Hard Rock Digital
Hard Rock Digital

Principal Identity Engineer

engineeringfulltime-permanentRemote job
SALARY
Not listed
WORK TYPE
remote
JOB TYPE
fulltime-permanent
INDUSTRY
gaming
Apply for this position
✦ AutoApply Let us apply to roles like this on your behalf.
Learn more

About the role

What are we building?

Hard Rock Digital is a team focused on becoming the best online sportsbook, casino, and social gaming company in the world. We’re building a team that resonates passion for learning, operating, and building new products and technologies for millions of consumers. We care about each customer interaction, experience, behavior, and insight and strive to ensure we’re always acting authentically.

Rooted in the kindred spirits of Hard Rock and the Seminole Tribe of Florida, Hard Rock Digital taps a brand known the world over as the leader in gaming, entertainment, and hospitality. We’re taking that foundation of success and bringing it to the digital space - ready to join us?

What's the Position?

Identity is the control plane of modern security. In a Zero Trust world, every access decision — for every employee, every administrator, and every machine — flows through the identity systems you will own. We're looking for a Principal Identity Engineer to be the technical authority on how Hard Rock Digital decides who (and what) can access which systems, when, and under what conditions.

This is a deliberately senior, high-trust role — one of three Principal openings reporting directly to our VP Security / CISO — because identity is not a slice of our security program; it is the backbone the rest of it is built on.

You'll be our first dedicated identity hire, inside a 16-person security organization spanning Security Operations, Risk Management, and Architecture & Engineering. Day-to-day provisioning and helpdesk sit with our IT team; your job is architecture, automation, and governance that make access safe.

If you think in terms of blast radius, least privilege, and phishing-resistant authentication — and you like owning a domain end to end rather than a corner of it — you'll feel at home here.

What You'll Do

Identity & Access Architecture

  • Own the security architecture, standards, authentication methods, and roadmap for Microsoft Entra ID, our primary identity provider — partnering with IT on tenant operations
  • Design and continuously refine Conditional Access policies that balance strong protection with a smooth experience for a globally distributed workforce
  • Advance our rollout of phishing-resistant, passwordless authentication (passkeys, certificate-based, FIDO2)
  • Own federation and single sign-on across our SaaS estate (SAML, OIDC, OAuth 2.0, SCIM provisioning)

Privileged & Just-in-Time Access

  • Own our privileged access model using Microsoft Entra PIM — separate admin identities, just-in-time elevation, and approval workflows
  • Design and maintain break-glass procedures and safeguards for our most sensitive administrative paths
  • Reduce standing privilege across the environment and make 'least privilege, just in time' the default

Identity Lifecycle & Access Governance

  • Automate the joiner-mover-leaver lifecycle so access is granted, changed, and revoked accurately and promptly
  • Build and run access reviews and entitlement governance, partnering with our GRC team on audit evidence (ISO 27001, SOC 2, PCI DSS, GLI-19/GLI-33)
  • Make access decisions auditable, explainable, and continuously right sized

Non-Human & Workload Identity

  • Govern service principles, managed identities, and workload/federated credentials across AWS, Azure, and GCP
  • Partner on secrets governance across our secrets management platforms to shrink the number of long-lived, standing secrets
  • Partner with our Principal Cloud & Network Security Engineer, who owns service-to-service authentication (mTLS, service mesh)

Zero Trust Strategy

  • Serve as the identity authority for our Zero Trust program, aligned to NIST SP 800-207 and the CISA Zero Trust Maturity Model (Identity pillar)
  • Partner with our cloud and network security function on identity-aware access through Cloudflare Access
  • Partner with Security Operations to make identity signals (risky sign-ins, privileged elevation, MFA anomalies) first-class inputs to detection and response
✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. Plans from $15/mo. Cancel anytime.
Get AutoApply
Apply now
Principal Identity Engineer at Hard Rock Digital — Remote