About the role

Staff Engineer in IAM at Creditas responsible for identity access systems and architecting robust security solutions for cloud environments. Leading strategy and mentoring other security engineers.

Responsibilities

As a Staff Engineer focused on IAM, you will be the top technical authority for Identity and Access strategy at Creditas.
Your mission is to design and implement ecosystems that ensure the right person (or machine) has the right access at the right time for the right reasons.
You will work cross-functionally, influencing everything from corporate access governance to cloud service identities and APIs.
Identity Architecture: Design the long-term IAM architecture, integrating multi-cloud environments, internal applications, and third-party services.
Solution Architecture: Design and review complex authentication and authorization architectures (SSO, MFA, Passwordless) integrated with multi-cloud and on-premise environments.
Privileged Access Management (PAM): Lead the privileged access management strategy to reduce the attack surface.
Automation and Self-Service: Develop tools and automated workflows for provisioning, access reviews and Just-in-Time (JIT) access, reducing operational load and human error.
Machine Identity: Define standards for non-human identities (service accounts, secrets management, and mTLS).
Technical Leadership: Act as a mentor to other security engineers and be the reference point for platform and engineering teams on complex authentication decisions (OAuth2, OIDC, SAML).

Technical Expertise: Deep knowledge of identity protocols (SAML, OAuth2, OpenID Connect) and directories (Active Directory, Okta, Azure AD, or Google Workspace).
Cloud Security: Advanced experience in Cloud IAM (AWS), including complex SCP policies, fine-grained permissions, and identity federation.
Risk Perspective: Ability to balance strong security with the employee experience (UX), avoiding unnecessary bureaucracy.
Experience at Scale: Experience working in environments with thousands of identities and microservices.
Experience implementing Zero Trust Architecture.
Availability for hybrid work: required to attend our office in the Morumbi area of São Paulo once a month for 4 consecutive days, usually during the last or first week of the month (Creditas in Person).

Health Plan (Alice)
Dental Plan (SulAmérica)
Wellz: therapy sessions 100% free
Wellhub: access to gyms and studios
Creditas Endurance: high-impact sports incentive program
Pharmacy partnership (Univers)
Life Insurance (Porto Seguro)
Birthday day off
Extended parental leave: 6 months for birthing parents and 35 days for non-birthing parents
Family Care: maternity and paternity support program
Childcare assistance
Assistance for dependents with disabilities (PWDs)
SESC: access to facilities for you and dependents
Meal Voucher (VR): flexible benefits card (Creditas Card)
Payroll loan (Creditas Benefits)
Salary advance (Creditas Benefits)
Insurance discounts (Minuto Seguros)
Access to exclusive financial education content in the Creditas app
PPR: profit-sharing program
Educational and development incentives
Flexible work model
Free bike parking at the office
Partnered parking at the office (subject to internal availability)