Senior Security Engineer, IAM

Handshake

Senior Security Engineer designing and implementing enterprise identity automation systems for Handshake. Collaborating with engineering teams to optimize IAM processes and protocols for secure operations.

Posted 6/25/2026full-timeSan Francisco • California • 🇺🇸 United StatesSenior💰 $176,000 - $220,000 per yearWebsite

Tech Stack

Tools & technologies

AWSAzureCloudDistributed SystemsGoogle Cloud PlatformJavaScriptNode.jsPythonTerraform

About the role

Key responsibilities & impact

Architect, build, and own automated onboarding, offboarding, and access-change workflows across Okta, Workday, SCIM, and event-driven systems.
Engineer integration layers between identity platforms and internal applications using Python, REST APIs, Webhooks, and Terraform.
Implement error-handling, reconciliation logic, telemetry, and monitoring to ensure reliability and determinism in identity lifecycle events.
Modernize existing provisioning logic and replace manual processes with scalable automation frameworks.
Develop tooling and pipelines enabling version-controlled, testable, observable IAM automation.
Act as a technical owner for Handshake’s IAM ecosystem, including Okta, Google Workspace, GCP, AWS IAM, and internal access systems.
Engineer and optimize authentication & authorization protocols (OIDC, OAuth2, SAML, JWT), fine-grained access policies, and scalable RBAC/ABAC models.
Build custom automation using Okta Workflows or API-driven orchestration.
Design SOC2-compliant access controls, approvals, attestations, and auditability mechanisms.
Build automated access certification systems with full data lineage.
Conduct identity-related incident forensics and implement preventative automation.
Provide cross-functional leadership, setting standards, best practices, and reference architectures for identity automation.
Serve as service owner for IAM automation platforms with accountability for uptime, consistency, and continuous improvement.

Requirements

What you’ll need

4–7+ years of hands-on IAM engineering, identity automation, or identity governance experience.
Strong scripting/automation skills in Python, Node.js, and REST-based integrations.
Experience with IAM platforms such as Okta, Google Workspace/GCP, Azure AD, or similar.
Deep understanding of identity protocols, token flows, SCIM, and distributed lifecycle orchestration.
Experience with Terraform or other infrastructure-as-code frameworks.
Ability to diagnose complex identity issues across SaaS, cloud, and distributed systems.
Strong understanding of DevOps practices, observability, and secure engineering principles.
Demonstrated ownership mindset across architecture, implementation, monitoring, and iterative improvement.

Benefits

Comp & perks

Equity in a fast-growing company
401(k) match, competitive compensation, financial coaching
Paid parental leave, fertility benefits, parental coaching
Medical, dental, and vision, mental health support, wellness stipend
Learning stipend, ongoing development
Internet, commuting, and free lunch/gym in our SF office
Flexible PTO, 15 holidays + 2 flex days
Team outings & referral bonuses

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

PythonNode.jsREST APIsTerraformOIDCOAuth2SAMLJWTRBACABAC

Soft Skills

cross-functional leadershipownership mindsetbest practicesstandards settingcontinuous improvement

Certifications

SOC2 compliance