Staff Cybersecurity Engineer, Identity Platform Engineering

About The Position

Requirements

• Experience: 8+ years of relevant experience in IAM / cybersecurity engineering / identity platform engineering (or equivalent practical experience delivering comparable scope).
• IAM Domain Depth: Significant experience across identity lifecycle, governance concepts, authentication/authorization patterns, and privileged access fundamentals, including hands-on experience with a leading enterprise identity platform (e.g., Microsoft Entra ID, Okta) or equivalent.
• Engineering / DevSecOps Foundation: Strong hands-on ability using Go, Python, or PowerShell and Git-based workflows, with experience building CI/CD pipelines, using IaC (Terraform or CloudFormation), and deploying/operating automation in cloud environments (AWS or equivalent).
• Staff-Level Delivery: Demonstrated ability to drive cross-functional initiatives to completion and land changes that persist through standards, automation, and adoption, with a track record of improving operational outcomes through disciplined delivery and reliability practices.
• Operational Ownership: Experience supporting production identity systems with monitoring, incident response, and continuous improvement; comfort operating in an on-call rotation (IAM incidents).
• Delivery Discipline: Proven ability to deliver controlled change with design review, staged rollout, rollback readiness, and operational readiness criteria.
• Collaboration & Influence: Strong written and verbal communication; ability to align stakeholders and drive adoption through clear standards, design reviews, and enablement.

Responsibilities

• IGA Migration & Modernization: Drive modernization and migration of IGA capabilities (requests/approvals, fulfillment, access reviews/certifications, evidence generation) across our IGA environment, including SailPoint and Microsoft Entra ID governance workflows, delivering outcomes that are usable, auditable, and scalable.
• IGA Platform Infrastructure: Build the infrastructure and engineering foundations that make IGA reliable at scale (standard patterns, automation, configuration/versioning approaches, repeatable onboarding, and operational readiness).
• Automation & Platform Engineering: Design and build IAM automation and platform components (APIs, scripts, CLIs, lightweight services/jobs); deploy and operate them in AWS using Git-based delivery, CI/CD pipelines, and IaC, with production-ready basics (monitoring/logging, rollback, runbooks).
• Integration Engineering: Make application onboarding predictable through standard SSO and provisioning approaches (e.g., SAML/OIDC, SCIM), reusable templates/playbooks, and reliability gates; reduce recurring break-fix through operational readiness standards.
• Delivery Practices: Drive an engineering-quality delivery model: design/peer review, automated checks/testing where practical, staged rollouts, rollback plans, and operational readiness for IAM changes.
• Identity Lifecycle Reliability: Improve joiner/mover/leaver processes end-to-end, strengthening lifecycle automation, verified deprovisioning, and access revocation with clear health signals and robust failure handling.
• Modern Authentication/Authorization Patterns: Establish standard authentication and authorization patterns (SSO, MFA, OAuth/OIDC/SAML) with pragmatic exception handling and migration runbooks, including modern policy patterns in Microsoft Entra ID (e.g., Conditional Access).
• Operational Excellence: Treat IAM as a service: improve monitoring and runbooks, participate in incident response and on-call rotation, and drive post-incident improvements that prevent recurrence.
• Cross-Functional Alignment: Orchestrate delivery across HR IT, IT, Enterprise Security, and SOC partners; unblock decisions, communicate tradeoffs clearly, and land standards that are adopted (not just documented).

Benefits

• The successful candidate may be eligible for annual performance bonus and equity awards.
• We offer a comprehensive package of benefits for full-time and part-time employees, their spouse or domestic partner, and children up to age 26, including but not limited to paid vacation, paid sick leave, and a competitive portfolio of insurance benefits including life, medical, dental, vision, short-term disability insurance, and long-term disability insurance to eligible employees. You may also have the opportunity to participate in Rivian’s 401(k) Plan and Employee Stock Purchase Program if you meet certain eligibility requirements. Full-time employee coverage is effective on their first day of employment. Part-time employee coverage is effective the first of the month following 90 days of employment. More information about benefits is available at rivianbenefits.com.