Hard Rock Digital

Principal Identity Engineer

Hard Rock Digital United States Full-time 19 hours ago

What are we building?

Hard Rock Digital is a team focused on becoming the best online sportsbook, casino, and social gaming company in the world. We’re building a team that resonates passion for learning, operating, and building new products and technologies for millions of consumers. We care about each customer interaction, experience, behavior, and insight and strive to ensure we’re always acting authentically.

 

Rooted in the kindred spirits of Hard Rock and the Seminole Tribe of Florida, Hard Rock Digital taps a brand known the world over as the leader in gaming, entertainment, and hospitality. We’re taking that foundation of success and bringing it to the digital space - ready to join us?

 

What's the Position?

Identity is the control plane of modern security. In a Zero Trust world, every access decision — for every employee, every administrator, and every machine — flows through the identity systems you will own. We're looking for a Principal Identity Engineer to be the technical authority on how Hard Rock Digital decides who (and what) can access which systems, when, and under what conditions.

This is a deliberately senior, high-trust role — one of three Principal openings reporting directly to our VP Security / CISO — because identity is not a slice of our security program; it is the backbone the rest of it is built on.

 

You'll be our first dedicated identity hire, inside a 16-person security organization spanning Security Operations, Risk Management, and Architecture & Engineering. Day-to-day provisioning and helpdesk sit with our IT team; your job is architecture, automation, and governance that make access safe.

If you think in terms of blast radius, least privilege, and phishing-resistant authentication — and you like owning a domain end to end rather than a corner of it — you'll feel at home here.

 

What You'll Do

Identity & Access Architecture

  • Own the security architecture, standards, authentication methods, and roadmap for Microsoft Entra ID, our primary identity provider — partnering with IT on tenant operations

  • Design and continuously refine Conditional Access policies that balance strong protection with a smooth experience for a globally distributed workforce

  • Advance our rollout of phishing-resistant, passwordless authentication (passkeys, certificate-based, FIDO2)

  • Own federation and single sign-on across our SaaS estate (SAML, OIDC, OAuth 2.0, SCIM provisioning)

 

Privileged & Just-in-Time Access

  • Own our privileged access model using Microsoft Entra PIM — separate admin identities, just-in-time elevation, and approval workflows

  • Design and maintain break-glass procedures and safeguards for our most sensitive administrative paths

  • Reduce standing privilege across the environment and make "least privilege, just in time" the default

 

Identity Lifecycle & Access Governance

  • Automate the joiner-mover-leaver lifecycle so access is granted, changed, and revoked accurately and promptly

  • Build and run access reviews and entitlement governance, partnering with our GRC team on audit evidence (ISO 27001, SOC 2, PCI DSS, GLI-19/GLI-33)

  • Make access decisions auditable, explainable, and continuously right sized

 

Non-Human & Workload Identity

  • Govern service principles, managed identities, and workload/federated credentials across AWS, Azure, and GCP

  • Partner on secrets governance across our secrets management platforms to shrink the number of long-lived, standing secrets

  • Partner with our Principal Cloud & Network Security Engineer, who owns service-to-service authentication (mTLS, service mesh)

 

Zero Trust Strategy

  • Serve as the identity authority for our Zero Trust program, aligned to NIST SP 800-207 and the CISA Zero Trust Maturity Model (Identity pillar)

  • Partner with our cloud and network security function on identity-aware access through Cloudflare Access

  • Partner with Security Operations to make identity signals (risky sign-ins, privileged elevation, MFA anomalies) first-class inputs to detection and response

  • Advise on customer identity (CIAM) and account-security architecture — partnering with our Principal Product Security Engineer, who owns the application security of player-facing account flows, and with product engineering

  • This is a big charter by design — year one is about sequencing. You'll set the identity roadmap with the CISO, with leadership backing to execute against it. Our 24/7 Security Operations team owns monitoring; you'll be the escalation point for identity-related incidents.


What We're Looking For

  • 10+ years in identity and access management, security engineering, or a closely related field — or equivalent practical experience

  • Deep, hands-on expertise with a modern enterprise identity platform — Conditional Access, PIM/PAM, authentication methods, and identity governance (we run Microsoft Entra ID)

  • Strong command of identity protocols and patterns: SAML, OIDC, OAuth 2.0, SCIM, and modern MFA

  • Experience automating the identity lifecycle and integrating identity across a large SaaS and multi-cloud estate

  • Scripting and automation skills (PowerShell, Microsoft Graph API, Python) and comfort with Infrastructure as Code

  • A track record of designing least privilege, just-in-time access in a real production environment

  • Excellent written and verbal communication — you can explain an access decision to an engineer and a risk to an executive

  • Fluency with AI — you lead with it, reaching for AI tools daily to work faster and sharper; hands-on experience applying AI to security or engineering work is a must.

  • You don't need to tick every box. If you're deep in workforce identity but still growing into workload identity — or the reverse — we want to hear from you.

 

Bonus Points

  • Experience in a regulated industry (gaming, financial services, healthcare)

  • Exposure to customer/player identity (CIAM) and KYC providers

  • Passwordless or phishing-resistant MFA rollouts at scale

  • Familiarity with Identity Threat Detection & Response (ITDR)

  • Relevant certifications (e.g., Microsoft Identity & Access Administrator, CISSP)

 

Who You Are

  • Strategic and hands-on — you set direction and you build the thing

  • Fiercely focused - zero in on the control that matters most and finishes strong

  • Deeply curious — you test assumptions and keep learning as the identity landscape shifts

  • Customer obsessed about access — you treat login friction as a security outcome and design controls people don't have to fight

  • A clear communicator who builds trust across security, IT, engineering, and leadership

 

Why This Role Is Different

At most companies, identity is a queue of tickets buried inside an infrastructure team. Here it’s the backbone of our Zero Trust program: you set the strategy, you build the controls, and you answer directly to the CISO. If you've been waiting for identity to be treated as the strategic function it deserves to be, this is that role.

 

This is one of three Principal openings reporting to our VP Security / CISO: Identity (who and what gets access), Cloud & Network Security (where workloads run and how traffic moves), and Product Security (the code and its vulnerabilities). Apply to the one that sounds like your Tuesday.

 

What’s in it for you?

We offer our employees more than just competitive compensation. Our team benefits include:

  • Competitive pay and benefits

  • Flexible vacation allowance

  • A hybrid / remote working environment

  • Startup culture backed by a secure, global brand

 

Roster of Uniques

We care deeply about every interaction our customers have with us, and trust and empower our staff to own and drive their experience. Our vision for our business and customers is built on fostering a diverse and inclusive work environment where regardless of background or beliefs you feel able to be authentic and bring all your talent into play. We want to celebrate you being you (we are an equal opportunity employer).

Hard Rock Digital

Hard Rock Digital

Apply now
United States
Full-time
19 hours ago

Share this job

Similar Jobs