Senior Security Engineer, IAM

Who We Are

At Justworks, you'll enjoy a welcoming and casual environment, great benefits, wellness program offerings, company retreats, and the ability to interact with and learn from leaders in the startup community.

We work hard and care about our most prized asset - our people.

We're helping businesses get off the ground by enabling them to focus on running their business. We solve HR issues. We're data-driven and never stop iterating.

If you'd like to work in a supportive, entrepreneurial environment, are interested in building something meaningful and having fun while doing it, we'd love to hear from you.

We're united by shared goals and shared motivations at Justworks. These are best summed up in our company values, which are reflected in our product and in our team.

Our Values

If this sounds like you, you'll fit right in.

Who You Are

Justworks is looking for a hands-on Senior Security Engineer with an Identity and Access Management (IAM) focus within Digital Security's Security Architecture & Engineering (SAE) function.

With new product lines such as Justworks Payroll and International our IAM use cases are growing. Our workforce and customers are global and require modern approaches to meet our evolving business needs.

You will play a critical role at the intersection of software engineering and identity services design, implementing and rolling out IAM solutions including (but not limited to) fine-grained access controls, zero trust, identity governance, access management, privileged access management, user provisioning / deprovisioning, and federation.

We leverage a number of technologies to power our tools and platform, including AWS, Kubernetes (EKS), Terraform, Datadog, and write our code in Ruby, Python, and Go just to name a few.

Your Success Profile

What You Will Work On

• Design and manage user attribute schemas and attributes, ensuring they accurately reflect business requirements, compliance needs, and security considerations.
• Oversee user lifecycle, including provisioning, deprovisioning, and modification of user accounts, ensuring timely and accurate access management in alignment with security best practices.
• Design, implement, and build new identity security controls to keep the enterprise technologies secure and reliable.
• Provide technical and architectural guidance to product managers, engineers, and corporate IT on all things identity management
• Work with cross-functional partners to enhance customer identity (CIAM) experiences that are cohesive and secure
• Lead the direction of moderately complex and loosely scoped engineering projects as required within the IAM domain
• Stay updated on emerging IAM trends, technologies, and best practices

How You Will Do Your Work

As a Senior Security Engineer, how results are achieved is paramount for your success and ultimately result in our success as an organization.

In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following :

• Good judgment - the exercise of critical thinking, analyzing and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks and developing mitigation strategies, and taking ownership of the outcome.
• Resourcefulness - taking a can-do approach, even in the face of obstacles and constraints by assessing what's in front of you and effectively and efficiently optimizing what you have, whether it's working on something new or thinking about how to do something better.
• Teamwork and communication - putting our collective best together through documentation, collaboration, relationship-building, listening, empathy, recruiting, and evangelism.
• Influence and leadership - fostering a community of knowledge-sharing, collaboration, mentorship, and forward-thinking.
• Skills and knowledge - the capacity to actively learn and apply specific domain knowledge, know-how, and best practices to continually enhance and improve.

In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for :

• Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You're an active listener, treat people respectfully, and have a strong desire to know and help others.
• Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities.

You're curious, ask open questions, and are receptive to thoughts and feedback from others.

• Grit - You demonstrate grit by having the courage to commit and persevere. You're committed, earnest, and dive in to get the job done well with a positive attitude.
• Integrity - Simply put, do what you say and say what you'll do. You're honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example.
• Simplicity - Be like Einstein : "Everything should be made as simple as possible, but no simpler."

What We're Looking For

• You are a pragmatic security engineer with a proven track record of building, operating, and contributing to the architecture of complex Identity Lifecycle and Access Control solutions using industry standards such as RBAC / ABAC / PBAC etc.
• Minimum of 3 years experience in information security concepts, common technical security controls, and security design principles, ideally in a SaaS environment
• Technical proficiency with identity protocols (OpenID Connect, SCIM, OAuth, FIDO2, SAML, Federation, SSO).
• Working experience with Human Resources Information Systems (HRIS) and their integration with IAM solutions for identity lifecycle management.
• In-depth experience with automation and development-based approaches using scripting languages. You understand the challenges of scale for security and leverage automation whenever possible.
• Experience developing privilege management controls using AWS identity services
• You are comfortable teaching and leading teams toward better security outcomes.
• You have excellent verbal and written communication skills and a product-focused mindset to both serve and delight customers
• Experience acting as a tech lead in an agile, high-growth environment
• Experience designing services in public cloud providers (AWS, GCP, Azure)

Nice to Haves

Security Certifications : CISSP, CISM, CRISC, GIAC, CCSP or CEH

The base wage range for this position based in our New York City Office is targeted at $167,000.00 to $205,000.00 per year.

LI-AD1 #LI-Hybrid #LI-JS1

Actual compensation is based on multiple factors that are unique to each candidate, including and not limited to skill set, level of relevant experience, and specific work location.

Salary ranges for positions based in other locations may differ based on the cost of labor in that location.

For more information about Justworks' Total Reward Philosophy, including all of the perks and benefits we are proud to offer our team members, please visit Total Rewards @ Justworks.

Diversity At Justworks

Justworks is committed to maintaining a workplace where diversity of identity, culture, and life experience is the norm and is celebrated authentically and respected consistently.

Diversity in our work, our people, and our product drives creativity and innovation, entrepreneurial leadership and integrity, competitiveness, and collaboration throughout our business and in the market.

We depend on our differences to make our team stronger, our workplace more dynamic, and our product accessible to all of our customers.

We're proud to be an equal opportunity employer open to all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital or familial status, disability, pregnancy, gender identity or expression, veteran status, genetic information, or any other legally protected status.

Justworks is fully dedicated to providing necessary support to candidates with disabilities who may require reasonable accommodations.

We also provide reasonable accommodations to employees based on their sincerely held religious beliefs, as well as for other covered reasons consistent with applicable federal, state, and local laws.

If you're in need of a reasonable accommodation, please reach out to us at redacted . Your comfort and success matter to us, and we're here to ensure an inclusive experience.

Our DEIB Report and Our DEI Commitment