has been designed as 'Hybrid' with an expectation that you will work on average 2 days per week from an HPE office.

Who We Are:

Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today's complex world. Our culture thrives on finding new and better ways to accelerate what's next. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE.

Job Description:

As a Distinguished Technologist, Cloud Native Identity & Authorization, you will serve as a hands-on security architect embedded with platform teams to design, drive, and deliver IAM capabilities, leading the architecture and implementation for identity, authorization, and service-to-service security across cloud providers, on-prem/disconnected deployments, and modern distributed workloads. This is a rare chance to define how identity and authorization work at platform scale, shaping an evolving IAM control plane that spans cloud, hybrid, and disconnected environments, influences hundreds of engineers, and affects both customer-facing and internal capabilities.

Key Responsibilities

• Define and drive the platform IAM and authorization strategy, including a unified control plane that supports products at different maturity levels and hybrid/disconnected environments.

• Be embedded with product and platform teams long enough to shape implementation outcomes and iterate on designs through delivery.

• Architect and review secure identity and authorization systems for cloud (AWS/Azure/GCP), hybrid, and on-prem deployments: OAuth/OIDC flows, token architecture, RBAC/ABAC/ABAC+RBAC hybrids, delegated authorization, and service-to-service auth.

• Build practical, production-oriented threat models and trade-off analyses that account for real constraints (latency, offline operation, regulatory and customer environments).

• Provide hands-on technical leadership: review code and design artifacts, validate authentication/authorization flows, influence SDKs and libraries used by teams, and guide secure integration patterns beyond hyperscaler defaults.

• Influence and shepherd adoption: create pragmatic patterns, reference implementations, APIs, SDKs, and migration guides; secure alignment with engineering leaders and product teams.

• Mentor and guide engineers and security technologists through design sessions, architecture reviews, and implementation checkpoints. Lead through technical credibility .

• Contribute architectural input to detection, response, and operational security by surfacing IAM risk scenarios and failure modes.

• Prioritize pragmatic, incremental delivery & deliver usable capabilities that improve security posture while minimizing disruption to customers and teams.

Required Qualifications

• 15+ years of hands-on experience building, securing, or leading security platforms, products, or services, with deep focus on identity and authorization.

• Proven experience implementing or modernizing IAM systems using OAuth/OIDC, JWT/token architectures, RBAC and ABAC (or hybrid) implementations, delegated authorization, or custom authorization engines.

• Strong leadership skills with a history of mentoring and managing technical teams in complex, ambiguous environments.

• Strong experience with at least one major cloud (AWS, Azure, GCP) and working knowledge of hybrid/disconnected/on-prem constraints.

• Demonstrated ability to read & analyze code and libraries that implement auth flows and security controls.

• Deep understanding of cloud-native security architectures, application/service security, and identity & access management principles (OIDC, OAuth2, SAML, Zero Trust).

• Practical experience with secret management, KMS, identity providers, service mesh auth patterns, and policy enforcement points.

• Hands-on experience with threat modeling, secure design, and pragmatic DevSecOps practices that materially affect product security.

• Track record of influencing engineering outcomes across large organizations through technical authority and clear practical guidance.

• Comfortable with ambiguity and trade-offs; able to choose and deliver the right security solutions in complex, constrained environments.

Preferred

• Experience delivering IAM for platforms that must operate in disconnected or regulated environments.

• Built or contributed to authorization libraries, SDKs, or centralized policy engines used by multiple product teams.

• Familiarity with authorization policy languages (e.g., Rego/Open Policy Agent) and experience integrating them into platform services.

• Experience with scale considerations for token issuance, revocation, and cache/consistency models in distributed systems.

• Certified Kubernetes Security Specialist (CKS).

• Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP).

• Cloud security certifications such as AWS Certified Security Specialty, Google Professional Cloud Security Engineer, or Microsoft Certified: Azure Security Engineer Associate.

Additional Skills:

Cloud Architectures, Cross Domain Knowledge, Design Thinking, Development Fundamentals, DevOps, Distributed Computing, Microservices Fluency, Full Stack Development, Release Management, Security-First Mindset, User Experience (UX)

What We Can Offer You:

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have - whether you want to become a knowledge expert in your field or apply your skills to another division.

Unconditional Inclusion

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

Let's Stay Connected:

Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE.

#unitedstates

#executive, #greenlakecloudplatform

Job:

Engineering
Job Level:

TCP_07

The expected salary/wage range for this position is provided below. Actual offer may vary from this range based upon geographic location, work experience, education/training, and/or skill level.
- United States of America: Annual Salary USD 194,000 - 388,000 in Massachusetts // 170,000 - 412,500 in North Carolina & Texas
The listed salary range reflects base salary. Variable incentives may also be offered.

Information about employee benefits offered in the US can be found at https://myhperewards.com/main/new-hire-enrollment.html

HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity .

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

No Fees Notice & Recruitment Fraud Disclaimer

It has come to HPE's attention that there has been an increase in recruitment fraud whereby scammer impersonate HPE or HPE-authorized recruiting agencies and offer fake employment opportunities to candidates. These scammers often seek to obtain personal information or money from candidates.

Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process. The credentials of any hiring agency that claims to be working with HPE for recruitment of talent should be verified by candidates and candidates shall be solely responsible to conduct such verification. Any candidate/individual who relies on the erroneous representations made by fraudulent employment agencies does so at their own risk, and HPE disclaims liability for any damages or claims that may result from any such communication.

pca3lyuhf