Senior Identity Access Management Engineer
Roku · Boston, MA · 2 wk ago
HybridEngineering$158k–$279k/yrFull-time
About the role
Roku is seeking a senior-level Identity Engineer to enhance its Zero-Trust architecture, drive standardization initiatives, and optimize its Microsoft-centric identity platform for a geographically distributed workforce. The ideal candidate has hands-on experience in identity and access management (IAM) and securing cloud environments within the Microsoft ecosystem, with deep expertise in Azure Entra ID. Equally important is a strong automation mindset—designing, scripting, and building repeatable workflows.
Responsibilities
- Lead enterprise-wide IAM standardization, including identity lifecycle, access governance, and policy enforcement across global regions.
- Drive automation across IAM to streamline administration and deliver a smoother user experience.
- Support enterprise applications onboarding into Azure Entra ID, including SSO, Conditional Access, and role-based access control (RBAC).
- Enhance privileged access management and implement scalable monitoring, alerting, and auditability solutions to support a secure, geographically distributed workforce.
- Collaborate with IT, Networking, and Security teams to troubleshoot identity-related issues and support global infrastructure initiatives.
- Advance Zero Trust Identity Fabric principles like continuous verification, least-privilege access, and identity-aware policy enforcement across users, devices, workloads, and non-human identities.
- Build identity automation with a DevOps mindset, writing scripts, developing pipelines, and engineering tooling from scratch rather than just configuring them.
Requirements
- 8+ years of hands-on experience with identity and access management and automating cloud technologies, particularly within the Microsoft ecosystem.
- Strong analytical skills and attention to detail, with the ability to troubleshoot complex infrastructure and identity-related issues.
- Excellent communication skills, with the ability to clearly explain technical concepts to both technical and non-technical stakeholders.
- Deep experience with Microsoft Entra ID, including Conditional Access, Identity Governance, and Privileged Identity Management.
- Familiarity with Microsoft 365 services: Exchange Online, Defender, Purview, Sentinel, Intune, and related platforms.
- Automation and scripting skills using PowerShell, Azure CLI, and Microsoft Graph API; working knowledge of Azure services such as Function Apps and Logic Apps.
- Experience in onboarding and managing enterprise applications in Azure Entra ID.
- Advanced knowledge of Azure Single Sign-On (SSO) login methods, including OAuth2, OpenID Connect, and SAML, and their integration with enterprise applications.
- Knowledge of privileged access tools (Azure PIM, CyberArk, etc), secrets management (HashiCorp or Azure Key Vault), and workload identity patterns SPIFEE & SPIRE.
- Good to have familiarity with Microsoft Purview for DLP and data classification.
- Strong understanding of multi-factor authentication and FIDO2.
- Familiarity with IT security frameworks and compliance standards.
- Knowledge of logging, monitoring, and alerting practices for identity and access events.
- Basic understanding of email security and DNS.
- Experience with backup and recovery strategies for identity-related services.
- Understanding of Zero Trust Architecture principles.
- Familiarity with Jira and Confluence.
Qualifications
- B.S. in Computer Science, Information Technology, Engineering, or equivalent experience.
Skills
- Hands-on experience with identity and access management and automating cloud technologies, particularly within the Microsoft ecosystem.
- Strong analytical skills and attention to detail.
- Excellent communication skills.
- Deep experience with Microsoft Entra ID, including Conditional Access, Identity Governance, and Privileged Identity Management.
- Familiarity with Microsoft 365 services: Exchange Online, Defender, Purview, Sentinel, Intune, and related platforms.
- Automation and scripting skills using PowerShell, Azure CLI, and Microsoft Graph API.
- Experience in onboarding and managing enterprise applications in Azure Entra ID.
- Advanced knowledge of Azure Single Sign-On (SSO) login methods, including OAuth2, OpenID Connect, and SAML.
- Knowledge of privileged access tools (Azure PIM, CyberArk, etc), secrets management (HashiCorp or Azure Key Vault), and workload identity patterns SPIFEE & SPIRE.
- Good to have familiarity with Microsoft Purview for DLP and data classification.
- Strong understanding of multi-factor authentication and FIDO2.
- Familiarity with IT security frameworks and compliance standards.
- Knowledge of logging, monitoring, and alerting practices for identity and access events.
- Basic understanding of email security and DNS.
- Experience with backup and recovery strategies for identity-related services.
- Understanding of Zero Trust Architecture principles.
- Familiarity with Jira and Confluence.
Benefits
- Health insurance
- Equity awards
- Life insurance
- Disability benefits
- Parental leave
- Wellness benefits
- Paid time off