AI Identity & Endpoint Controls Lead

<div><b>The Role:</b><br/><br/>We are seeking an Associate Director to lead the design, selection, and implementation of enterprise cybersecurity solutions spanning non-human identity (NHI) and credential management - including agentic AI identities - and endpoint software execution and configuration controls across Windows and macOS. This is a hands-on technical leadership role: the Associate Director will grow and then lead a small team of senior security engineers covering NHI governance, endpoint execution control, and AI agentic discovery, and remains directly engaged in architecture decisions, vendor evaluations, and complex technical problem-solving alongside the team. <br/><br/>A core focus is building the AI security control plane - the identities, enforcement points, telemetry, and governance that make agentic AI and automation safe to operate at enterprise scale. The role defines reference architectures, selects and integrates security tooling, establishes credential and execution control lifecycle processes, and partners across Security, IT, and Engineering to deliver outcomes through direct reports, contingent workers, and professional services partners. <br/><br/><b>Here's What You'll Do</b><br/><ul><li>Own the technical strategy, architecture, and roadmap for NHI and credential security, agentic AI identity governance, and endpoint execution and configuration control across Windows and macOS.</li><li>Lead and develop a team of senior security engineers, direct contingent workers and professional services engagements to deliver program outcomes.</li><li>Evaluate, select, and deploy enterprise platforms for secrets management, agentic identity governance, and endpoint application allow-listing - leading vendor selection, proof of value (POV) exercises, and integration into the broader security stack.</li><li>Design and operationalize the full credential lifecycle for non-human identities - vaulting, brokered access, short-lived credentials, workload identity, rotation, attestation, and decommissioning - for services, automation, CI/CD, and AI agents.</li><li>Build the AI security control plane: enforcement points, approval and exception workflows, audit telemetry, and policy guardrails governing how agents and programmatic identities access tools, data, and endpoints.</li><li>Partner with AI platform owners and engineering teams to make secure credential use and policy-compliant tool access the default in developer workflows.</li><li>Lead endpoint execution control and configuration hardening - allow-listing, code-signing trust, script and installer controls, policy authoring, staged rollouts, exception handling, and continuous compliance.</li><li>Build detection and reporting for credential misuse and execution-control bypass; partner with SecOps and Cyber Incident Response on playbooks and response.</li><li>Author standards, reference architectures, and technical documentation; serve as a principal-level reviewer and mentor across identity and endpoint security initiatives.</li></ul><br/><br/><b>Here's What You'll Need (Minimum Qualifications)</b><br/><ul><li>8+ years of experience in security engineering, identity engineering, platform engineering, or a closely related domain, with demonstrated principal-level technical leadership.</li><li>Demonstrated ability to drive complex initiatives across multiple teams, balancing risk reduction, delivery timelines, and stakeholder alignment.</li><li>Ability to navigate ambiguous and sometimes conflicting requirements and priorities, cut through noise to make decisions and take action, incorporate feedback constructively, and maintain strong judgment when sustained direction is needed-delivering short-term progress while building toward long-term solutions.</li><li>Experience leading and scaling delivery through a mix of direct reports, contingent workers, and/or professional services partners.</li><li>Deep understanding of non-human identity patterns and programmatic credential use in modern systems (microservices, CI/CD, IaC, automation, and APIs).</li><li>Hands-on experience implementing credential security controls such as secrets management/vaulting, PKI/cert lifecycle, token issuance/exchange, short-lived credentials, and automated rotation.</li><li>Strong knowledge of authentication and authorization concepts (OAuth 2.0, OIDC, SAML, JWT, mTLS, key management, least privilege, scoped permissions).</li><li>Experience designing operational processes for credential inventory, ownership, attestation, and lifecycle governance at scale.</li><li>Endpoint platform familiarity across Windows and macOS, including OS security primitives, software distribution, and device management concepts.</li><li>Experience implementing endpoint execution controls and configuration baselines across Windows and macOS, including policy rollout, exception management, and measurable enforcement outcomes.</li><li>Familiarity and hands-on experience with modern AI platforms and developer assistants (e.g., OpenAI, Anthropic, GitHub Copilot), including how they are integrated and governed in enterprise environments.</li><li>Strong cybersecurity fundamentals and experience designing preventive/detective controls and control-plane architectures (policy, enforcement, monitoring) that scale across platforms and teams.</li><li>Ability to translate risk into pragmatic designs and to influence across Security, IT, and Product/Engineering stakeholders.</li><li>Strong written communication and documentation skills; ability to define standards and drive adoption.</li></ul><br/><br/><b>Here's What You'll Bring to the Table (Preferred Qualifications)</b><br/><ul><li>Experience with enterprise secrets/token platforms (e.g., HashiCorp Vault, Conjur, Azure Key Vault, AWS Secrets Manager, GCP Secret Manager) and integrating them into developer platforms.</li><li>Experience with GxP regulated environments</li><li>Experience with workload identity and federation patterns (e.g., SPIFFE/SPIRE, cloud workload identity, Kubernetes service account federation).</li><li>Familiarity with endpoint management ecosystems (e.g., Microsoft Intune, Jamf, MDM configuration profiles, Group Policy) and security telemetry pipelines.</li><li>Experience with Windows Defender Application Control (WDAC) and code-signing strategies; macOS notarization and signing enforcement at scale.</li><li>Background building security guardrails for AI/automation systems (e.g., agent tool permissioning, policy-as-code, approval workflows, and audit logging for autonomous actions).</li><li>Experience with threat modeling, red-team/blue-team collaboration, and defining measurable security outcomes.</li></ul><br/><br/><b>Pay & Benefits</b><br/><br/><b>At Moderna, we believe that when you feel your best, you can do your best work. </b><b>That's why our benefits and well-being resources are designed to support you-at work, at home, and everywhere in between.</b><br/><ul><li>Competitive healthcare, plus voluntary benefit programs to support your unique needs</li><li>A holistic approach to well-being, with access to fitness, mindfulness, and mental health support</li><li>Family planning benefits, including fertility, adoption, and surrogacy support</li><li>Generous paid time off, including vacation, volunteer days, sabbatical, global recharge days, and a discretionary year-end shutdown</li><li>Savings and investments to help you plan for the future</li><li>Location-specific perks and extras</li></ul><br/>The salary range for this role is $158,600.00 - $285,500.00(for positions that may be performed in California, the expected salary range is $0.00 - $0.00, which reflects the range permitted under California Labor Code requirements) . This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An individual's position within the salary range will be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, experience, skills, performance, and business or organizational needs.The successful candidate may be eligible for an annual discretionary bonus, other incentive compensation, or equity award, subject to company plan eligibility criteria and individual performance.<br/><br/>#LI-CK1</div>

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...