Identity and Access Management Engineer (Hybrid)

Archer is an aerospace company based in San Jose, California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing, manufacturing, and operating an all-electric aircraft that can carry four passengers while producing minimal noise.

Our sights are set high and our problems are hard, and we believe that diversity in the workplace is what makes us smarter, drives better insights, and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences, and supports and celebrates all of our team members.

Identity and Access Management Engineer

Job Overview

We are seeking an Identity and Access Management Engineer to design and protect Archer's identity ecosystem. You are a proactive, team-oriented communicator who understands the bigger picture. The ideal candidate will develop and deploy enterprise-level authentication, authorization, and privileged access solutions that support our critical systems while ensuring compliance with CMMC Level 2, NIST SP 800-171, SOX, and ITAR. This role requires deep technical expertise in modern identity platforms (such as Okta, Google Identity Platform, AWS Identity Center, Azure AD), privileged access management (Delinea), identity governance, and Zero Trust principles. You will collaborate with infrastructure, security, and compliance teams to create scalable, auditable access controls that improve operational efficiency and security.

Key Responsibilities

• Design and implement Zero Trust Architecture (ZTA) across Archer's enterprise network, eliminating implicit trust and enforcing continuous verification of user identity and device posture before granting access.
• Architect and maintain Okta as the authoritative Identity Provider (IdP) for Archer, managing Single Sign-On (SSO), Multi-Factor Authentication (MFA), and user lifecycle management across all enterprise applications and SaaS platforms.
• Design and implement Privileged Access Management (PAM) using Delinea, including credential vaulting, privileged session management, and automated credential rotation for administrative and service accounts.
• Implement Identity Governance and Administration (IGA) controls to enforce role-based access control (RBAC), segregation of duties, periodic access reviews, and just-in-time (JIT) access provisioning.
• Build and maintain federated identity standards (OIDC, SAML, SCIM) to enable secure integration between Archer's identity platform and third-party applications, cloud providers, and vendor systems.
• Conduct access control audits and design remediation strategies to ensure compliance with NIST SP 800-171 Access Control (AC) requirements, CMMC Level 2 practices, and SOX ITGC expectations for financial systems.
• Implement automated audit logging and session recording for all authentication and privileged access events, ensuring that individual users' actions can be uniquely traced for compliance investigations and forensic analysis.
• Secure third-party and contractor access by implementing time-limited, role-restricted access provisioning and automated de-provisioning upon project completion or relationship termination.
• Stay current with emerging identity threats, attack vectors, and security best practices, including insider threats, account takeover (ATO), and lateral movement techniques.
• Provide technical guidance and training to IT, application, and security teams on identity best practices and policy enforcement.

Required Qualifications

• 5 plus years of experience in Identity and Access Management or related roles, with a minimum of 2 years in a senior or architect-level capacity.
• Hands-on design and implementation experience with enterprise Identity Providers such as Okta, Azure AD (Active Directory), or Ping Identity.
• Deep technical understanding of authentication protocols and standards, including OIDC, SAML, OAuth 2.0, and LDAP.
• Extensive experience designing and operating Privileged Access Management (PAM) solutions, preferably Delinea, including credential vaulting, session recording, and approval workflows.
• Working knowledge of RBAC (Role-Based Access Control) design and implementation, with the ability to map complex organizational hierarchies to access policies.
• Experience implementing and managing Multi-Factor Authentication (MFA) technologies such as FIDO2, Okta Verify, Duo Security, YubiKey, and PKI-based authentication.
• Strong understanding of NIST SP 800-171 and CMMC Level 2 requirements, specifically as they relate to access control, audit logging, and identity governance.
• Proficiency in scripting and automation using PowerShell, Python, or Bash to automate identity workflows, audit processes, and integrations.
• Excellent communication skills to translate complex identity architecture and compliance requirements to both technical teams and executive leadership.

Preferred Qualifications

• Hands-on experience architecting and implementing Zero Trust Architecture (ZTA) across enterprise networks.
• Experience with Identity Governance and Administration (IGA) platforms such as SailPoint or Okta Identity Governance. 
• Knowledge of SCIM (System for Cross-Domain Identity Management) and REST APIs for automating user provisioning and de-provisioning across SaaS applications and HR systems.
• Familiarity with aerospace, defense, or federal contractor environments, including experience with ITAR, CMMC enforcement, or DoD contract requirements.
• Experience conducting or participating in CMMC Level 2 assessments or NIST 800-171 compliance audits.
• Relevant security certifications such as CISSP, CISM, and Okta Certified Administrator, or Azure Administrator (AZ-104).
• Experience with insider threat detection, behavioral analytics, and anomalous access pattern identification.
• Knowledge of Single Sign-On (SSO) attacks, credential stuffing, phishing-resistant MFA, and modern attack techniques against identity systems.
• Direct experience with compliance frameworks, ISO 27001, PCI, HIPAA, ITAR/ EAR, NIST 800-171, CMMC, CUI, and DO-326A. 
• Advanced degrees in Computer Science, Cybersecurity, or Engineering.

Please note that this job description is intended to provide a general overview of the position and does not include an exhaustive list of responsibilities and qualifications

At Archer we aim to attract, retain, and motivate talent that possess the skills and leadership necessary to grow our business. We drive a pay-for-performance culture and reward performance that supports the Company’s business strategy. For this position we are targeting a base pay between 133,400 - 200,000. Actual compensation offered will be determined by factors such as job-related knowledge, skills, and experience.

Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit, qualifications, and business needs. We do not discriminate based upon race, color, religion, sex, sexual orientation, age, national origin, disability status, protected veteran status, gender identity or any other characteristic protected by federal, state or local laws.

Information collected and processed as part of any job applications you choose to submit is subject to Archer's Candidate Privacy Policy.

Archer is unable to provide work visa sponsorship for this position at the present time.

Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit, qualifications, and business needs. We do not discriminate based upon race, color, religion, sex, sexual orientation, age, national origin, disability status, protected veteran status, gender identity or any other characteristic protected by federal, state or local laws.

Archer Aviation does not engage with external recruiting agencies/individual recruiters with whom it does not have a prior written agreement. Archer reserves the right to make use of any unsolicited resumes that it receives and bears no responsibility for payment of any fees asserted from the use of unsolicited resumes. If you are a recruiting agency or individual recruiter wishing to do business with Archer, please reach out to People@archer.com. All employment processes are managed by the Archer People Team.