Senior Corporate Engineer II

About The Position

Requirements

• 7+ years of experience in corporate IT engineering or a related field with a focus on identity and access management (IAM) and enterprise networking.
• 3+ years of hands-on administration of Okta in production (1,000+ users), including SSO integrations (SAML/OIDC), SCIM provisioning, MFA, and policy design.
• 2+ years implementing identity governance and automation using Okta Workflows, Okta Identity Governance (OIG), or an equivalent IGA platform.
• Proficiency with Infrastructure-as-Code and automation: Terraform (required) and at least one scripting language (Python, Bash, or PowerShell).
• Demonstrated experience planning and executing certificate rotations and key management for SAML/TLS across multiple SaaS applications.
• Hands-on experience operating and troubleshooting office network infrastructure (switching, routing, wireless, firewalls) and VPN/zero-trust access using technologies such as Cisco/Meraki, Aruba, and Palo Alto.
• Proven track record leading critical incidents and executing structured change management, including authoring runbooks and conducting post-incident reviews.
• Working knowledge of endpoint management and device trust (e.g., Jamf, Kandji, Intune) and integrating device posture into access controls.
• Bachelor’s degree in Computer Science, Engineering, Information Systems, or equivalent practical experience.

Nice To Haves

• Okta certifications (Administrator, Professional, or Consultant) and/or networking/security certifications (e.g., CCNP, PCNSE).
• Experience building Git-based CI/CD pipelines for identity and network automation (e.g., GitHub Actions, CircleCI) and implementing policy-as-code.
• Familiarity with compliance frameworks and audits (SOX, SOC 2, ISO 27001) and hands-on experience running access reviews and evidence collection.
• Experience administering Google Workspace and/or Microsoft 365 identity and security configurations at scale.
• Exposure to secrets management and PKI (e.g., HashiCorp Vault, AWS KMS) and log/monitoring platforms (e.g., Datadog, Splunk).
• Strong cross-functional communication skills and experience leading complex, multi-stakeholder projects from scoping through delivery.

Responsibilities

• Own the architecture, security, and day-to-day operations of our enterprise Okta tenant, including delivery of Okta Identity Governance (OIG), lifecycle management, SCIM provisioning, SSO integrations (SAML/OIDC), MFA, risk-based policies, and device trust.
• Design and maintain Infrastructure-as-Code for identity and access using Terraform, building reusable modules, guardrails, and automated workflows integrated with HRIS and ITSM systems to achieve least-privilege and timely provisioning/deprovisioning.
• Architect, operate, and continuously improve Instacart’s office network infrastructure (firewalls, routing/switching, wireless) across SF, NYC, and Toronto; drive zero-trust segmentation, observability, capacity planning, and vendor/partner management.
• Lead and participate in incident response for identity and network events, drive rapid mitigation and root-cause analysis, and implement durable remediations through post-incident reviews and change management.
• Standardize and execute certificate and key lifecycles for SAML/TLS across SaaS applications; eliminate manual toil with scripting and robust runbooks that increase reliability and auditability.
• Partner with Security and Compliance to meet controls and audit needs (e.g., access reviews, evidence collection), improve access risk management, and unlock license savings via automated revocation and right-sizing.
• Mentor teammates, elevate documentation and operational excellence, and help shape the roadmap by prioritizing high-impact work in a rapidly evolving environment.

Benefits

• Highly market-competitive compensation and benefits in each location where our employees work.
• New hire equity grant as well as annual refresh grants.
• Flex First remote work policy.