Platform Engineer - Identity and Access Management (IAM)

Role Overview

As a Platform Engineer on the Identity Security team, you will design, build, and operate secure-by-design identity infrastructure and tooling. You will make it easier and more secure to implement identity governance and access management for internal users and customers worldwide. As part of the Information Security organization, you will research, implement, and scale innovative solutions to stay ahead of a dynamic threat landscape. The Identity team focuses on reducing risk and friction, eliminating toil, and developing identity platforms across both corporate and production infrastructure.

Responsibilities

• Develop automation and tooling for corporate and customer-facing identity platforms.
• Build, secure, and manage geo-redundant systems and services in AWS and Azure.
• Scale the implementation of Single Sign-On (SSO) integrations across multiple Entra ID tenants using infrastructure-as-code frameworks.
• Build tooling to standardize and scale operational workflows across AWS, Azure, and Google Cloud Platform (GCP).
• Research and drive adoption of emerging authentication protocols, such as passwordless authentication, in collaboration with Security Engineers.
• Partner with Security Compliance Engineers to build services that reduce the cost and complexity of compliance enforcement.

Requirements

• Technical proficiency in identity protocols including SAML, OIDC, LDAP, Kerberos, FIDO2, and WebAuthn.
• Experience managing identities and governance workflows on platforms such as Entra ID, AWS Cognito, or Okta.
• Current UK security clearance (SC or DV level), or eligibility to obtain clearance.
• Experience deploying and operating Linux- or Windows-based infrastructure in AWS, Azure, or Google Cloud.
• Expert-level proficiency in a programming language such as Go (preferred), Python, PowerShell, or TypeScript.
• Experience with infrastructure-as-code frameworks such as Terraform, CloudFormation, Ansible, Puppet, or PowerShell DSC.

Preferred Qualifications

• Minimum 3 years of experience in Site Reliability Engineering (SRE), DevOps, or an equivalent discipline with a strong focus on security.
• A passion for building purpose-built web services that maintain compliance while minimizing impact on productivity.
• Experience strengthening the resilience of critical infrastructure for a globally distributed workforce.