Senior Corporate Engineer

Instacart

. Own the architecture, security, and day-to-day operations of our enterprise Okta tenant, including delivery of Okta Identity Governance (OIG), lifecycle management, SCIM provisioning, SSO integrations (SAML/OIDC), MFA, risk-based policies, and device trust.

Posted 5/7/2026full-timeRemote • California, Connecticut, New Jersey, New York • 🇺🇸 United StatesSenior💰 $156,000 - $197,500 per yearWebsite

Tech Stack

Tools & technologies

FirewallsITSMJamfPythonSwitchingTerraform

About the role

Key responsibilities & impact

Own the architecture, security, and day-to-day operations of our enterprise Okta tenant, including delivery of Okta Identity Governance (OIG), lifecycle management, SCIM provisioning, SSO integrations (SAML/OIDC), MFA, risk-based policies, and device trust.
Design and maintain Infrastructure-as-Code for identity and access using Terraform, building reusable modules, guardrails, and automated workflows integrated with HRIS and ITSM systems to achieve least-privilege and timely provisioning/deprovisioning.
Architect, operate, and continuously improve Instacart’s office network infrastructure (firewalls, routing/switching, wireless) across SF, NYC, and Toronto; drive zero-trust segmentation, observability, capacity planning, and vendor/partner management.
Lead and participate in incident response for identity and network events, drive rapid mitigation and root-cause analysis, and implement durable remediations through post-incident reviews and change management.
Standardize and execute certificate and key lifecycles for SAML/TLS across SaaS applications; eliminate manual toil with scripting and robust runbooks that increase reliability and auditability.
Partner with Security and Compliance to meet controls and audit needs (e.g., access reviews, evidence collection), improve access risk management, and unlock license savings via automated revocation and right-sizing.
Mentor teammates, elevate documentation and operational excellence, and help shape the roadmap by prioritizing high-impact work in a rapidly evolving environment.

Requirements

What you’ll need

7+ years of experience in corporate IT engineering or a related field with a focus on identity and access management (IAM) and enterprise networking.
3+ years of hands-on administration of Okta in production (1,000+ users), including SSO integrations (SAML/OIDC), SCIM provisioning, MFA, and policy design.
2+ years implementing identity governance and automation using Okta Workflows, Okta Identity Governance (OIG), or an equivalent IGA platform.
Proficiency with Infrastructure-as-Code and automation: Terraform (required) and at least one scripting language (Python, Bash, or PowerShell).
Demonstrated experience planning and executing certificate rotations and key management for SAML/TLS across multiple SaaS applications.
Hands-on experience operating and troubleshooting office network infrastructure (switching, routing, wireless, firewalls) and VPN/zero-trust access using technologies such as Cisco/Meraki, Aruba, and Palo Alto.
Proven track record leading critical incidents and executing structured change management, including authoring runbooks and conducting post-incident reviews.
Working knowledge of endpoint management and device trust (e.g., Jamf, Kandji, Intune) and integrating device posture into access controls.
Bachelor’s degree in Computer Science, Engineering, Information Systems, or equivalent practical experience.

Benefits

Comp & perks

Highly market-competitive compensation
New hire equity grant
Annual refresh grants

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

OktaIdentity GovernanceSCIM provisioningSSO integrationsMFATerraformPythonBashPowerShellSAML/TLS

Soft Skills

incident responseroot-cause analysismentoringdocumentationoperational excellenceprioritizationcollaborationcommunicationleadershipchange management