Staff Corporate Engineer

Responsibilities

• Define and own the long-term identity architecture strategy for Instacart, setting the technical direction for the Okta identity platform including Okta Identity Governance (OIG), lifecycle management, SCIM provisioning, SSO integrations (SAML/OIDC), MFA, risk-based policies, and device trust.
• Establish and own the IaC engineering standards and platform patterns for identity and access; author reusable Terraform frameworks, guardrails, and automation blueprints.
• Define Instacart's office network architecture strategy and target-state design across SF, NYC, and Toronto; drive the evolution to zero-trust segmentation, set observability and capacity standards, and guide vendor strategy.
• Own the IT endpoint strategy for MDM (both Mac and Windows) to implement and secure workforce endpoints.
• Serve as the technical authority for major IT incidents; own post-incident learning programmes, drive systemic architectural improvements, and define incident response standards.
• Identify opportunities to position Corporate Engineering and IT team at the forefront of AI adoption; build tools to enable next-generation IT.
• Drive the access governance and compliance architecture strategy in partnership with Security Engineering and Compliance; define frameworks for access reviews, evidence collection, and access risk management.
• Act as a technical force multiplier across Corporate Engineering and adjacent teams; develop senior engineers, define team-wide engineering standards and documentation practices, and own the technical roadmap for identity and network platforms.

Requirements

• 10+ years of experience in corporate IT engineering or a related field, with deep expertise in identity and access management (IAM) and endpoint systems.
• 5+ years of hands-on ownership of an enterprise Okta tenant at scale (5,000+ users), including architecture-level decisions across SSO (SAML/OIDC), SCIM provisioning, MFA, risk-based policies, and device trust.
• 3+ years of experience designing and implementing identity governance and automation using Okta Workflows, Okta Identity Governance (OIG), or an equivalent IGA platform.
• Expert-level proficiency with Infrastructure-as-Code: Terraform required, including experience establishing reusable module frameworks and IaC engineering standards. Proficiency in at least one scripting language (Python, PowerShell, or equivalent) and REST API/webhook integration.
• Experience with endpoint management (MDM) systems in a mixed Mac and Windows environment.
• Proven track record of technical leadership across teams, setting architectural direction, defining standards, and driving cross-functional alignment without managerial authority.
• Experience with enterprise network infrastructure (firewalls, routing/switching, wireless) including zero-trust architecture design and multi-site network strategy.
• Strong written and verbal communication; able to articulate technical strategy and architectural trade-offs to both engineers and business stakeholders.

Nice-to-Haves

• Experience working in a high-growth, distributed-workforce environment where workforce security platforms must scale rapidly across new geographies.
• Familiarity with compliance frameworks (SOC 2, ISO 27001) and the ability to translate controls into durable technical implementations.
• Prior experience as a staff-level or principal engineer in a Corporate Engineering or Enterprise IT function.