Uniphore is one of the largest B2B AI-native companies—decades-proven, built-for-scale and designed for the enterprise. The company drives business outcomes, across multiple industry verticals, and enables the largest global deployments.
Uniphore infuses AI into every part of the enterprise that impacts the customer. We deliver the only multimodal architecture centered on customers that combines Generative AI, Knowledge AI, Emotion AI, workflow automation and a co-pilot to guide you. We understand better than anyone how to capture voice, video and text and how to analyze all types of data.
As AI becomes more powerful, every part of the enterprise that impacts the customer will be disrupted. We believe the future will run on the connective tissue between people, machines and data: all in the service of creating the most human processes and experiences for customers and employees.
Job Description:
About The Role
We are looking for a Senior Security Engineer to own and mature our identity and access program, with a primary focus on machine and non-human identity. Traditional human IAM is the foundation, but this role exists for what is coming: as we deploy agentic AI, every agent, MCP server, service, workload, and pipeline becomes an identity that must be authenticated, scoped to least privilege, governed, and retired. You will own the credentials, secrets, and privileged access that hold a complex multi-cloud, AI-driven enterprise together, and build the identity fabric that lets us scale agentic systems without expanding our attack surface. This role owns machine, workload, and non-human identity and the credentials behind our platform.
This is a hands-on role for an engineer who is passionate about automation, security-as-code, and treating both human and non-human identity as first-class security problems.
What You Will Do (Key Responsibilities)
- Own the non-human identity (NHI) program: inventory, govern, and secure service accounts, workload identities, API keys, tokens, OAuth clients, and certificates used by applications, pipelines, AI agents, and MCP servers.
- Drive machine access toward least-privilege, short-lived, and fully auditable credentials, and design the model for how non-human identities are issued, scoped, rotated, and revoked at scale.
- Define and govern the authorization model for AI agent and tool access (including MCP), ensuring agents can reach only what they are explicitly entitled to.
- Own Privileged Access Management (PAM) across engineering and cloud environments: vaulting, just-in-time access, session control, and the elimination of standing privilege.
- Own secrets management: centralize and rotate secrets, eliminate hardcoded credentials, and embed secret hygiene into CI/CD and runtime.
- Own identity governance: periodic access reviews (User Access Reviews), entitlement management, and least-privilege enforcement across human and non-human identities, automating the end-to-end review process. Workforce IdP administration is owned by IT and partner on governance and access policy.
- Architect least-privilege IAM across our multi-cloud estate (AWS primary), including workload identity and cross-account and cross-provider trust, reducing identity blast radius across our hybrid (AWS and Rackspace) seam.
- Govern application and agent identity, including Entra app-registration governance and OAuth scope management.
- Partner with DevOps and engineering to embed automated identity controls into pipelines and Infrastructure as Code (Terraform).
- Partner with IT on corporate endpoint and email security baselines (e.g., CIS Benchmarks), supporting rather than owning, as IT leads corporate device management.
- Create and maintain clear documentation and standards for all identity, secrets, and privileged-access processes.
Required Qualifications
- 5 to 7 years of hands-on Identity and Access Management engineering experience.
- Expert-level proficiency securing machine and non-human identity: service accounts, workload identity (e.g., AWS IAM roles, OIDC federation, or equivalent), API keys and tokens, and certificate and secrets management (e.g., HashiCorp Vault, cloud secret managers).
- Deep understanding of service-to-service authentication and authorization such as OAuth 2.0, OIDC, JWT, mTLS, and workload authentication patterns.
- Hands-on experience deploying and operating a Privileged Access Management (PAM) solution in engineering environments, with just-in-time and least-privilege models.
- Deep, mandatory experience securing resources with AWS IAM and multi-cloud identity is a strong plus.
- Strong grasp of authorization models (RBAC, ABAC, least privilege) and identity governance.
Preferred Qualifications
- Experience securing identity for AI, ML, LLM, or agentic systems, including non-human identity, agent credentials, and MCP or tool-access authorization at scale.
- Scripting for automation (Python, PowerShell) and Infrastructure as Code (Terraform) for identity resources.
- Hands-on with workload-identity and secrets tooling such as HashiCorp Vault, cloud secret managers, certificate lifecycle, and SPIFFE/SPIRE or equivalent workload identity.
- Experience with secrets and certificate lifecycle automation.
- Relevant certifications (e.g., CISSP) and a degree in Computer Science, Information Security, or a related field.
Location preference:
India - Bangalore, India - Chennai
Uniphore is an equal opportunity employer committed to diversity in the workplace. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, disability, veteran status, and other protected characteristics.
For more information on how Uniphore uses AI to unify—and humanize—every enterprise experience, please visit www.uniphore.com.