Staff IAM Engineer

What you will do

• Support implementation and operations of our Identity Governance & Administration (IGA) platform to ensure employees gain appropriate access for their role, approvals are captured, and access is revoked efficiently upon separation
• Access control design as a security control by defining and enforcing RBAC standards for sensitive systems
• Continuous improvement of identity controls by reducing standing privileges and hardening authentication policies (SSO, MFA)
• Lead the integration of new SaaS applications into our SSO (Single Sign-On) and MFA (Multi-Factor Authentication) ecosystem, providing security oversight for business systems implementations and operations
• Evolve our corporate device trust program so only compliant devices can access corporate and production systems
• Support endpoint security efforts including security policies, controls, and vulnerability management across macOS and Windows
• Partner with Security Detection & Response to ensure visibility into corporate systems, including development of scripts and integrations as needed
• Partner with Trust & Compliance to streamline or automate evidence collection to support internal and independent audits (e.g., SOC2)
• Conduct periodic access reviews and audits; investigate and resolve identity- and access-related security incidents
• Design, document, and execute plans to identify gaps and continuously improve access management lifecycle and identity architecture

What we are looking for

• 4+ years of experience in security-focused software engineering, corporate engineering, IT, and/or program management
• Demonstrated ability to identify risks and vulnerabilities in IT and business systems, balance risk with company priorities, and communicate risk to stakeholders
• Strong understanding of IAM protocols and standards, including SAML 2.0, OIDC, SCIM, LDAP, OAuth, and familiarity with X.509
• Experience with IdP and identity tooling (e.g., Okta, Active Directory, Google Workspace), including defining and enforcing Role-Based Access Control (RBAC) policies and Least Privilege principles across enterprise applications
• Familiarity with endpoint engineering for macOS and Windows
• SW Eng/Dev engineering and DevOps proficiency: Python and/or Go, Terraform, GAM scripting, Powershell scripting, JSON, Javascript
• Demonstrated experience deploying new IT systems and processes across the organization with high user satisfaction
• Strong analytical and problem-solving skills, attention to detail, and ability to operate independently with a high level of ownership
• Experience with Okta, Salesforce, NetSuite, Workday, GCP, GWP, Microsoft Entra/Azure/Intune, JAMF
• Backend and API testing/experience is a plus

Compensation and Benefits

• Base Salary Range: $170,000 - $190,000
• 100% health coverage for employees (medical, dental, and vision), and 75% coverage for dependents with buy-up plan options available
• Market-leading leave policies, including gender-neutral parental leave and compassionate leave
• Family forming support through Maven for you and your partner
• Paid time off
• Monthly stipends for wellbeing, hybrid work, and (if applicable) cell phone use
• Mental health support through Modern Health, including therapy, coaching, and digital tools
• Pre-tax commuter benefits (US Employees)
• 401(k) plan with Fidelity with employer match (US Employees)