Senior Security IAM Engineer

Description

• Own and evolve Scopely’s modern IAM architecture to support a dynamic, cloud-native environment across AWS, GCP, and SaaS applications
• Design and implement federated identity management (OIDC, SAML, SCIM) and role-based access control (RBAC) / attribute-based access control (ABAC) across internal and external platforms
• Develop scalable access automation solutions for developer self-service, least-privilege access, and ephemeral credentials
• Build and manage enterprise-wide authentication and authorization strategies leveraging modern identity providers like Okta, AWS IAM Identity Center, and Google Cloud IAM
• Partner with security and engineering teams to implement zero-trust principles and enforce adaptive access controls
• Automate provisioning, deprovisioning, and access audits with Infrastructure-as-Code (Terraform, Pulumi) and identity workflows
• Lead IAM threat modeling, access reviews, and anomaly detection to proactively identify misconfigurations or abuse
• Drive adoption of passwordless authentication, MFA everywhere, and just-in-time access to minimize risk
• Collaborate with compliance and security teams to ensure IAM policies align with regulatory requirements (SOC2, ISO27001, etc.)
• Serve as a subject matter expert on identity security, mentoring other engineers and influencing security strategy
• Collaborate with game teams to align workforce and gaming IAM strategies, ensuring seamless integration, security, and compliance across all identity and access management initiatives

• Experience working at a startup or high-scale technology company (FANG, unicorn, or fast-growth SaaS)—you understand how identity needs to scale
• Deep expertise in modern IAM principles—federation, fine-grained access controls, identity lifecycles, and zero-trust authentication
• Strong knowledge of cloud IAM models—AWS IAM, Google Cloud IAM, Azure AD, and their best practices for securing large-scale environments
• Proficiency in at least one programming/scripting language (Python, Go, TypeScript, or similar) for automating IAM workflows
• Hands-on experience with OAuth2, OIDC, SAML, SCIM, and integrating identity providers (Okta, Auth0, AWS IAM Identity Center, Google Workspace)
• Ability to build and manage IAM automation pipelines using Infrastructure-as-Code (Terraform, Pulumi) and CI/CD workflows
• Familiarity with Just-in-Time access management (JIT), ephemeral credentials (AWS STS, Google Workload Identity), and session-based security
• Comfortable working with large-scale distributed systems and developer-friendly IAM models—you know how to support an engineering culture without excessive friction.
• A strong threat modeling and security mindset, with the ability to anticipate risks and proactively mitigate IAM-related attack vectors
• Understanding of Identity and Access Governance and how it can apply in a fast-growth, high-scale environment
• Strong ability to effectively communicate complex IAM concepts, risks, and solutions to both technical and non-technical stakeholders, ensuring alignment with business and security objectives

Must Haves:

• Bachelor's degree in Computer Science, Information Security, or equivalent experience.
• 5+ years of hands-on IAM security engineering experience in a cloud-first, high-scale environment
• Experience designing IAM architectures for global organizations with complex access needs.
• A modern approach to IAM—you embrace automation, least privilege, and identity-aware security rather than legacy solutions
• Experience implementing and operating IAM-related security tools such as AWS IAM Access Analyzer, Google Cloud Policy Intelligence, Okta Workflows, and CIEM (Cloud Infrastructure Entitlement Management) platforms
• You have worked in a fast-growth startup or a high-scale tech company and thrived.
• You are comfortable navigating ambiguity and making data-driven security decisions without requiring explicit direction

Bonus Points for:

• Experience with passwordless authentication (WebAuthn, FIDO2).
• Previous work securing B2B or B2C authentication flows
• Contributions to open-source IAM or security tooling
• Building developer-friendly IAM automation tools that streamline security without adding excessive friction