Staff IAM Engineer
About the role
Identity & Corporate Security Engineering at Ironclad involves owning security-critical identity and corporate security controls that protect Ironclad's people, systems, and data. This role requires cross-functional collaboration with IT & Business Systems, Security Detection & Response, Trust & Compliance, and application owners to ensure appropriate access, device trust, and compliance with audit and monitoring requirements.
Responsibilities
- Support implementation and operations of the IGA platform to ensure employees gain appropriate access for their role, approvals are captured, and access is revoked efficiently upon separation.
- Access control design as a security control by defining and enforcing RBAC standards for sensitive systems.
- Continuous improvement of identity controls by reducing standing privileges and hardening authentication policies (SSO, MFA).
- Lead the integration of new SaaS applications into our SSO and MFA ecosystem, providing security oversight for business systems implementations and operations.
- Evolve our corporate device trust program so only compliant devices can access corporate and production systems.
- Partner with Security Detection & Response to ensure visibility into corporate systems, including development of scripts and integrations as needed.
- Partner with Trust & Compliance to streamline or automate evidence collection to support internal and independent audits (e.g., SOC2).
- Conduct periodic access reviews and audits; investigate and resolve identity- and access-related security incidents.
- Design, document, and execute plans to identify gaps and continuously improve access management lifecycle and identity architecture.
Requirements
- 4+ years of experience in security-focused software engineering, corporate engineering, IT, and/or program management.
- Demonstrated ability to identify risks and vulnerabilities in IT and business systems, balance risk with company priorities, and communicate risk to stakeholders.
- Strong understanding of IAM protocols and standards, including SAML 2.0, OIDC, SCIM, LDAP, OAuth, and familiarity with X.509.
- Familiarity with IdP and identity tooling (e.g., Okta, Active Directory, Google Workspace), including defining and enforcing Role-Based Access Control (RBAC) policies and Least Privilege principles across enterprise applications.
- Familiarity with endpoint engineering for macOS and Windows.
- SW Eng/Dev engineering and DevOps proficiency: Python and/or Go, Terraform, GAM scripting, Powershell scripting, JSON, Javascript.
- Demonstrated experience deploying new IT systems and processes across the organization with high user satisfaction.
- Strong analytical and problem-solving skills, attention to detail, and ability to operate independently with a high level of ownership.
- Experience with Okta, Salesforce, NetSuite, Workday, GCP, GWP, Microsoft Entra/Azure/Intune, JAMF.
- Backend and API testing/experience is a plus.
Qualifications
- BS/MS in Computer Science, Information Security, or related field.
- CISSP, CISM, or equivalent certifications preferred.
Skills
- Python and/or Go
- Terraform
- GAM scripting
- Powershell scripting
- JSON
- Javascript
- Okta
- Active Directory
- Google Workspace
- SAML 2.0
- OIDC
- SCIM
- Ldap
- OAuth
- X.509
- SSO (Single Sign-On)
- MFA (Multi-Factor Authentication)
- RBAC (Role-Based Access Control)
- Least Privilege principles
- Endpoint engineering for macOS and Windows
- Security detection and response
- Trust and compliance
- Access reviews and audits
- Identity architecture
Benefits
- 100% health coverage for employees (medical, dental, and vision), and 75% coverage for dependents with buy-up plan options available.
- Market-leading leave policies, including gender-neutral parental leave and compassionate leave.
- Paid time off - take the time you need, when you need it.
- Monthly stipends for wellbeing, hybrid work, and (if applicable) cell phone use.
- Mental health support through Modern Health, including therapy, coaching, and digital tools.
- Pre-tax commuter benefits (US Employees).
- 401(k) plan with Fidelity with employer match (US Employees).
- Regular team events to connect, recharge, and have fun.
Pay
Base Salary Range: $160,000 - $190,000
The actual base salary offered for this position will depend on numerous factors, including individual proficiency, anticipated performance, and the location of the selected candidate.
Our base salary is just one component of Ironclad’s competitive total rewards package, which also includes equity awards (a new hire grant, along with opportunities for additional awards throughout your tenure), competitive health and wellness benefits, and a commitment to career growth and development.