Full-timeEngineeringIT

Handshake

Senior Security Engineer, IAM

San Francisco, CA

Posted

1mo ago

Type

Full-time

Location

San Francisco, CA

Job Overview

About Handshake Handshake was founded on a simple belief that everyone deserves a path to a great career, regardless of where they went to school or who they know. Today, we power 25 million job seekers, 1 million+ employers, and 1,600 educational institutions. In 2025, we started Handshake AI and built the fastest-growing AI data business in history. We work directly with frontier AI lab researchers to create evaluations, publish benchmarks, and push the boundary of data. We’ve grown from $0 to ~$1B run rate and pay ~$60M to over 30K individuals every month. Why join Handshake now: • Shape how every career evolves in the AI economy, at global scale, with impact your friends, family and peers can see and feel • Partner hand-in-hand with world-class AI labs, Fortune 500 partners and the world’s top educational institutions • Work together with engineers, scientists, operators, and more from Palantir, Meta, Scale AI, and former YC founders • Build a massive, fast-growing business with billions in revenue About the Role Handshake is seeking a Senior Security Engineer to own the architecture, design, and implementation of our enterprise identity automation and governance ecosystem. You’ll define the long-term IAM automation strategy, build resilient and scalable lifecycle workflows, and enable secure-by-default identity operations across SaaS, cloud, and internal platforms. You’ll partner closely with Security, IT Engineering, People Operations, and Product/Platform Engineering to deliver highly automated, auditable, and reliable identity solutions. In this role, you will: • Architect, build, and own automated onboarding, offboarding, and access-change workflows across Okta, Workday, SCIM, and event-driven systems. • Engineer integration layers between identity platforms and internal applications using Python, REST APIs, Webhooks, and Terraform. • Implement error-handling, reconciliation logic, telemetry, and monitoring to ensure reliability and determinism in identity lifecycle events. • Modernize existing provisioning logic and replace manual processes with scalable automation frameworks. • Develop tooling and pipelines enabling version-controlled, testable, observable IAM automation. • Act as a technical owner for Handshake’s IAM ecosystem, including Okta, Google Workspace, GCP, AWS IAM, and internal access systems. • Engineer and optimize authentication & authorization protocols (OIDC, OAuth2, SAML, JWT), fine-grained access policies, and scalable RBAC/ABAC models. • Build custom automation using Okta Workflows or API-driven orchestration. • Design SOC2-compliant access controls, approvals, attestations, and auditability mechanisms. • Build automated access certification systems with full data lineage. • Conduct identity-related incident forensics and implement preventative automation. • Provide cross-functional leadership, setting standards, best practices, and reference architectures for identity automation. • Serve as service owner for IAM automation platforms with accountability for uptime, consistency, and continuous improvement. Desired Capabilities • 4–7+ years of hands-on IAM engineering, identity automation, or identity governance experience. • Strong scripting/automation skills in Python, Node.js, and REST-based integrations. • Experience with IAM platforms such as Okta, Google Workspace/GCP, Azure AD, or similar. • Deep understanding of identity protocols, token flows, SCIM, and distributed lifecycle orchestration. • Experience with Terraform or other infrastructure-as-code frameworks. • Ability to diagnose complex identity issues across SaaS, cloud, and distributed systems. • Strong understanding of DevOps practices, observability, and secure engineering principles. • Demonstrated ownership mindset across architecture, implementation, monitoring, and iterative improvement. Extra Credit • Advanced experience with GCP IAM, Google Workspace IAM, AWS IAM, cross-account access patterns, and policy automation. • Experience with Okta Workflows, SailPoint/IGA, or Privileged Access Management (PAM) solutions. • Experience designing scalable authorization models for high-growth or distributed organizations. • Certifications such as Okta Architect, Azure Identity Engineer, CISSP. • Prior experience in SaaS, high-growth, or distributed engineering environments. Perks Handshake delivers benefits that help you feel supported—and thrive at work and in life. The below benefits are for full-time US employees. 🎯 Ownership: Equity in a fast-growing company 💰 Financial Wellness: 401(k) match, competitive compensation, financial coaching 🍼 Family Support: Paid parental leave, fertility benefits, parental coaching 💝 Wellbeing: Medical, dental, and vision, mental health support, wellness stipend 📚 Growth: Learning stipend, ongoing development 💻 Remote & Office: Internet, commuting, and free lunch/gym in our SF office 🏝 Time Off: Flexible PTO, 15 holidays + 2 flex days 🤝 Connection: Team outings & referral bonuses Explore our mission, values, and comprehensive US benefits at joinhandshake.com/careers .

Core Requirements

EngineeringIT