Security Engineer

### Who you are
- 3+ years of experience in IAM engineering or identity architecture
- Hands-on experience with enterprise identity providers such as Okta, Azure AD, or similar enterprise IAM platforms
- Strong understanding of modern authentication and authorization protocols, including SAML, OAuth 2.0, OIDC, SCIM, and JWT
- Experience designing and implementing RBAC and/or ABAC models in cloud-native environments
- Strong knowledge of AWS IAM, cross-account access models, and cloud identity federation
- Experience securing APIs, service accounts, machine identities, and CI/CD authentication workflows
- Experience with privileged access management concepts and least privilege enforcement
- Experience automating IAM tasks using scripting or infrastructure-as-code tools (i.e., Python, Terraform, or similar infrastructure-as-code tooling)
- Familiarity with identity threat detection and response methodologies
- Bachelor’s degree in Computer Science, Cybersecurity, or related field; relevant certifications (i.e., CISSP, CISM, GIAC, AWS Security Specialty, Okta Certified Professional) or equivalent practical experience will also be considered

### What the job involves
- Identity is foundational to securing modern cloud-native platforms, SaaS ecosystems, and enterprise systems. We are seeking an IAM Security Engineer to support the design, implementation, and continuous improvement of identity and access management controls across workforce identity, SaaS platforms, and production cloud environments
- In this role, you will work closely with Security, IT, and Engineering teams to implement secure authentication and authorization patterns that protect critical systems and data
- Implement authentication and authorization controls across SaaS platforms, cloud infrastructure, and internal applications
- Configure and maintain SSO, MFA, conditional access policies, and federation integrations
- Assist with the evolution of single sign-on (SSO), multi-factor authentication (MFA), conditional access, and zero trust access models
- Assist in design and enforce role-based and attribute-based access control models (RBAC/ABAC) across cloud and SaaS systems
- Validate identity provider integrations, including application onboarding and SCIM provisioning
- Partner with Engineering to secure application authentication flows, API access, service-to-service authentication, and token management
- Harden and optimize identity provider configurations, including lifecycle management, federation, and SCIM provisioning
- Support AWS IAM security, including policy implementation, role configuration, cross-account access management, and identity federation
- Implement privileged access and identity lifecycle controls, including provisioning, deprovisioning, access reviews, entitlement governance, least privilege enforcement, and just-in-time access mechanisms
- Secure APIs, service accounts, and non-human identities used in automation and CI/CD workflows
- Implement and improve identity monitoring and detection capabilities, including anomaly detection, session risk analysis, and identity threat response
- Partner with GRC to support identity-related audits, evidence collection, and control validation across frameworks such as ISO 27001, SOC 2, PCI DSS, and GDPR
- Contribute to incident response efforts involving identity compromise, credential abuse, or unauthorized access events

### Benefits
- Flexible Vacation: WHOOP has a flexible vacation policy that allows you to unwind, laptop-free, when you need it most.
- Focus on Family: We offer 18 weeks paid parental leave, plus an additional 2 weeks to gradually return to work.
- Get Invested: In addition to a competitive base salary and 401k, you're eligible to receive stock options to share in the future of WHOOP.
- WHOOP +1: Everyone on the team gets a complimentary WHOOP membership—plus another membership to share with a loved one.
- Health Matters: Our competitive benefits package covers medical, dental, and vision, in addition to mental health services, life and disability insurance, and more.
- Find Your Fit: Full-time employees get $500 a year to spend on wellness in whatever way they see fit, from fitness classes and memberships, to recovery services.
- It Pays to Sleep: Our Sleep Performance Program incentivizes employees to get more sleep. Log an average sleep performance of 85% or higher for the month and get a $100 bonus.
- Location, Location, Location: You can’t beat the views from the rooftop of One Kenmore Square. Feel inspired daily as you work, enjoy free snacks and coffee, and collaborate in the heart of Boston.