Skip to content
IroncladIroncladSan Francisco, CA

Staff IAM Engineer

Own security-critical identity and corporate security controls, managing IAM platforms, SSO/MFA integrations, RBAC policies, and endpoint trust for macOS/Windows environments.

170k – 190k
Hybrid4+ YOESecurity Engineering

About the role

What you will do

  • Support implementation and operations of our Identity Governance & Administration (IGA) platform to ensure employees gain appropriate access for their role, approvals are captured, and access is revoked efficiently upon separation
  • Access control design as a security control by defining and enforcing RBAC standards for sensitive systems
  • Continuous improvement of identity controls by reducing standing privileges and hardening authentication policies (SSO, MFA)
  • Lead the integration of new SaaS applications into our SSO (Single Sign-On) and MFA (Multi-Factor Authentication) ecosystem, providing security oversight for business systems implementations and operations
  • Evolve our corporate device trust program so only compliant devices can access corporate and production systems
  • Support endpoint security efforts including security policies, controls, and vulnerability management across macOS and Windows
  • Partner with Security Detection & Response to ensure visibility into corporate systems, including development of scripts and integrations as needed
  • Partner with Trust & Compliance to streamline or automate evidence collection to support internal and independent audits (e.g., SOC2)
  • Conduct periodic access reviews and audits; investigate and resolve identity- and access-related security incidents
  • Design, document, and execute plans to identify gaps and continuously improve access management lifecycle and identity architecture

What we are looking for

  • 4+ years of experience in security-focused software engineering, corporate engineering, IT, and/or program management
  • Demonstrated ability to identify risks and vulnerabilities in IT and business systems, balance risk with company priorities, and communicate risk to stakeholders
  • Strong understanding of IAM protocols and standards, including SAML 2.0, OIDC, SCIM, LDAP, OAuth, and familiarity with X.509
  • Experience with IdP and identity tooling (e.g., Okta, Active Directory, Google Workspace), including defining and enforcing Role-Based Access Control (RBAC) policies and Least Privilege principles across enterprise applications
  • Familiarity with endpoint engineering for macOS and Windows
  • SW Eng/Dev engineering and DevOps proficiency: Python and/or Go, Terraform, GAM scripting, Powershell scripting, JSON, Javascript
  • Demonstrated experience deploying new IT systems and processes across the organization with high user satisfaction
  • Strong analytical and problem-solving skills, attention to detail, and ability to operate independently with a high level of ownership
  • Experience with Okta, Salesforce, NetSuite, Workday, GCP, GWP, Microsoft Entra/Azure/Intune, JAMF
  • Backend and API testing/experience is a plus

Compensation and Benefits

  • Base Salary Range: $170,000 - $190,000
  • 100% health coverage for employees (medical, dental, and vision), and 75% coverage for dependents with buy-up plan options available
  • Market-leading leave policies, including gender-neutral parental leave and compassionate leave
  • Family forming support through Maven for you and your partner
  • Paid time off
  • Monthly stipends for wellbeing, hybrid work, and (if applicable) cell phone use
  • Mental health support through Modern Health, including therapy, coaching, and digital tools
  • Pre-tax commuter benefits (US Employees)
  • 401(k) plan with Fidelity with employer match (US Employees)

Skills

IAMSaml 2.0OIDCSCIMLdapOAuthX.509OktaActive DirectoryGoogle WorkspaceRBACPythonGoTerraformPowershell Scripting
Shield AI

Sr. Staff System Security Engineer

Shield AIDallas, TX +1

Lead cybersecurity strategy, architecture, and RMF execution for complex defense aircraft, mission systems, networks, and infrastructure. Requires 8+ years in cybersecurity for integrated defense platforms, strong RMF/STIG knowledge, and cross-functional integration skills.

170k – 250k
On-site8+ YOESecurity Engineering
Earnin

Staff Risk Analyst

EarninUnited States

Owns full fraud risk management lifecycle including strategy, policy design, cross-functional leadership, and analytics in fintech. Requires 7+ years experience, SQL/Python, fraud platforms, and deep credit card knowledge.

170k – 210k
Remote7+ YOESecurity Engineering
Ironclad

Staff Application Security Engineer

IroncladSan Francisco, CA

Leads application security assessments, vulnerability testing, and secure coding practices for a SaaS platform. Requires 3+ years in app sec or software dev, proficiency in TypeScript/JavaScript, security tools like Burp Suite, and cloud experience.

170k – 190k
HybridSecurity Engineering
Okta

Staff Software Engineer, Security Engineering

OktaBellevue, WA +3

Staff-level engineer designing and building security guardrails for multi-cloud environments, translating security standards into code-driven policies. Requires 8+ years in cloud security with deep expertise in Kubernetes, IAM, and Policy-as-Code.

174k – 239k
Hybrid8+ YOESecurity Engineering
ezCater

Staff GRC Engineer

ezCaterUnited States

Senior individual contributor leading GRC program maturity, control automation, data security governance, and AI governance for a SaaS food tech platform. Requires 8+ years in security compliance with strong automation and cross-functional influence skills.

165k – 210k
Remote8+ YOESecurity Engineering