Principal Security Engineer (Identity & Access)

TL;DR

Principal Security Engineer (Identity & Access): Designing and scaling a modern, automated identity security program for a global fintech payments processor with an accent on workforce identity lifecycles and zero trust architecture. Focus on engineering automated Joiner-Mover-Leaver processes, implementing IGA frameworks, and integrating identity systems during M&A.

Location: Hybrid in Madrid, Barcelona, Sao Paulo, Buenos Aires, Montevideo, or Bucharest

Company

hirify.global enables the biggest companies in the world to collect payments in 40 countries in emerging markets.

What you will do

• Engineer highly automated Joiner-Mover-Leaver (JML) processes, access certifications, and Separation of Duties (SoD) frameworks.
• Design and scale authentication and authorization foundations leveraging SAML, OAuth2, OpenID Connect, and SCIM.
• Drive the adoption of Zero Trust architecture and Adaptive MFA across cloud, SaaS, and on-premise environments.
• Lead the identity integration strategy for mergers, acquisitions, and massive enterprise transformation initiatives.
• Codify governance by designing self-service identity workflows and automated controls that translate compliance policies into code.
• Collaborate as an IAM diplomat with engineering directors and cross-functional teams to enforce security without alienating stakeholders.

Requirements

• Proven track record of designing, building, or scaling Identity and Access programs in fast-paced, complex environments.
• Deep hands-on experience with modern workforce identity systems, lifecycle processes (JML, SoD), and protocols (SAML, OIDC, OAuth2, SCIM).
• Expertise in RBAC/ABAC models and enterprise identity platforms such as Okta, SailPoint, or Saviynt.
• Ability to maintain a critical balance between strict least-privilege security and high business usability.
• Strong mentoring, leadership, and documentation capabilities to elevate the wider engineering organization.
• Must be based in one of the hub locations: Madrid, Barcelona, Sao Paulo, Buenos Aires, Montevideo, or Bucharest

Nice to have

• Experience navigating identity requirements in highly regulated environments (PCI-DSS, SOX, SOC 2).
• Familiarity with machine identity governance, secrets management, and API access.
• Relevant industry certifications in the identity domain.

Culture & Benefits

• Flexible schedules driven by performance and impact.
• Opportunity to work in a dynamic, ever-evolving fintech environment.
• Internal referral bonus program.
• Monthly social budget for team bonding, either in person or remotely.
• hirify.global Houses: Opportunity to rent a house for one week anywhere in the world to cowork with the team.

Hiring process

• CV review by the Talent Acquisition team.
• Ongoing communication via email at every step of the process.