Senior Identity Security Engineer - Palantir

Palantir builds the world’s leading software for data-driven decisions and operations. By bringing the right data to the people who need it, our platforms empower our partners to develop lifesaving drugs, forecast supply chain disruptions, locate missing children, and more.

The Role

As a Senior Identity Security Engineer on Palantir's Identity Security team, you will own the security posture of the identity infrastructure that Palantirians, customers, and services rely on every day. The Identity Security team is responsible for all identity types at Palantir - workforce, customer, workload, and agentic - giving you the rare ability to architect, threat model, and drive security outcomes across the full identity surface. You will help shape the technical direction for identity security at Palantir, reduce standing access, lead identity threat modeling, and contribute to the next generation of identity primitives including agent identity, JIT-native governance, and unified policy enforcement across workforce and customer IAM. As part of Palantir's best-in-class Information Security organization, you will research, architect, and scale solutions that help Palantir stay ahead of a dynamic identity threat landscape.

Own the day-to-day identity security posture across corporate, production, customer, and US Government identity planes

Drive the rollout of agent identity infrastructure - short-lived credentials, lifecycle bound to a human principal, controlled workload onboarding

Architect authentication, federation, and authorization systems - including SAML, OIDC, and policy-driven access control models (RBAC, ABAC, policy-as-code) - across workforce and workload identity

Scale non-human identity patterns across service, workload, and agent populations - short-lived credentials, mTLS, identity-based networking

Drive adoption of just-in-time access patterns across the identity program, partnering with platform and engineering teams on governance rollout and policy enforcement

Lead identity threat modeling on a regular cadence; publish findings and track remediation

Serve as a primary security reviewer on identity architecture decisions and cross-team RFCs

Research and drive adoption of emerging identity security primitives and standards in partnership with Security Engineers across InfoSec

Partner with engineering teams across Palantir to reduce the attack surface of identity integrations at scale

Experience with cloud IAM and workload identity patterns - service accounts and identity-based access in distributed environments

Experience designing or evaluating non-human identity (NHI) architectures - service, workload, and agent - and a strong point of view on where the industry is headed

Familiarity with privileged access management and secrets management patterns at scale

A track record of reducing standing access and shifting organizations toward just-in-time access postures in production environments

Experience with identity governance platforms and a clear-eyed view of their security implications

Identity threat detection and response experience, including detection engineering against identity telemetry

Red team, offensive security, or incident response background - especially with an identity focus

Exposure to regulated environments (FedRAMP, SOX, IL-levels)

Desire to further the identity security community through substantive contributions (e.g. conference talks, blog posts, public tool development, RFCs)

Current US security clearance, or eligibility to obtain clearance

5+ years of experience in Information Security, Identity and Access Management, or an equivalent discipline, with demonstrated depth in identity-specific security

Hands-on production experience with at least one enterprise identity provider (Entra ID, Okta, or equivalent), including its governance and security surface

Deep technical proficiency in identity protocols (SAML, OIDC, OAuth 2.0, SCIM, FIDO2, WebAuthn) and their attack surface

Working proficiency in Go, Python, PowerShell, or TypeScript - enough to prototype tooling, analyze identity-handling code for security defects, scale automation across the environment, and engage in code review

Strong communication skills and ability to communicate to a wide-ranging audience - from engineer-facing design reviews to leadership-facing risk calls