Principal Identity & SaaS Platform Engineer

About The Position

Requirements

• 10+ years of dedicated experience in Identity & Access Management (IAM) and SaaS engineering within a fast-paced, tech-forward enterprise environment.
• Expert-level engineering and architectural experience with Okta (ISPM, Okta Workflows, IGA, and complex inbound/outbound provisioning setups).
• Deep administrative and security knowledge of Google Workspace, Slack, Zoom, and developer tools.
• Strong fundamental knowledge of SAML 2.0, OIDC, OAuth 2.0, SCIM, and API-driven integrations.
• Proven experience designing, auditing, and maintaining IAM controls aligned with SOX, SOC 2, or equivalent frameworks required in a publicly traded landscape.
• Exceptional communication skills with a track record of driving cross-functional initiatives across HR, Security, Software Engineering, and Creative Production teams without direct authority along with the ability to translate technical concepts for both technical and non-technical audiences.
• Regular, on-site attendance at the workplace a minimum of 3 days per week is an essential function of the position. Selected candidate must be able to reliably meet this requirement.

Nice To Haves

• Experience implementing enterprise guardrails around LLM and AI assistant tools is highly desirable.
• Experience with Privileged Access Management (PAM) solutions.
• Familiarity with AWS, Google Cloud Platform (GCP), or Microsoft Azure security services.
• Experience supporting compliance frameworks such as SOX, ISO 27001, SOC 2, or similar standards.
• Experience in media, entertainment, streaming, or technology organizations.
• Strong scripting and automation experience using tools such as PowerShell, Python, or similar languages.
• Familiarity with Infrastructure as Code (IaC) and DevOps practices.
• Experience leading large-scale IAM modernization or cloud transformation initiatives

Responsibilities

• Work with tech leadership to drive the strategic roadmap for our Okta IAM architecture and core SaaS platforms (Google Workspace, Slack, Zoom), ensuring high availability, scalability, and seamless user experiences.
• Design and enforce granular access control policies, adaptive Multi-Factor Authentication (MFA), and Just-In-Time (JIT) provisioning models across all corporate and production systems.
• Partner with HR Ops to architect automated lifecycle workflows for a diverse workforce, including full-time employees, high-turnover production crews, freelancers, and third-party media vendors.
• Collaborate with Cybersecurity to establish data-loss prevention (DLP) guardrails and identity governance for enterprise AI tools (Claude, Cursor, ChatGPT, Gemini Enterprise).
• Define and manage lifecycle frameworks for Non-Human Identities (NHIs) like agents, service accounts, API tokens, and secrets.
• Act as the technical authority on SOX and regulatory compliance within the IAM space for a publicly traded media company.
• Document architectures, review controls, and provide technical guidance and mentorship to an existing team of Senior IAM Engineers.
• Drive continuous improvement through automation, monitoring, and operational excellence.

Benefits

• medical/dental/vision
• insurance
• a 401(k) plan
• paid time off
• other benefits in accordance with applicable plan documents