Join Mizuho as a Machine Identity Engineer!
Mizuho’s Identity and Access Management (IAM) team is in the midst of an exciting transformation. We're building a dedicated high performing IAM function that is central to the firm's cybersecurity and regulatory strategy. Our environment is dynamic, growing, and rich with opportunity. You’ll work alongside a talented group of professionals who are passionate about solving complex access challenges, automating at scale, and strengthening security posture across both on-premises and cloud environments. This is a unique chance to join our team that's shaping the future of IAM at a major financial institution.
Summary
We are seeking an experienced IAM Engineer with specialization in PKI, certificate lifecycle management, and secrets management to design, implement, and support identity and credential services for non-human identities across on-prem and cloud environments, with a strong emphasis on Azure-native identity services.
This hands-on engineering role focuses on delivering secure and scalable solutions for managing digital certificates, encryption keys, and non-human credentials used by servers, applications, services, APIs, and cloud workloads. The ideal candidate has deep expertise in PKI infrastructure, certificate lifecycle automation, and secrets management platforms such as CyberArk CCP, Azure Key Vault, or HashiCorp Vault, along with strong working knowledge of Microsoft Entra ID workload identities, Azure Managed Identities, service principals, and cloud IAM control patterns applicable to non-human identities.
This role is critical to strengthening the firm's identity security posture, enabling secure cloud adoption, and supporting compliance with regulatory and internal control requirements
Key Responsibilities
PKI & Certificate Lifecycle Management
Manage and enhance the enterprise PKI and Venafi certificate lifecycle management platform ensuring scalable, secure, and policy-compliant certificate operations.
Integrate certificate-based authentication into platforms, applications, network components, and Azure-native services, minimizing manual handling and outage risk.
Establish and enforce certificate lifecycle standards, monitoring, and alerting to ensure certificate health, trust integrity, and regulatory compliance.
Secrets Management
Deploy and support secrets management platforms (e.g., CyberArk CCP, Azure Key Vault, HashiCorp Vault) to protect non-human credentials, API keys, and sensitive configuration data.
Integrate secrets management with infrastructure automation and CI/CD pipelines; define and enforce rotation, expiration, and least-privilege access policies.
Cloud Workload Identity
Implement and support cloud workload identity patterns (e.g., Azure Managed Identities and service principals) to enable secure, identity-based access for non-human workloads and reduce reliance on static credentials.
Partner with cloud and platform teams to integrate workload identities with enterprise PKI and secrets management solutions, enforce least-privilege access models, and support security, audit, and compliance requirements.
Control Execution & Compliance
Maintain accurate and complete inventories of certificates, keys, secrets, and machine identities aligned with CMDBs or authorized asset repositories.
Ensure identity, credential, and key management controls are documented, monitored, and evidenced to support audit, risk, and regulatory requirements
Support regulatory exams, internal audits, and control testing activities, including evidence preparation, issue remediation, and control validation.
Cross-Functional Engagement
Partner with infrastructure, cloud, cybersecurity, and DevOps teams to align machine identity, certificate, and secrets controls with enterprise architecture standards.
Participate in design and architecture discussions to identify gaps and drive scalable, automation-friendly improvements.
Required Qualifications
7+ years of experience in Identity & Access Management, cybersecurity engineering, or related infrastructure security roles, with a strong focus on non-human identities.
Hands-on experience operating and supporting enterprise PKI and certificate lifecycle management platforms
Demonstrated experience with secrets management technologies such as CyberArk CCP/Secrets Manager, Azure Key Vault, or HashiCorp Vault.
Experience integrating PKI, certificates, and secrets with infrastructure platforms, applications, and automation pipelines.
Working knowledge of cloud workload identity concepts, including Azure Managed Identities and service principals.
Familiarity with security controls and regulatory expectations related to identity, credential, and key management (e.g., SOX, NIST).
Strong collaboration and communication skills, with the ability to work effectively across infrastructure, cloud, security, and DevOps teams.
The expected base salary ranges from $111k- $150k. Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications and licenses obtained. Market and organizational factors are also considered. In addition to salary and a generous employee benefits package, successful candidates are eligible to receive a discretionary bonus.
#LI-Hybrid
Other requirements
Mizuho has in place a hybrid working program, with varying opportunities for remote work depending on the nature of the role, needs of your department, as well as local laws and regulatory obligations. Roles in some of our departments have greater in-office requirements that will be communicated to you as part of the recruitment process.
Company Overview
Mizuho Financial Group, Inc. is the 15th largest bank in the world as measured by total assets of ~$2 trillion. Mizuho's 60,000 employees worldwide offer comprehensive financial services to clients in 35 countries and 800 offices throughout the Americas, EMEA and Asia. Mizuho Americas is a leading provider of corporate and investment banking services to clients in the US, Canada, and Latin America. Through its acquisition of Greenhill, Mizuho provides M&A, restructuring and private capital advisory capabilities across Americas, Europe and Asia. Mizuho Americas employs approximately 3,500 professionals, and its capabilities span corporate and investment banking, capital markets, equity and fixed income sales & trading, derivatives, FX, custody and research. Visit www.mizuhoamericas.com.
Mizuho Americas offers a competitive total rewards package.
We are an EEO/AA Employer - M/F/Disability/Veteran.
We participate in the E-Verify program.
We maintain a drug-free workplace and reserve the right to require pre- and post-hire drug testing as permitted by applicable law.
#LI-MIZUHO
Top Skills
What We Do
This is not your typical financial institution. It’s our people who make us a cut above. Here, every person is respected because of their differences, not in spite of them. We pride ourselves on a culture of purpose, passion and compassion.
At Mizuho, we provide the stability of an international industry leader with the career trajectory of a growing business. Our steady, strategic growth gives our people at all levels rewarding degrees of responsibility and a richer work experience than a boutique firm or an established giant could offer alone.
Working for Mizuho opens doors not just to a rewarding career with excellent prospects, but to lasting friendships with colleagues from diverse cultures. It’s the local expertise of our employees that makes our global network so powerful. By collaborating with colleagues and clients who have your same ambition, you can amplify your sphere of influence and base of knowledge as part of one of the largest—and growing—banks in the world.
We’re all global citizens, and that’s why our company feels compelled to make an impact through more than just drawing up deals. We prove that it’s possible to do well and do good. We do right by our clients, our community and each other.
