Principal IAM Engineer - Onsite or Remote

Whole Foods Market Bothell, WA

About the Job

Whole Foods Market is looking for a talented individual that can provide design and drive implementation of Identity and Access Management (IAM) services and infrastructure. This is a technical role on our Information Technology Team with equally dedicated and passionate Engineers supporting our IAM services.

The Principal IAM Engineer position is based in Austin, TX. Domestic relocation assistance is available. We are open to consider/discuss remote work from home situations.


  • Design and manage the next generation Privileged Access Management (PAM) processes using industry leading technology stacks and diving deep to resolve issues as they arise
  • Securely manage the identity lifecycle including user authentication and authorization for on premise and cloud solutions using an Amazon Web Services (AWS) and Microsoft centric technology stack
  • Define and lead in the design of programs that support and align with cloud-based online service strategies and engineering requirements for evolving security services, mechanisms and safeguards
  • Take part in an after-hours on-call support rotation and implement solutions, patching and deployment activities after hours as needed
  • Establish IAM and PAM strategy, architecture and designs
  • Work closely with technology and business stakeholders across Whole Foods Market and associated organizations
  • Lead cross-functionally to accelerate the development and deployment of new security features
  • Proactively identify and resolve challenges and issues that may impair the team’s ability to meet strategic, business and technical goals
  • Develop solutions using a cloud first approach within AWS
  • Evaluate vendor solutions to ensure they meet technology and cloud standards, as well as all applicable architecture considerations
  • Develop metrics that demonstrate the current risk state, indicators of progress and IAM business alignment
  • Engage with Development Teams during operational security reviews and provide leadership and security design guidance
  • Monitor technology and security developments and ensure the company’s security framework follows industry best practices
  • Advanced understanding of standard identity management tools, technologies and processes
  • Play a key and influential role working with others, in groups, in cross-functional settings and with diverse stakeholders internally and externally


  • 5-7+ years designing and managing Privileged Access Management (PAM) solutions, such as BeyondTrust, CyberArk, Liberman or Thycotic
  • 5-7+ years designing and managing Identity Governance and Administration (IGA) solution, such as Microsoft Identity Manager
  • 3+ years software development experience, C# or PowerShell preferred
  • 2+ years of experience with Amazon Web Services (AWS) preferred, including management of IAM roles and automation of infrastructure deployment across multiple AWS accounts
  • Proven analytical thinking, attention to detail and exceptional organizational skills
  • Knowledge of professional software engineering practices and best practices for the full software development life cycle, including coding standards, code reviews, source control management, build processes, testing and operations
  • Experience on large security access system upgrades/projects using the Scaled Agile Framework (SAFe)
  • Advanced understanding of IAM solutions and related technologies including Azure AD, Microsoft Identity Manager (MIM), Kerberos, LDAP, claims, entitlement and role mapping, etc.
  • B.S. Degree in Computer Science or related IT work experience in a global information technology environment

At Whole Foods Market, we provide a fair and equal employment opportunity for all Team Members and candidates regardless of race, color, religion, national origin, gender, pregnancy, sexual orientation, gender identity/expression, age, marital status, disability, or any other legally protected characteristic. Whole Foods Market hires and promotes individuals solely based on qualifications for the position to be filled and business needs.