Note: The job is a remote job and is open to candidates in USA. Moveworks is the Agentic AI Assistant platform that empowers the entire workforce. As a Senior Identity & Access Management Engineer, you will be responsible for coding, designing, building, and scaling IAM solutions, ensuring secure access across various platforms while enabling teams to work efficiently.
Responsibilities
- Be the technical developer to drive IAM application development: Code, design, and implement solutions with extensive knowledge in AWS, Azure, Teleport, and Terraform. Enabling robust and reliable solutions to keep our engineering teams active
- Drive IAM projects end-to-end: Take ambiguous access problems, understand and have the ability to define requirements, architect solutions, and own the rollout/operationalization (not just the design)
- Develop with secure access models in mind: Continuously develop role design improvements and access assignment patterns across AWS, Kubernetes, SaaS apps, and internal systems to reduce unnecessary privileges, minimize manual grants, and create scalable “safe baseline” access that covers routine work without daily elevation
- Develop on operationalizing logging and metrics: Ensure access changes are observable in our Security Information and Event Management (SIEM) tool; build repeatable reporting that surfaces risky access and drift
- Run and improve user access reviews (UAR): Develop, execute and design a UAR process & solution that meets compliance requirements while improving real security signal—minimizing approver burden through scoping, automation, and clear decision support
- Develop technology to continuously de-risk: Identify high-risk permissions and misuse paths, propose appropriate controls and mitigations, drive adoption with partner teams, and develop solutions to continuously de-risk
- Operate with strong security judgment and high signal: Reliably distinguish meaningful IAM risk from noise, gather context efficiently, and escalate with crisp rationale and actionable mitigations
- Document and standardize the paved road: Write lightweight procedures, runbooks, and automation so access decisions are consistent, scalable, and not dependent on tribal knowledge
Skills
- US Citizenship preferred (Some responsibilities in this role involve working with U.S. government customer environments subject to regulatory access requirements. Eligibility may be contingent on the ability to satisfy applicable export control or government contract obligations.)
- 5+ years of experience working in IAM, security engineering, or platform engineering with substantial IAM responsibilities in production environments
- Strong grasp of IAM best practices and common failure modes (e.g., least privilege, privilege escalation paths, separation of duties, breakglass, auditability)
- Practical experience implementing and designing access control in AWS, Azure, GCP environments and partnering with teams who manage infrastructure at scale. Experience configuring IAM in Teleport, Terraform and Kubernetes environments is a plus
- Experience with Okta administration and patterns (e.g., groups, app assignments, lifecycle/provisioning), or equivalent experience with a similar SSO product
- Ability to spot dangerous permissions and misuse paths (including insider-threat scenarios), assess risk, and identify suitable mitigations and controls
- Comfortable using scripting languages and AI coding tools to build reliable automation, and able to read/validate what the code is doing
- Working understanding of OAuth, OIDC, SAML, and SCIM, including when to use which, failure modes, and common pitfalls
- Proven ability to build long-lasting relationships with various technical teams, such as Engineering, Information Technology, Infrastructure, and DevOps teams
- BS+ in computer science or a related field, or equivalent relevant experience
Benefits
- Flexible or Remote work persona
Company Overview