Senior Cloud Governance Engineer

About the Role As OpenKyber's businesses build and adopt AI agents at an accelerating pace, every connection those agents make to internal systems APIs, cloud services, collaboration tools, data stores generates a machine identity that must be provisioned, monitored, and governed. These credentials proliferate fast, operate autonomously, and fall entirely outside the governance models built for human users. OpenKyber is hiring a Senior Engineer to own this space end-to-end. This is a newly created, high-visibility role that sits at the intersection of Identity, Cloud, Enterprise Applications, and Cybersecurity. You'll lead the rollout and operationalization of OpenKyber's non-human identity (NHI) governance platform, build the workflows that let OpenKyber's lines of business move fast with appropriate guardrails, and establish the operational foundation that makes the broader AI governance program function. This is not a policy-writing role it's an engineering and operations role with real cross-functional ownership and material impact on how OpenKyber secures its AI-enabled future.

• NHI Governance Platform Rollout & Operationalization Lead the end-to-end deployment of OpenKyber's NHI governance platform across OpenKyber's environment, including integration with cloud platforms, identity providers, SaaS tools, and internal systems
• Partner with the Identity Management team to define and build the operational model for NHI discovery, classification, ownership assignment, and lifecycle management
• Develop dashboards, alerting, and reporting that give OpenKyber and business stakeholders real-time visibility into machine identity posture
• Machine Identity Governance Establish intake, assessment, and approval workflows for new machine identities and agent credentials across lines of business
• Partner with Identity on lifecycle management processes provisioning, rotation, access reviews, and decommissioning for secrets, service accounts, API keys, and OAuth tokens
• Identify ungoverned or orphaned credentials and drive remediation in collaboration with Cloud, Identity, and Engineering teams
• Cross-Functional Partnership Serve as the operational connective tissue between Identity Management, Cloud Operations, Enterprise Applications, and the Cybersecurity team
• Partner with Cyber to translate policy into enforceable, automated controls
• Collaborate with the AI team and lines of business to enable governed adoption of agentic AI governance as an enabler, not a bottleneck
• Represent OpenKyber in cross-functional forums on AI governance and machine identity strategy
• Program Development Build and maintain runbooks, standards, and documentation for machine identity operations
• Track metrics that demonstrate risk reduction and operational maturity over time
• Stay current on the evolving NHI and agentic AI threat landscape and bring relevant practices back to OpenKyber

• 5+ years in an infrastructure, identity, or security engineering role with demonstrated ownership of complex, cross-functional initiatives
• Hands-on experience with secrets management platforms (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault) and/or non-human identity tooling
• Strong working knowledge of cloud environments (AWS, Azure, or Google Cloud Platform) and how machine identities are created and used within them
• Familiarity with OAuth, OIDC, SAML, and API key-based authentication patterns
• Experience integrating security or identity tooling across enterprise environments you know what it takes to go from a new platform license to an operational program
• Ability to work across organizational boundaries: you're as comfortable in a technical deep-dive with engineers as you are presenting risk posture to stakeholders
• Clear, structured communicator written and verbal

• Experience with NHI governance or secrets security platforms (e.g., Entro Security, Astrix, Elimity, or similar)
• Background in or exposure to agentic AI frameworks and how AI agents authenticate to services
• Relevant certifications (CISSP, CCSP, cloud provider security certs)
• Experience in media, publishing, or other data-sensitive

For applications and inquiries, contact: hirings@openkyber.com