Software Engineer II - BDX IAM

Booking.comWashington D.C., DC
Onsite

About The Position

Booking.com (USA), Inc, one of the support companies in the United States, is seeking a full time Software Engineer in Washington, DC for the IAM team within the Data and Machine Learning department. The IAM team builds and operates the identity and access management layer for Booking’s central data platform, enabling secure and compliant access to data. The team owns access provisioning, enforcement, and credential management. We focus on ensuring the right people and services have the right access at the right time, with strong guarantees around auditability, compliance, and reliability, while keeping access workflows efficient and scalable. This role focuses on building and operating the identity and access management (IAM) platform for Booking’s data ecosystem across Snowflake and AWS S3. You will design and maintain the systems that control how humans and services access data, ensuring strong guarantees around security, compliance, and auditability, while minimizing friction for users. You will own the full access lifecycle - from identity and role provisioning, to access request flows, to enforcement and audit - integrating across systems. This role sits at the intersection of data platforms, security, and compliance, and is critical to enabling scalable and governed data access across the company.

Requirements

  • 3+ years building backend or platform systems in Java, Python, or similar.
  • Experience designing systems that are observable, fault-tolerant, and operate reliably at scale.
  • Hands-on experience with AWS (IAM, S3) and/or Snowflake or similar data platforms.
  • Experience integrating multiple systems (identity providers, data platforms, SaaS tools) into cohesive workflows.
  • Understanding of RBAC/ABAC, IAM roles and policies, authentication/authorization flows, and credential lifecycle management.
  • Comfortable owning production systems, handling incidents, and improving system performance and reliability over time.
  • Ability to design platforms that are secure by default but easy to use and adopt.

Responsibilities

  • Own the IAM Platform: Design, build, and operate the IAM layer that governs access to BDX data across Snowflake and AWS S3, using Immuta and internal services.
  • End-to-End Access Lifecycle: Implement and maintain the full access lifecycle: identity onboarding, role provisioning, access requests, enforcement, and revocation.
  • Policy Enforcement (Fine-Grained Controls): Enforce ABAC/PBAC policies, masking, row-level filters, and S3 Access Grants to ensure sensitive data is only accessed through approved paths.
  • Compliance, Audit, and SOX Controls: Build and maintain auditability, access logging, and enforceable controls required for SOX and internal governance standards.
  • Reliability, Observability, and Performance: Improve system reliability and reduce access provisioning latency through better observability, retries, and failure handling.
  • Operate in a highly integrated ecosystem (Snowflake, AWS, identity providers) and own the seams between systems.
  • Take full ownership of access correctness - incorrect access is a security issue, not just a bug.
  • Build for auditability by design, not as an afterthought.
  • Continuously reduce friction in access workflows without weakening governance guarantees.

Benefits

  • Medical, life, and disability insurance
  • Annual paid time off and generous paid leave scheme including: parent, grandparent, bereavement, sick, and care leave.
  • Industry leading product discounts for yourself, friends, and family, including automatic Genius Level 3 status.
  • Free access to online learning platforms, mentorship programs, and a complimentary Headspace membership.
  • Collaborative, friendly and diverse culture.
  • Referral Program.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service