Senior Security Engineer, Application Security

About The Position

Requirements

• 4–7+ years of hands-on IAM engineering, identity automation, or identity governance experience.
• Strong scripting/automation skills in Python, Node.js, and REST-based integrations.
• Experience with IAM platforms such as Okta, Google Workspace/GCP, Azure AD, or similar.
• Deep understanding of identity protocols, token flows, SCIM, and distributed lifecycle orchestration.
• Experience with Terraform or other infrastructure-as-code frameworks.
• Ability to diagnose complex identity issues across SaaS, cloud, and distributed systems.
• Strong understanding of DevOps practices, observability, and secure engineering principles.
• Demonstrated ownership mindset across architecture, implementation, monitoring, and iterative improvement.

Nice To Haves

• Advanced experience with GCP IAM, Google Workspace IAM, AWS IAM, cross-account access patterns, and policy automation.
• Experience with Okta Workflows, SailPoint/IGA, or Privileged Access Management (PAM) solutions.
• Experience designing scalable authorization models for high-growth or distributed organizations.
• Certifications such as Okta Architect, Azure Identity Engineer, CISSP.
• Prior experience in SaaS, high-growth, or distributed engineering environments.

Responsibilities

• Architect, build, and own automated onboarding, offboarding, and access-change workflows across Okta, Workday, SCIM, and event-driven systems.
• Engineer integration layers between identity platforms and internal applications using Python, REST APIs, Webhooks, and Terraform.
• Implement error-handling, reconciliation logic, telemetry, and monitoring to ensure reliability and determinism in identity lifecycle events.
• Modernize existing provisioning logic and replace manual processes with scalable automation frameworks.
• Develop tooling and pipelines enabling version-controlled, testable, observable IAM automation.
• Act as a technical owner for Handshake’s IAM ecosystem, including Okta, Google Workspace, GCP, AWS IAM, and internal access systems.
• Engineer and optimize authentication & authorization protocols (OIDC, OAuth2, SAML, JWT), fine-grained access policies, and scalable RBAC/ABAC models.
• Build custom automation using Okta Workflows or API-driven orchestration.
• Design SOC2-compliant access controls, approvals, attestations, and auditability mechanisms.
• Build automated access certification systems with full data lineage.
• Conduct identity-related incident forensics and implement preventative automation.
• Provide cross-functional leadership, setting standards, best practices, and reference architectures for identity automation.
• Serve as service owner for IAM automation platforms with accountability for uptime, consistency, and continuous improvement.

Benefits

• Equity in a fast-growing company
• 401(k) match
• Competitive compensation
• Financial coaching
• Paid parental leave
• Fertility benefits
• Parental coaching
• Medical, dental, and vision
• Mental health support
• Wellness stipend
• Learning stipend
• Ongoing development
• Internet stipend
• Commuting stipend
• Free lunch in our SF office
• Gym access in our SF office
• Flexible PTO
• 15 holidays
• 2 flex days
• Team outings
• Referral bonuses