Senior Identity Access Management Engineer
Roku · Santa Monica, CA · Yesterday
HybridEngineering$158k–$279k/yrFull-time
About the role
Roku is seeking a senior-level Identity Engineer to enhance its Zero-Trust architecture, drive standardization initiatives, and optimize its Microsoft-centric identity platform for a geographically distributed workforce. The ideal candidate has hands-on experience in identity and access management (IAM) and securing cloud environments within the Microsoft ecosystem, with deep expertise in Azure Entra ID. Equally important is a strong automation mindset—designing, scripting, and building repeatable workflows.
Responsibilities
- Lead enterprise-wide IAM standardization, including identity lifecycle, access governance, and policy enforcement across global regions.
- Drive automation across IAM to streamline administration and deliver a smoother user experience.
- Support enterprise applications onboarding into Azure Entra ID, including SSO, Conditional Access, and role-based access control (RBAC).
- Enhance privileged access management and implement scalable monitoring, alerting, and auditability solutions to support a secure, geographically distributed workforce.
- Collaborate with IT, Networking, and Security teams to troubleshoot identity-related issues and support global infrastructure initiatives.
- Advance Zero Trust Identity Fabric principles like continuous verification, least-privilege access, and identity-aware policy enforcement across users, devices, workloads, and non-human identities.
- Build identity automation with a DevOps mindset, writing scripts, developing pipelines, and engineering tooling from scratch rather than just configuring them.
Requirements
- 8+ years of hands-on experience with identity and access management and automating cloud technologies, particularly within the Microsoft ecosystem.
- Strong analytical skills and attention to detail, with the ability to troubleshoot complex infrastructure and identity-related issues.
- Excellent communication skills, with the ability to clearly explain technical concepts to both technical and non-technical stakeholders.
- Deep experience with Microsoft Entra ID, including Conditional Access, Identity Governance, and Privileged Identity Management.
- Familiarity with Microsoft 365 services: Exchange Online, Defender, Purview, Sentinel, Intune, and related platforms.
- Automation and scripting skills using PowerShell, Azure CLI, and Microsoft Graph API; working knowledge of Azure services such as Function Apps and Logic Apps.
- Experience in onboarding and managing enterprise applications in Azure Entra ID.
- Advanced knowledge of Azure Single Sign-On (SSO) login methods, including OAuth2, OpenID Connect, and SAML, and their integration with enterprise applications.
- Knowledge of privileged access tools (Azure PIM, CyberArk, etc), secrets management (HashiCorp or Azure Key Vault), and workload identity patterns SPIFEE & SPIRE.
- Good to have familiarity with Microsoft Purview for DLP and data classification.
- Strong understanding of multi-factor authentication and FIDO2.
- Familiarity with IT security frameworks and compliance standards.
- Knowledge of logging, monitoring, and alerting practices for identity and access events.
- Basic understanding of email security and DNS.
- Experience with backup and recovery strategies for identity-related services.
- Understanding of Zero Trust Architecture principles.
- Familiarity with Jira and Confluence.
Qualifications
- B.S. in Computer Science, Information Technology, Engineering, or equivalent experience.
Skills
- Hands-on experience with identity and access management and automating cloud technologies, particularly within the Microsoft ecosystem.
- Strong analytical skills and attention to detail.
- Excellent communication skills.
- Deep experience with Microsoft Entra ID, including Conditional Access, Identity Governance, and Privileged Identity Management.
- Familiarity with Microsoft 365 services: Exchange Online, Defender, Purview, Sentinel, Intune, and related platforms.
- Automation and scripting skills using PowerShell, Azure CLI, and Microsoft Graph API.
- Experience in onboarding and managing enterprise applications in Azure Entra ID.
- Advanced knowledge of Azure Single Sign-On (SSO) login methods, including OAuth2, OpenID Connect, and SAML.
- Knowledge of privileged access tools (Azure PIM, CyberArk, etc), secrets management (HashiCorp or Azure Key Vault), and workload identity patterns SPIFEE & SPIRE.
- Good to have familiarity with Microsoft Purview for DLP and data classification.
- Strong understanding of multi-factor authentication and FIDO2.
- Familiarity with IT security frameworks and compliance standards.
- Knowledge of logging, monitoring, and alerting practices for identity and access events.
- Basic understanding of email security and DNS.
- Experience with backup and recovery strategies for identity-related services.
- Understanding of Zero Trust Architecture principles.
- Familiarity with Jira and Confluence.
Benefits
- Global access to mental health and financial wellness support and resources.
- Local benefits include statutory and voluntary benefits which may include healthcare (medical, dental, and vision), life, accident, disability, commuter, and retirement options (401(k)/pension).
- Employees are supported in taking time off, in accordance with local leave policies and other personal needs to support their evolving work and life needs.
Pay
- The estimated annual salary for this position is between $158,000 - $279,000 annually.
Schedule
- This role is eligible for health insurance, equity awards, life insurance, disability benefits, parental leave, wellness benefits, and paid time off.