Michael Metcalf

Security Engineer with 8 years experience in corporate identity and access management programs. Primarily interested in designing, implementing and operating IAM tooling and services.

Currently at Citadel, building identity infrastructure for quantitative researchers and engineering teams alike.

Work Experience

2022 - Present

Citadel LLC

Senior Security Engineer

  • Drove continued adoption of Hashicorp Vault for static and dynamic secrets management across the firm's broad compute footprint.
  • Designed and implemented Configuration and Policy as Code for Hashicorp Vault.
  • Contributed to Github Enterprise Configuration as Code Terraform project.
  • Designed and implemented short-lived privileged access management to Linux hosts
  • Designed and implemented an on-prem to Google Cloud Identity bridge backed by Vault OIDC.
  • Vendor Security Reviews & Line of business application/cloud security oversight.
  • Contributed to an identity provider migration

2017 - 2022

Riot Games

2020 - 2022

Security Engineer – Information Security

  • Tech lead the org-wide identity provider migration. Resulted in 700+ services migrated within a year.
  • Wrote large-scale terraform projects (providers & modules) to support various IAM operations
  • Contributed to refactoring AWS tooling used across the engineering org
  • Implemented serverless event-based logging pipelines for all systems in the IAM stack
  • Vendor/internal security reviews
  • Continued discovery in BeyondCorp Access Proxies for employee use

2018 - 2020

Systems Administrator - Information Security

  • Published internal RFC for identity federation criteria, lead the vendor evaluation and presented findings to security leadership
  • Designed and implemented a RESTful API for LDAP user and group management in Go
  • Integrated corporate AuthZ into player-facing AuthZ to grant access to R&D assets for internal Rioters and contractors
  • Implemented a BeyondCorp Access Proxy proof of concept for intranet sites via Duo Network Gateway
  • Wrote ETLs for various IAM functions/authorization automations
  • Designed and implemented geo/org based authorization pipeline as a compensating GDPR control for all production facing servers to consume.
  • Organized team's codebase and documentation structure
  • Contributed in disaster recovery, incident response, and internal threat scenarios

2017 - 2018

Systems Administrator - Information Technology

  • Defined standards, administrate and document the corporate Identity Provider - Onelogin
  • Assisted internal teams in defining their AuthN/Z tech stack and authorization models against given business requirements
  • Managed vendor relationships for SSO, user lifecycle management, and overall security auditing
  • Core contributor to the Rioter/Vendor onboarding pipeline

2015 - 2017


Desktop Support Services Engineer - Information Technology

  • Managed/Resolved high volumes of emergent operational tickets while maintaining stringent team SLA
  • Supported company-wide AD Domain migration and Email migration from Exchange to Google Apps
  • Wrote knowledge base articles for DSS L1-L3 teams (Pertaining to SAP, PGP, and Cisco/telecom)
  • Wrote macOS software deployment packages and scripts for JAMF
  • Managed enterprise apps

2014 - 2015

AIT Management

Systems Administrator & Trainer

  • Rebuilt and maintained corporate LDAP Directory Services and Identity Provider
  • Administrated enterprise apps and MDM Program
  • Built employee onboarding and IT utility automations
  • Wrote and maintained technical/operational documentation
  • Maintained network infrastructure across 45+ office sites
  • Taught new hire training and onboarding


2016-2017, 2020

Irvine Valley College

My academic history reflects the seasons in life where I have wanted to learn more, even if occupationally it was less relevant. My end goal is to earn a BS in Computer Science.

Hobbies, interests, etc

Collecting typewriters and various mechanical relics.
Vinyl enthusiast (it's not better than digital. It's just different) Exploring natural user interfaces and playing around with grids & lines .


bash - 58x128 ⌘βŒ₯1
                                        Last login: Tue Jun 13 01:42:56 on ttys006
metmac resume.md [metmac/resume/2021]