Become a part of our caring community
 

Summary
(Candidate should be located in one of the following Metro locations: Louisville KY, NYC Metro, Dallas Metro, Charlotte NC Metro, South Florida, Washington DC metro, Chicago, Boston, Atlanta, Nashville).
The Lead Cloud Security Architect will drive both the architectural vision and hands-on engineering implementation for Workforce IAM, Cloud IAM, and fine--grained authorization capabilities. This role will design and build modern identity and access patterns across cloud and application environments, develop- and implement PBAC infrastructure and policies for fine-grained and contextual authorization, and establish the identity security framework required to support emerging AI workloads. The architect will collaborate closely with engineering, platform, and application teams to deliver secure-by-design solutions, strengthen authentication and authorization controls, and modernize identity security across the enterprise. This position requires deep technical expertise-, strong engineering acumen, and the ability to translate complex identity challenges into scalable, resilient, and secure architectures.

Key Responsibilities

· Architect and implement PBAC and RBAC solutions, including policy models, roles, decision engines, enforcement points, and policy‑as‑code frameworks.

· Design and operationalize fine‑grained authorization for applications, services, APIs, and data platforms, enabling contextual and attribute‑based access decisions.

· Develop an identity security framework for AI, defining identity controls, access constraints, and governance models for AI agents, models, datasets, and prompt flows.

· Integrate PBAC with workload identity, service‑to‑service authentication, and distributed access decisioning within modern cloud and microservice environments.

· Partner with application and platform teams to embed authorization-by-design into solution architecture, code, and deployment pipelines.

· Evaluate and implement fine grained authorization policies & custom RBAC roles; defining their integration points and governance processes.

· Develop automated tooling for policy validation, simulation, testing, and versioning to ensure consistent enforcement and safe policy deployment.

· Ensure authorization architecture aligns with risk, compliance, and regulatory requirements while supporting performance, reliability, and developer usability.

· Stay current on emerging trends in authorization engineering, zero trust, AI access governance, and modern identity security paradigms.

Use your skills to make an impact
 

Role Requirements

Required:

· 5+ years of experience in cloud security architecture, identity engineering, or IAM platform development within large, complex environments.

· Deep technical expertise in Workforce IAM and Cloud IAM, including federation, authentication flows, workload identity, entitlement models, and identity governance.

· Hands-on experience designing and implementing fine--grained authorization solutions, including standalone PBAC/ABAC architectures, policy--as---code, and authorization decision engines.

· Strong understanding of modern identity protocols and patterns (OIDC, OAuth2, SAML, JWT, service identity, API authorization).

· Experience engineering scalable authorization or IAM components, including integration with CI/CD pipelines, automation frameworks, and cloud-native services.

· Practical knowledge of cloud provider IAM (Azure, AWS, GCP), including role design, conditional access, workload identity, and cloud-native security controls.

· Familiarity with identity security requirements for AI, including secure access for AI agents, models, datasets, and prompt flows utilizing modern security controls

· Demonstrated ability to translate complex identity and authorization needs into secure, reusable architectural patterns.

· Strong scripting or automation abilities (Python, PowerShell, Terraform, or similar), with experience building tools or utilities that support IAM/PBAC capabilities.

· Excellent communication skills, with the ability to clearly articulate technical concepts to engineering, product, and security stakeholders.

· Experience working in SAFE or similar agile work methodologies.

· Hands-on, analytical problem-solver with the ability to support on-call escalations for identity and authorization issues.

Preferred Requirements

· Bachelor's degree in Cybersecurity, IT, Computer Science or related field.

· Industry certifications such as, but not limited to, CISSP, CCSP, CISM, MS SC-300

· Experience working across both agile and waterfall based methodologies for project delivery

Remote/WAH requirements:

• WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
• A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required.  
• Satellite and Wireless Internet service is NOT allowed for this role.
• A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information

Travel: While this is a remote position, occasional travel to Humana's offices for training or meetings may be required.

Scheduled Weekly Hours

40

Pay Range

The compensation range below reflects a good faith estimate of starting base pay for full time (40 hours per week) employment at the time of posting. The pay range may be higher or lower based on geographic location and individual pay will vary based on demonstrated job related skills, knowledge, experience, education, certifications, etc.

 

$142,300 - $195,700 per year

 

This job is eligible for a bonus incentive plan. This incentive opportunity is based upon company and/or individual performance.

Description of Benefits

Humana, Inc. and its affiliated subsidiaries (collectively, “Humana”) offers competitive benefits that support whole-person well-being. Associate benefits are designed to encourage personal wellness and smart healthcare decisions for you and your family while also knowing your life extends outside of work. Among our benefits, Humana provides medical, dental and vision benefits, 401(k) retirement savings plan, time off (including paid time off, company and personal holidays, volunteer time off, paid parental and caregiver leave), short-term and long-term disability, life insurance and many other opportunities.

Application Deadline: 04-17-2026

About us
 

About Humana: Humana Inc. (NYSE: HUM) is a leading U.S. healthcare company. Through our Humana insurance services and our CenterWell healthcare services, we make it easier for the millions of people we serve to achieve their best health – delivering the care and service they need, when they need it. These efforts are leading to a better quality of life for people with Medicare and Medicaid, families, individuals, military service personnel, and communities at large. Learn more about what we offer at Humana.com and at CenterWell.com.

​
Equal Opportunity Employer

It is the policy of Humana not to discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, genetic information, disability or protected veteran status. It is also the policy of Humana to take affirmative action, in compliance with Section 503 of the Rehabilitation Act and VEVRAA, to employ and to advance in employment individuals with disability or protected veteran status, and to base all employment decisions only on valid job requirements. This policy shall apply to all employment actions, including but not limited to recruitment, hiring, upgrading, promotion, transfer, demotion, layoff, recall, termination, rates of pay or other forms of compensation and selection for training, including apprenticeship, at all levels of employment.