Principal Infrastructure Engineer

Pleasanton, CAFull-time$170k–$230kPosted Jul 7, 2026
Apply

About Blackhawk Network

Today, through BHN’s single global platform, businesses of all kinds can tap into the world’s largest network of branded payment solutions. BHN helps businesses grow revenue, increase loyalty, motivate and reward their teams, disburse funds and engage consumers. Branded payment solutions include the issuance and distribution of gift cards, egifts, corporate payouts and rewards, along with the technology to deliver these products in seamless, integrated ways. BHN’s network spans the globe with more than 400,000 consumer touchpoints. Learn more at BHN.com.

 

Hybrid flexibility: At Blackhawk Network, you’ll enjoy the best of both worlds—focused remote work plus in-person collaboration on Tuesdays and Wednesdays, our regular in-office days at our Pleasanton headquarters. This rhythm gives you the tools, connection, and autonomy you need to make a real impact.

Overview

As a Principal IAM Engineer, you'll lead the strategic vision and technical direction of our identity and access management program, shaping how we leverage IAM principles and emerging technologies to build a world-class identity governance framework. You'll be the technical architect who designs and implements comprehensive IAM solutions across our complex multi-domain environment, establishing the foundational practices and standards that will govern access security for years to come. This role combines deep technical mastery in areas like identity lifecycle management, access governance, privileged access management, and authentication/authorization protocols with influential leadership that guides both technology decisions and organizational IAM maturity. Your work will directly impact the security, compliance, and operational efficiency of our entire organization.

 

YOU'D LOVE THIS JOB IF

  • you're passionate about establishing IAM best practices from the ground up and love the challenge of building a comprehensive identity governance program in a complex, fragmented environment
  • you thrive on being the technical visionary who doesn't just solve today's access and entitlement challenges, but architects the foundational principles and strategies that mature the organization's entire IAM posture
  • you find deep satisfaction in leading and influencing cross-functional teams without direct reports, knowing that your technical guidance and program ownership shapes how the entire organization thinks about identity, access, and security
  • you excel at translating sophisticated IAM concepts into strategic roadmaps that align with compliance requirements (PCI DSS, SOC2, NYDFS) and get stakeholders excited about identity governance investments

Responsibilities

  • Leads the overall strategy & direction of the organization's identity and access management program, serving as the principal architect and program owner
  • Establishes IAM principles, standards, and best practices across identity lifecycle management, identity governance & administration (IGA), privileged access management (PAM), and access request/entitlement processes
  • Designs & implements comprehensive identity governance solutions to consolidate fragmented identity systems (multiple AD domains, Okta tenants) into a unified, compliant architecture
  • Provides technical vision in the deployment of authentication, authorization, provisioning, and access governance technologies across heterogeneous environments
  • Partners with Compliance, Security, and IT Operations teams to ensure IAM solutions meet regulatory requirements and security objectives
  • Develops access request workflows, entitlement models, and identity governance processes that balance security with operational efficiency
  • Mentors and upskills existing IT staff on IAM principles and best practices, building organizational competency in identity management
  • Evaluates emerging IAM technologies and methodologies (zero trust, passwordless authentication, identity threat detection) to keep the organization at the forefront of access security

Qualifications

  • BA + 12+ years experience in identity and access management, directory services, or equivalent relevant experience
  • Technical master in IAM principles and methodologies including identity lifecycle management, role-based access control (RBAC), identity governance & administration (IGA), privileged access management (PAM), and access certification
  • Expert-level understanding of identity protocols and standards such as SAML, OAuth, OIDC, SCIM, LDAP, and Kerberos
  • Deep experience with enterprise directory services (Active Directory, Azure AD) and modern identity platforms; Okta experience highly valued
  • Proven ability to architect and implement IAM solutions in complex, multi-domain environments with legacy system constraints
  • Strong understanding of compliance frameworks (PCI DSS, SOC2, SOX, NYDFS) and how IAM controls support regulatory requirements
  • Experience with ITSM platforms (ServiceNow) for access request and workflow automation
  • Demonstrated ability to build IAM programs from foundational concepts through mature operational state
  • AI fluency with demonstrated experience using AI tools effectively in the context of this role
  • Excellent communication skills with ability to influence senior stakeholders and drive organizational change without direct authority

Benefits

Salary Range for California Residents Only: $170,360.00 to $230,000.00

 

 

Pay is based on several factors including but not limited to education, work experience, certifications, etc. In addition to your salary, Blackhawk Network offers benefits including 401k with employer match, medical, dental, vision, 12 paid holidays in the year 2026, 1 hour of sick pay accrual for every 30 hours worked, parental leave, life insurance, disability insurance, accident and illness insurance, health and dependent care flexible spending accounts, wellness benefits, and flexible time off for all full-time employees. 

EEO Statement

Blackhawk Network provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.  Blackhawk Network believes that diversity leads to strength. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

 

Blackhawk Network encourages applicants with previous criminal records to apply to all positions and, pursuant to the San Francisco and Los Angeles Fair Chance Acts (and other “Fair Chance” laws), Blackhawk Network will consider for employment qualified applicants with arrest and conviction records.  For Philadelphia applicants or jobs, please see a copy of Philadelphia’s ordinance on this topic by clicking this link: https://codelibrary.amlegal.com/codes/philadelphia/latest/philadelphia_pa/0-0-0-280104. 

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free