Jobs · Engineering · Massachusetts

Senior Identity Access Management Engineer

Roku · Boston, MA · 2 wk ago
HybridEngineering$158k–$279k/yrFull-time

About the role

Roku is seeking a senior-level Identity Engineer to enhance its Zero-Trust architecture, drive standardization initiatives, and optimize its Microsoft-centric identity platform for a geographically distributed workforce. The ideal candidate has hands-on experience in identity and access management (IAM) and securing cloud environments within the Microsoft ecosystem, with deep expertise in Azure Entra ID. Equally important is a strong automation mindset—designing, scripting, and building repeatable workflows.

Responsibilities

  • Lead enterprise-wide IAM standardization, including identity lifecycle, access governance, and policy enforcement across global regions.
  • Drive automation across IAM to streamline administration and deliver a smoother user experience.
  • Support enterprise applications onboarding into Azure Entra ID, including SSO, Conditional Access, and role-based access control (RBAC).
  • Enhance privileged access management and implement scalable monitoring, alerting, and auditability solutions to support a secure, geographically distributed workforce.
  • Collaborate with IT, Networking, and Security teams to troubleshoot identity-related issues and support global infrastructure initiatives.
  • Advance Zero Trust Identity Fabric principles like continuous verification, least-privilege access, and identity-aware policy enforcement across users, devices, workloads, and non-human identities.
  • Build identity automation with a DevOps mindset, writing scripts, developing pipelines, and engineering tooling from scratch rather than just configuring them.

Requirements

  • 8+ years of hands-on experience with identity and access management and automating cloud technologies, particularly within the Microsoft ecosystem.
  • Strong analytical skills and attention to detail, with the ability to troubleshoot complex infrastructure and identity-related issues.
  • Excellent communication skills, with the ability to clearly explain technical concepts to both technical and non-technical stakeholders.
  • Deep experience with Microsoft Entra ID, including Conditional Access, Identity Governance, and Privileged Identity Management.
  • Familiarity with Microsoft 365 services: Exchange Online, Defender, Purview, Sentinel, Intune, and related platforms.
  • Automation and scripting skills using PowerShell, Azure CLI, and Microsoft Graph API; working knowledge of Azure services such as Function Apps and Logic Apps.
  • Experience in onboarding and managing enterprise applications in Azure Entra ID.
  • Advanced knowledge of Azure Single Sign-On (SSO) login methods, including OAuth2, OpenID Connect, and SAML, and their integration with enterprise applications.
  • Knowledge of privileged access tools (Azure PIM, CyberArk, etc), secrets management (HashiCorp or Azure Key Vault), and workload identity patterns SPIFEE & SPIRE.
  • Good to have familiarity with Microsoft Purview for DLP and data classification.
  • Strong understanding of multi-factor authentication and FIDO2.
  • Familiarity with IT security frameworks and compliance standards.
  • Knowledge of logging, monitoring, and alerting practices for identity and access events.
  • Basic understanding of email security and DNS.
  • Experience with backup and recovery strategies for identity-related services.
  • Understanding of Zero Trust Architecture principles.
  • Familiarity with Jira and Confluence.

Qualifications

  • B.S. in Computer Science, Information Technology, Engineering, or equivalent experience.

Skills

  • Hands-on experience with identity and access management and automating cloud technologies, particularly within the Microsoft ecosystem.
  • Strong analytical skills and attention to detail.
  • Excellent communication skills.
  • Deep experience with Microsoft Entra ID, including Conditional Access, Identity Governance, and Privileged Identity Management.
  • Familiarity with Microsoft 365 services: Exchange Online, Defender, Purview, Sentinel, Intune, and related platforms.
  • Automation and scripting skills using PowerShell, Azure CLI, and Microsoft Graph API.
  • Experience in onboarding and managing enterprise applications in Azure Entra ID.
  • Advanced knowledge of Azure Single Sign-On (SSO) login methods, including OAuth2, OpenID Connect, and SAML.
  • Knowledge of privileged access tools (Azure PIM, CyberArk, etc), secrets management (HashiCorp or Azure Key Vault), and workload identity patterns SPIFEE & SPIRE.
  • Good to have familiarity with Microsoft Purview for DLP and data classification.
  • Strong understanding of multi-factor authentication and FIDO2.
  • Familiarity with IT security frameworks and compliance standards.
  • Knowledge of logging, monitoring, and alerting practices for identity and access events.
  • Basic understanding of email security and DNS.
  • Experience with backup and recovery strategies for identity-related services.
  • Understanding of Zero Trust Architecture principles.
  • Familiarity with Jira and Confluence.

Benefits

  • Health insurance
  • Equity awards
  • Life insurance
  • Disability benefits
  • Parental leave
  • Wellness benefits
  • Paid time off

Similar jobs