Client Platform Engineer, AI & Automation

Nextdoor•San Francisco, CA

21h•$140,000 - $150,000•Hybrid

About The Position

As a Client Platform Engineer, you will connect IT and Engineering for AI tools and automation at Nextdoor. As more teams start using AI agents, assistants, and connectors, you will manage the IT platforms that keep these tools safe and scalable. This includes handling identity and access for non-human and user-delegated agent identities in Okta, overseeing governance and reviews for new agents and MCP connectors, tracking usage and adoption, and managing costs and licenses to keep our AI use sustainable. You will work with teams in Business Technology, Engineering, Security, and Finance to create processes that help teams launch AI tools quickly while following IT guidelines. Your work will help make AI a valuable resource across the company. At Nextdoor, we operate in an AI-first environment and expect every team member to actively use AI tools as part of their workflow. We aren't looking for prompt engineers; we’re looking for people who use tools like Claude, Gemini, ChatGPT, and Glean to challenge their own thinking and take full ownership of AI-assisted outputs. We also offer a warm and inclusive work environment that embraces a hybrid employment model, blending an in office presence and work from home experience for our valued employees. The hiring team will go over these expectations with you if you are being considered for a role near one of our offices in San Francisco, Los Angeles, Chicago, Dallas, New York, and London.

Requirements

5+ years in IT engineering, client platform engineering, or IAM-focused security engineering, with clear ownership of production identity and access systems. And/or the ability to perform at an advanced level in the domain
Deep hands-on Okta administration experience, including SSO/SAML/OIDC, SCIM, group rules, sign-on policies, and access certification, with a strong understanding of audit and SOX implications
Working knowledge of OAuth 2.0, OIDC, and service account or workload identity patterns across Google Cloud and AWS, including the ability to spot anti-patterns (e.g., domain-wide delegation, over-scoped service account keys) before they reach production
Comfortable writing scripts to automate IT operations in Python, Bash, or similar, and experience operating CI/CD or scheduled-job patterns (GitHub Actions, cron) for IT automation.
Hands-on experience with AI development tools (Claude, GitHub Copilot, LangChain, etc.) as a practitioner, not just an administrator
Familiarity with at least one observability platform, with Datadog preferred, including building dashboards, alerts, and ingestion pipelines from third-party APIs
Strong written communication and the ability to author internal standards, runbooks, and review documentation that other teams will actually use

Nice To Haves

Direct experience with Claude Enterprise, GitHub Copilot, Cursor, or comparable AI tooling deployed at enterprise scale, including license and seat governance
Working knowledge of MCP (Model Context Protocol), agent integration patterns, or comparable agent-to-tool connector frameworks
Background working alongside Engineering on shared platform tooling, with the ability to operate at the boundary of IT and Engineering ownership
Experience with Jamf Pro and macOS endpoint management
Prior involvement in SOX access certification or quarterly UAR processes
Experience evaluating SaaS vendors and MCP or connector marketplaces for security posture, data flow, and supply-chain risk
Experience with AI governance frameworks (NIST AI RMF, ISO 42001, EU AI Act)
Familiarity with Workato, Tray.io, Okta Workflows, or other iPaaS platforms
IT certifications (Okta, Jamf, Google Cloud, AWS, or similar)

Responsibilities

Design and operate the identity, access, and credential lifecycle for AI agents at Nextdoor, including non-human and user-delegated identities in Okta, OAuth 2.0, and OIDC scope minimization, and canonical authentication patterns (user OAuth, service accounts, workload identity federation) that teams default to alongside Nextdoor's existing Network and AV Standards
Build and run review processes for AI agents and connectors, covering pre-production review of agent tool surfaces, data scopes, and blast radius; intake review for new MCP servers and third-party connectors (vendor diligence, OAuth scope approval, hosted vs. self-hosted decisions); and the underlying policy framework for registration, data classification, and human-in-the-loop requirements
Maintain a centralized registry of AI agents and tooling deployed across Nextdoor, and own the associated telemetry, including Datadog dashboards, vendor analytics ingestion (e.g., the Anthropic Enterprise Analytics API), and recurring department-level adoption reporting for IT and executive leadership
Own seat governance and cost controls across Nextdoor's AI tool portfolio (Claude Enterprise, Cursor, Copilot, and emerging tools), including per-user and per-org spend caps, multi-tenant license allocation across vendor organizations, quarterly access reconciliation against Okta, and monthly budget reviews for IT and Finance
Participate in in-person Nextdoor events such as trainings, off-sites, volunteer days, and team building exercises
Build in-person relationships with team members and contribute to Nextdoor’s company culture