Senior Identity & Access Management Engineer – Authentication and Authorization

At Freddie Mac, our mission of Making Home Possible is what motivates us, and it’s at the core of everything we do. Since our charter in 1970, we have made home possible for more than 90 million families across the country. Join an organization where your work contributes to a greater purpose.

Position Overview:

We are seeking a Senior Identity & Access Management Engineer – Authorization (CAM / PlainID) to support Freddie Mac’s Centralized Authorization Management (CAM) platform built on PlainID. This role is responsible for the engineering, operations, and lifecycle management of a Tier‑0 enterprise authorization service that enables secure, scalable, and compliant access control across applications, APIs, and microservices.

.

Our Impact:

Centralized Authorization Management (CAM) i s a foundational security capability at Freddie Mac. By providing a single, enterprise‑grade authorization layer, CAM enables:

• Consistent enforcement of fine‑grained access control across business applications and services

• Reduced security risk through centralized policy governance and visibility

• Faster, safer application onboarding and modernization 

• Improved audit readiness and regulatory compliance

The CAM (PlainID) platform operates as a 24x7 Tier‑0 service, directly supporting business‑critical workloads and enabling secure digital transformation across the enterprise.

Your Impact:

In this role, you will:

• Engineer, operate, and continuously enhance Freddie Mac’s Centralized Authorization Management (CAM) platform using PlainID, ensuring secure and consistent authorization enforcement across enterprise applications, APIs, and microservices

• Design, implement, and support fine‑grained authorization policies using RBAC, ABAC, and PBAC models to meet evolving business and security requirements

• Partner with application and platform teams to onboard services onto CAM, troubleshoot authorization issues, and improve developer adoption of centralized authorization patterns

• Leverage AI‑assisted and GenAI tools where appropriate to improve productivity, accelerate analysis, enhance troubleshooting, and support intelligent automation—while ensuring solutions align with enterprise security, compliance, and governance standards

• Collaborate closely with IAM, infrastructure, network security, operations, and architecture teams to maintain a secure, scalable, and compliant authorization ecosystem

• Support 24X7 oncall Support

• Your work will directly influence how access decisions are made, enforced, and modernized across Freddie Mac’s technology landscape, enabling secure innovation at enterprise scale.
   

Qualifications:

• 8+ years of IT experience, with demonstrated expertise in Identity & Access Management (IAM), authorization, and enterprise security platforms

• 4+ years of hands‑on experience designing, implementing, and supporting authorization or IAM solutions, including centralized authorization platforms, policy‑based access control (RBAC, ABAC, PBAC), and API‑driven architectures

• Experience working with authorization platforms such as PlainID or similar policy decision engines; experience evaluating or implementing lightweight authorization solutions (e.g., AWS Verified Permissions) is a plus

• Experience integrating authorization services with IAM ecosystems, including Ping Identity Platform (authentication, federation, identity propagation) and enterprise directory services such as Radiant Logic Enterprise Directory

• Strong understanding of credential and secret management, Zero Trust principles, and secure access patterns for cloud and hybrid environments

• Experience with cloud platforms (AWS required; Azure and GCP a plus), APIs, microservices, and distributed systems

• Proficiency in Linux and Windows environments, and familiarity with databases and identity/attribute data sources

• Experience supporting production, Tier‑0 platforms with high availability, resiliency, and on‑call responsibilities

• Hands‑on experience with AWS, including EKS (Elastic Kubernetes Service), containerized workloads, and cloud‑native architectures

• Experience supporting CI/CD pipelines, build and release processes, and automated deployment workflows for security or platform services

• Familiarity with infrastructure‑as‑code and automation tools (e.g., Terraform, Helm, Ansible)

• Exposure to automation and infrastructure‑as‑code tools (e.g., Terraform, Ansible, CI/CD pipelines) and interest in leveraging AI / GenAI tools to improve engineering and operational efficiency

Keys to Success in this Role:

• Collaborates effectively across engineering, security, and operations teams to solve complex authorization and platform challenges

• Proactively identifies improvement and modernization opportunities, bringing innovative ideas to enhance security, reliability, and efficiency

• Adapts quickly in a dynamic, high‑availability environment, balancing operational demands with long‑term platform evolution

• Prioritizes effectively and delivers results under tight timelines, especially in Tier‑0 production and incident‑driven scenarios

Current Freddie Mac employees please apply through the internal career site.

We consider all applicants for all positions without regard to gender, race, color, religion, national origin, age, marital status, veteran status, sexual orientation, gender identity/expression, physical and mental disability, pregnancy, ethnicity, genetic information or any other protected categories under applicable federal, state or local laws. We will ensure that individuals are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

A safe and secure environment is critical to Freddie Mac’s business. This includes employee commitment to our acceptable use policy, applying a vigilance-first approach to work, supporting regulatory mandates, and using best practices to protect Freddie Mac from potential threats and risk. Employees exercise this responsibility by executing against policies and procedures and adhering to privacy & security obligations as required via training programs.

CA Applicants:  Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Notice to External Search Firms: Freddie Mac partners with BountyJobs for contingency search business through outside firms. Resumes received outside the BountyJobs system will be considered unsolicited and Freddie Mac will not be obligated to pay a placement fee. If interested in learning more, please visit www.BountyJobs.com and register with our referral code: MAC.

Time-type:Full time

FLSA Status:Exempt

Freddie Mac offers a comprehensive total rewards package to include competitive compensation and market-leading benefit programs. Information on these benefit programs is available on our Careers site.

This position has an annualized market-based salary range of $112,000 - $168,000 and is eligible to participate in the annual incentive program. The final salary offered will generally fall within this range and is dependent on various factors including but not limited to the responsibilities of the position, experience, skill set, internal pay equity and other relevant qualifications of the applicant.