# Staff IAM Engineer

**Company:** [Ironclad](https://hotfix.jobs/companies/ironclad)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Salary:** $170k – $190k/yr
**Experience:** 4+ years
**Skills:** IAM, Saml 2.0, OIDC, SCIM, Ldap, OAuth, X.509, Okta, Active Directory, Google Workspace, RBAC, Python, Go, Terraform, Powershell Scripting
**Posted:** 2026-06-08

> Own security-critical identity and corporate security controls, managing IAM platforms, SSO/MFA integrations, RBAC policies, and endpoint trust for macOS/Windows environments.

## Job Description

## What you will do
- Support implementation and operations of our Identity Governance & Administration (IGA) platform to ensure employees gain appropriate access for their role, approvals are captured, and access is revoked efficiently upon separation
- Access control design as a security control by defining and enforcing RBAC standards for sensitive systems
- Continuous improvement of identity controls by reducing standing privileges and hardening authentication policies (SSO, MFA)
- Lead the integration of new SaaS applications into our SSO (Single Sign-On) and MFA (Multi-Factor Authentication) ecosystem, providing security oversight for business systems implementations and operations
- Evolve our corporate device trust program so only compliant devices can access corporate and production systems
- Support endpoint security efforts including security policies, controls, and vulnerability management across macOS and Windows
- Partner with Security Detection & Response to ensure visibility into corporate systems, including development of scripts and integrations as needed
- Partner with Trust & Compliance to streamline or automate evidence collection to support internal and independent audits (e.g., SOC2)
- Conduct periodic access reviews and audits; investigate and resolve identity- and access-related security incidents
- Design, document, and execute plans to identify gaps and continuously improve access management lifecycle and identity architecture

## What we are looking for
- 4+ years of experience in security-focused software engineering, corporate engineering, IT, and/or program management
- Demonstrated ability to identify risks and vulnerabilities in IT and business systems, balance risk with company priorities, and communicate risk to stakeholders
- Strong understanding of IAM protocols and standards, including SAML 2.0, OIDC, SCIM, LDAP, OAuth, and familiarity with X.509
- Experience with IdP and identity tooling (e.g., Okta, Active Directory, Google Workspace), including defining and enforcing Role-Based Access Control (RBAC) policies and Least Privilege principles across enterprise applications
- Familiarity with endpoint engineering for macOS and Windows
- SW Eng/Dev engineering and DevOps proficiency: Python and/or Go, Terraform, GAM scripting, Powershell scripting, JSON, Javascript
- Demonstrated experience deploying new IT systems and processes across the organization with high user satisfaction
- Strong analytical and problem-solving skills, attention to detail, and ability to operate independently with a high level of ownership
- Experience with Okta, Salesforce, NetSuite, Workday, GCP, GWP, Microsoft Entra/Azure/Intune, JAMF
- Backend and API testing/experience is a plus

## Compensation and Benefits
- Base Salary Range: $170,000 - $190,000
- 100% health coverage for employees (medical, dental, and vision), and 75% coverage for dependents with buy-up plan options available
- Market-leading leave policies, including gender-neutral parental leave and compassionate leave
- Family forming support through Maven for you and your partner
- Paid time off
- Monthly stipends for wellbeing, hybrid work, and (if applicable) cell phone use
- Mental health support through Modern Health, including therapy, coaching, and digital tools
- Pre-tax commuter benefits (US Employees)
- 401(k) plan with Fidelity with employer match (US Employees)

## Similar roles

- [Sr. Staff System Security Engineer](https://hotfix.jobs/jobs/50fb66cc-9ede-4741-a21c-d4699d9986af) - Shield AI - Dallas, TX - $170k – $250k/yr
- [Staff Risk Analyst](https://hotfix.jobs/jobs/4cda1e53-3f5f-4061-942a-18998b2b4c45) - Earnin - Remote - $170k – $210k/yr
- [Staff Application Security Engineer](https://hotfix.jobs/jobs/ff55e746-da79-4e09-8b3c-ffd76fd9911c) - Ironclad - San Francisco, CA - $170k – $190k/yr
- [Staff Software Engineer, Security Engineering](https://hotfix.jobs/jobs/83d0a0d7-f8a1-4017-a1ae-e2a9ead881e0) - Okta - Bellevue, WA - $174k – $239k/yr
- [Staff GRC Engineer](https://hotfix.jobs/jobs/f6da6721-0570-4815-bd0b-c83a342c4241) - ezCater - Remote - $165k – $210k/yr

**Apply:** https://hotfix.jobs/jobs/7a722d47-b173-4ffc-9981-f10ed9f3ce9c
**Canonical:** https://hotfix.jobs/jobs/7a722d47-b173-4ffc-9981-f10ed9f3ce9c