Senior IAM Engineer

About The Position

Requirements

• 5+ years of experience in an Identity and Access Management, IT security, or systems engineering role.
• Hands-on experience administering Okta in production across the full product suite, including users, groups, applications, authentication policies, and Okta Workflows.
• Deep working knowledge of identity standards and Okta features, including OAuth/OIDC, SAML, SCIM, Okta FastPass, Device Trust, device-bound SSO, and Device Access.
• Proven experience integrating third-party SaaS applications with Okta, including SSO and SCIM provisioning.
• Experience integrating Okta with Microsoft (Entra ID / Active Directory).
• Experience integrating Okta with Workday as the HR system of record driving lifecycle events.
• Experience designing and operating joiner/mover/leaver lifecycle processes at scale.
• Experience partnering with Security teams to implement IAM controls, policies, and best practices for application integrations and access design.
• Experience providing tier 2 and tier 3 end-user support for identity-related issues.
• Strong problem-solving and troubleshooting skills, with a structured, root-cause-driven approach.
• Strong written and verbal communication skills, with the ability to work directly with business, IT, and security stakeholders.

Nice To Haves

• Okta Certified Administrator, Okta Certified Consultant, or Okta Certified Master.
• Experience building AI agents to assist with Okta and IAM management — for example, automating joiner/mover/leaver tasks, triaging access requests, running access reviews, surfacing anomalous sign-in or policy events, and providing self-service support through Slack or other channels.
• Experience scripting and integrating with REST APIs (e.g., Python, JavaScript) to extend Okta and IAM workflows.
• Experience with privileged access management (PAM) tools (e.g., CyberArk, BeyondTrust, Delinea, Keeper).
• Experience supporting IAM in regulated environments (e.g., SOX, SOC 2, HIPAA, PCI).
• Familiarity with Zero Trust principles and conditional/adaptive access design.

Responsibilities

• Administer Okta end to end, including users, groups, applications, authentication policies, sign-on rules, network zones, and Okta Workflows across the full product suite.
• Configure and support Okta authentication and access standards, including OAuth/OIDC, SAML, SCIM, Okta FastPass, Device Trust, device-bound SSO, and Device Access.
• Integrate and manage third-party SaaS applications in Okta, including SSO setup, SCIM-based provisioning and de-provisioning, group push, and role mapping.
• Own Okta's integrations with core enterprise systems, including Microsoft (Entra ID / Active Directory) and Workday as the HR system of record driving joiner, mover, and leaver events.
• Design and operate the joiner/mover/leaver lifecycle, ensuring timely, accurate, and auditable provisioning and de-provisioning across all in-scope applications.
• Ensure application integrations meet security best practices, including least-privilege access, MFA enforcement, strong authentication policies, and well-structured group and role design.
• Partner with the Security team to design and implement Okta and application-level security controls, policies, and risk-based / adaptive access rules.
• Support audit, compliance, and access certification activities (e.g., SOX, SOC 2) with reporting, evidence collection, and periodic access reviews.
• Build and maintain Okta Workflows and other automations to streamline identity processes such as onboarding, offboarding, group membership, and access reviews.
• Provide tier 2 and tier 3 support for IAM-related issues, including triage, root-cause analysis, and remediation, and serve as the escalation point for the helpdesk.
• Document configurations, runbooks, and processes to support team continuity, onboarding, and audit readiness.

Benefits

• Performance-driven compensation
• Competitive base salary with bonus or incentive opportunities, depending on role
• Comprehensive, flexible health benefits
• A range of medical and dental plans to choose from based on your needs, with vision coverage available for you and your family starting on day one.
• Build long-term financial security with a 401(k) through Vanguard, HSA with employer contributions, FSA’s, Employer Paid STD & LTD plans and access to financial planning resources.
• Generous paid time off, company holidays, sick time, and paid parental leave.
• Paid parental leave and childcare support, including employer matching for dependent care FSA.
• Mental health care (6 free virtual or in-person sessions) and wellness programs through Spring Health, EAP access, and additional perks like pet insurance and lifestyle discounts.
• Pre-tax Commuter benefit accounts with an employer match, and programs designed to support different working styles and lifestyles.
• Meal and snack offerings in select offices, plus a stipend to support your day-to-day - whether you’re in the office or working remotely.
• An exceptional NYC office experience Work from our World Trade Center headquarters - featuring thoughtfully designed spaces, natural light, and panoramic skyline views. It’s a space built for collaboration, creativity, and bringing bold ideas to life.
• High-impact work at a category-defining moment Help shape the brand of an AI-native company reinventing homeownership from the ground up.