Cloud Solutions Engineer Jobs in Irving, TX

Overview

As a Principal Identity Architect, you will lead and drive Epsilon's identity modernization program - moving the organization from legacy SAML and long-lived credential patterns toward a modern, OAuth 2.1 / OpenID Connect (OIDC)-first approach. You will design and implement secure token flows, machine identity patterns, and integration standards that work across multi-cloud and multi-platform environments, while guiding others to deliver against the same bar.

In this role, you partner with Security, Cloud Engineering, Platform, Application, and Data teams to migrate service accounts and API keys toward scoped, ephemeral machine identities; apply enterprise standards for OAuth applications and token usage; and support emerging requirements in non-human and AI-assisted authentication. You bring practical rigor to authorization server integrations, token scopes, claims usage, and lateral-movement risk reduction - helping teams adopt identity patterns that are secure, repeatable, and developer-friendly.

You will also lead identity observability and governance improvements - building the logging, integration health, and visibility needed to manage human and machine identity activity at scale. You mentor peer architects and engineers, delegate work across the identity team and partner groups, and remain hands-on enough to unblock complex integrations and set the technical example. Your work directly improves security posture, developer velocity, audit readiness, and the organization's ability to adopt cloud-native workloads safely.

This role is ideal for a hands-on technical leader with strong OAuth/OIDC experience who can drive initiatives end-to-end, develop others, and translate architecture direction into working integrations, documented patterns, and accountable delivery across teams.

Responsibilities

Identity Architecture & Protocol Design:

• Lead implementation and adoption of enterprise identity standards with an OIDC-first posture - driving migration away from SAML and legacy authentication patterns toward modern OAuth 2.0 / 2.1 and OpenID Connect flows.
• Design and review secure token flows including authorization code with PKCE (required), client credentials (M2M), and delegated authorization patterns; identify and remediate deprecated implicit flows and other OAuth 2.1 anti-patterns.
• Ensure correct separation of ID token vs. access token usage - authorization data is not embedded in ID tokens and access tokens are scoped, time-bound, and used appropriately at resource servers.
• Apply sound authorization models spanning scopes, claims, audience, and token lifetime - reducing risk from token leakage, replay, and lateral movement across shared authorization servers.
• Assess integration designs for centralized authorization server risks, token scope exposure, and cross-application trust boundaries; recommend API management and federation patterns where appropriate.

Machine & Non-Human Identity (NHI):

• Drive the transition from long-lived service accounts and API keys to machine identities using OAuth client credentials, API service applications, and cloud-native workload identity patterns.
• Help establish non-human identity as a distinct identity category with governance, traceability, and entitlement scoping appropriate to each use case.
• Design and implement non-interactive M2M authentication patterns for service-to-service, batch, and platform workloads across common integration points (e.g., APIs, data pipelines, messaging platforms).
• Partner with application and platform teams on service account migration, secrets reduction, and policy-driven runtime identity models; delegate and coordinate implementation work as appropriate.

Emerging Identity Use Cases:

• Support identity integration patterns for AI-assisted and automated workloads, including delegated human context via standard OIDC flows where applicable.
• Contribute to monitoring and logging approaches that help teams distinguish routine machine activity from anomalous authentication behavior.
• Stay current on evolving identity requirements for agentic workloads and recommend practical adoption paths aligned to enterprise standards.

Identity Platform & Integration Engineering:

• Build and maintain identity integration capabilities across authorization servers, API gateways / API management, and reusable implementation patterns.
• Implement multi-account identity patterns that support developer self-service, automation, and reliable token-based access without over-scoped or long-lived credentials.
• Partner with Cloud Engineering on workload identity integration across AWS, GCP, and/or Azure (e.g., IAM roles, workload identity federation, managed identities).
• Troubleshoot complex authentication and authorization issues across hybrid and multi-cloud environments.

Security, Zero Trust & Governance:

• Apply Zero Trust principles - least privilege, scoped access, and policy enforcement through tokens, scopes, and authorization boundaries.
• Partner with Security on identity-related logging, SIEM integration, audit requirements, and compliance for authentication and authorization events.
• Support governance for OAuth application registration, client credential issuance, scope approval, and entitlement review.
• Lead architecture reviews for identity integrations and enforce enterprise standards during implementation.

Integration Modernization & Standards:

• Drive SAML OIDC migration work and legacy auth modernization across internal platforms, SaaS integrations, and custom applications.
• Create and maintain documented, reusable guides for OAuth applications, M2M integrations, service account migrations, and developer onboarding.
• Influence engineering teams through design reviews, standards documentation, working sessions, and cross-functional working groups.
• Evaluate emerging identity capabilities and recommend practical adoption aligned to business and security outcomes.

Leadership, Mentoring & Delivery:

• Lead and drive identity modernization initiatives - prioritize work, set direction for workstreams, and ensure progress against enterprise goals.
• Mentor peer architects, identity engineers, and partner-team engineers on OAuth/OIDC best practices, secure integration patterns, and architectural decision-making.
• Delegate and coordinate implementation tasks across the identity team and partner groups - clear ownership, follow-through, and quality without requiring hands-on execution of every detail.
• Break down complex programs into actionable work packages; guide others through migrations, integrations, and standards adoption.
• Improve identity observability - authentication event streams, token lifecycle metrics, integration health, and operational visibility for critical identity services.
• Lead incident response and root-cause analysis for authentication, authorization, and token-related issues; mentor others through complex fixing.
• Participate in on-call rotation and provide after-hours support for critical identity platform incidents as required.
• Additional responsibilities as assigned.

Qualifications

What you'll bring with you:

• 7+ years of experience in identity and access management, security engineering, or platform/integration roles, with 3+ years hands-on with OAuth 2.0 / OpenID Connect in production environments.
• Solid, practical expertise in OAuth 2.0 / 2.1 and OpenID Connect - including authorization code + PKCE, client credentials, token refresh, and common enterprise integration patterns.
• Working understanding of ID token vs. access token separation, scope design, claims usage, token lifetime management, and common security risks including replay, leakage, and over-scoped tokens.
• Experience implementing machine identity (M2M) patterns - OAuth client credentials, API service applications, and/or cloud workload identities in place of long-lived API keys or service accounts.
• Experience modernizing identity integrations - SAML or legacy auth to OIDC migrations, or greenfield OIDC implementations following enterprise standards.
• Ability to design and deliver reliable identity integrations at scale - multi-application IdP deployments, API management integration, and patterns that development teams can reuse.
• Demonstrated ability to lead technical initiatives, mentor peers and engineers, and delegate work while maintaining quality and security standards.
• Working knowledge of cloud-native identity in at least one major platform (AWS, GCP, or Azure) - IAM, workload identity federation, managed identities, and secrets management integration.
• Experience with identity logging and troubleshooting - authentication event analysis and operational support for production identity services.
• Strong communication and influence skills - ability to partner with Security, Engineering, and application teams; produce clear documentation and diagrams; and drive adoption across diverse teams.
• Demonstrated success in security-conscious or regulated environments with documentation, least-privilege practices, and structured change management.
• Self-directed with strong prioritization skills; comfortable operating in complex, multi-stakeholder enterprise contexts.

Why you might stand out from other talent:

• Deeper experience with non-human identity governance - API identities, application identities, machine workloads, and entitlement lifecycle management.
• Hands-on work with agentic / AI identity patterns or high-velocity delegated authorization use cases.
• Experience integrating identity with API gateways, data platform access controls (e.g., Kafka, Ranger), or service-to-service security at scale.
• Familiarity with workload identity standards (SPIFFE/SPIRE) or policy engines (OPA, Cedar) for authorization beyond token scopes.
• Experience building or significantly extending identity platform capabilities - not only configuring individual application integrations.
• Background with enterprise IdP platforms (e.g., Okta, Azure AD / Entra ID, Auth0, Ping) across multiple applications and environments.
• Track record leading cross-team identity programs with measurable delivery against migration, standards, or platform goals.
• Contributions to standards, migration playbooks, or cross-team initiatives that improved security posture or developer experience.
• Relevant certifications (e.g., CISSP, cloud security specialty) or equivalent demonstrated expertise.
• Scripting or automation skills (Python, Bash, or similar) for identity operations, validation, or integration tooling.

Additional Information

When You Join Us, We'll Create Something EPIC Together

Epsilon is a global data, technology and services company that powers the marketing and advertising ecosystem. For decades, we've provided marketers from the world's leading brands the data, technology and services they need to engage consumers with 1 View, 1 Vision and 1 Voice. 1 View of their universe of potential buyers. 1 Vision for engaging each individual. And 1 Voice to harmonize engagement across paid, owned and earned channels.

Epsilon's comprehensive portfolio of capabilities across our suite of digital media, messaging and loyalty solutions bridge the divide between marketing and advertising technology. We process 400+ billion consumer actions each day using advanced AI and hold many patents of proprietary technology, including real-time modeling languages and consumer privacy advancements. Thanks to the work of every employee, Epsilon has been consistently recognized as industry-leading by Forrester, Adweek and the MRC. Epsilon is a global company with more than 9,000 employees around the world.

Our pillars aren't just words. They're how we show up every day.

• People centricity: We focus on employee well-being in an environment where colleagues truly care about each other.
• Collaboration: We work together, support one another, and collectively achieve goals.
• Growth: There are endless opportunities for growth through learning, development and career advancement.
• Innovation: We drive progress through cutting-edge solutions and forward-thinking approaches.
• Flexibility: We've created a balance between work and personal life, and we encourage adaptability to solve problems creatively.

Our values guide us to create value for our clients, our people and consumers.

• Act with integrity
• Work together to win together
• Innovate with purpose
• Respect all voices
• Empower with accountability

These pillars and values are our foundation - shaping our culture, guiding our decisions, and uniting us in common purpose.

Because You Matter

As an Epsilon employee, you deserve perks and benefits that put you, your family and your finances first. Our benefits encompass a wide range of offerings, including but not limited to the following:

• Time to Recharge: Flexible time off (FTO), 15 paid holidays
• Time to Recover: Paid sick time
• Family Well-Being: Parental/new child leave, childcare & elder care assistance, adoption assistance
• Extra Perks: Comprehensive health coverage, 401(k), tuition assistance, commuter benefits, professional development, employee recognition, charitable donation matching, health coaching and counseling

Epsilon benefits are subject to eligibility requirements and other terms.

Epsilon is an Equal Opportunity Employer. Epsilon's policy is not to discriminate against any applicant or employee based on actual or perceived race, age, sex or gender (including pregnancy), marital status, national origin, ancestry, citizenship status, mental or physical disability, religion, creed, color, sexual orientation, gender identity or expression (including transgender status), veteran status, genetic information, or any other characteristic protected by applicable federal, state or local law. Epsilon also prohibits harassment of applicants and employees based on any of these protected categories. Epsilon will provide accommodations to applicants needing accommodations to complete the application process. Please reach out to LeaveofAbsence@epsilon.com to request an accommodation.

For San Francisco Bay and Los Angeles Areas: Epsilon will consider for employment qualified applicants with criminal histories in a manner consistent with the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance and San Francisco Police Code Sections 4901-4919, commonly referred to as the San Francisco Fair Chance Ordinance. Applicants with criminal histories are welcome to apply. #LI-ML1

Compensation Range: USD $127,900.00 - USD $237,500.00/Annually. This is the pay range the Company believes it will pay for this position at the time of this posting. Consistent with applicable law, compensation will be determined based on the skills, qualifications, and experience of the applicant along with the requirements of the position, and the Company reserves the right to modify this pay range at any time. Temporary roles may be eligible to participate in our freelancer/temporary employee medical plan through a third-party benefits administration system once certain criteria have been met. Temporary roles may also qualify for participation in our 401(k) plan after eligibility criteria have been met. For regular roles, the Company will offer medical coverage, dental, vision, disability, 401k, and paid time off. The Company anticipates the application deadline for this job posting will be 7/29/2026.