Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 4
Terraform @ 4
Python @ 7
Hiring @ 4
Communication @ 4
Mentoring @ 4
API @ 4
iPaaS @ 7
OAuth @ 4
ChatGPT @ 4
Audit @ 4
Compliance @ 4
Claude Code @ 4
AI @ 4
Change Management @ 4
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
GitLab is the intelligent orchestration platform for DevSecOps. The Corporate Security Identity Team is on a mission to transform how the workforce ecosystem securely accesses tools, advancing from foundational controls to automated governance across identity platforms and emerging AI tooling. This Staff Security Engineer role is a senior technical leader responsible for architecting identity security solutions, codifying identity platforms in infrastructure-as-code, building governance for AI and non-human identities, and leading cross-functional initiatives across Security, IT, Engineering, Compliance, and People teams.
Responsibilities
- Design comprehensive identity and AI access solutions that scale, including AI agent governance frameworks and privileged access workflows with just-in-time provisioning.
- Lead identity and access engineering for enterprise AI platforms (administration, SSO and SCIM integration, audit logging, data controls, policy enforcement for Claude and adjacent tools).
- Codify identity platforms in Terraform and lead migration from click-ops to peer-reviewed infrastructure-as-code for Okta, Lumos, and NHI platform, focusing on global critical policies.
- Refactor authentication framework to implement advanced conditional access controls (device trust, location-based policies, risk-based step-up authentication, behavioral analytics) across the SaaS ecosystem.
- Pioneer non-human identity governance: design monitoring and management for service accounts, API keys, certificates, AI agents, and MCP integrations; lead deployment and operationalization of the NHI platform.
- Drive cross-functional initiatives to extract requirements from ambiguous business needs and translate them to technical specifications.
- Mentor senior and intermediate engineers on technical implementation and strategic thinking in modern identity and AI security practices.
Requirements
- 8+ years of IAM experience designing and implementing enterprise-scale solutions, with demonstrated time at a Staff or senior individual-contributor level.
- Expert-level Okta expertise (Identity Engine, advanced authentication policies, lifecycle workflows, API automation).
- Strong infrastructure-as-code practice with Terraform, including provider experience for SaaS identity platforms and migrating click-ops to code.
- Hands-on experience administering or governing enterprise AI platforms (Anthropic Claude preferred; OpenAI ChatGPT Enterprise, Google Gemini Enterprise, or similar acceptable) and awareness of AI-specific risks (prompt injection, MCP attack surface, agent identity, data leakage).
- Strong automation experience using Python and iPaaS tools (Tines, Okta Workflows).
- Experience with IGA platforms such as Lumos, ConductorOne, or similar.
- Working knowledge of non-human identity tooling (Token Security, Oasis, Astrix, or similar) or equivalent experience governing service accounts, OAuth grants, and workload identities.
- Experience in regulated environments with compliance frameworks (FedRAMP, SOC2, SOX), including change management, evidence collection, and audit support.
- Collaborative mindset and strategic communication skills for writing technical proposals, leading cross-functional initiatives, and mentoring teammates.
- Nice to have: passion for AI agent governance, non-human identity management, zero-trust architecture, behavioral analytics; active use of agentic development tools (Claude Code, Cursor, etc.).
Benefits
- Flexible Paid Time Off and benefits supporting health, finances, and well-being (links provided in the original posting).
- Equity compensation & Employee Stock Purchase Plan; Growth and Development Fund; Parental Leave; Team Member Resource Groups.
Additional details
- Country hiring guidelines: role is remote within the United States; because this role may need to support FedRAMP tech stack, hiring may be restricted to U.S. citizens physically located in the U.S.
- Recruitment privacy policy and equal opportunity statements are included in the original posting.
- United States base salary range (residents of the United States only): $168,000 - $238,000 USD (base salary does not include bonuses, equity, or benefits).