Senior IAM Automation Engineer

Handshake is building the career network for the AI economy, backed by the largest and most trusted job network on the internet. As the only three-sided job marketplace connecting 18 million knowledge workers, 1,500 educational institutions, and 1 million employers, Handshake powers career discovery, hiring, and upskilling—from first internships to full-time roles, freelance work to gig work, and beyond.

Founded in 2014, we’ve built the most trusted platform for early talent—owning the college-to-career market and powering nearly every career center. Today we’re building on that foundation to help students and early professionals upskill or reskill for the future.

Now’s a great time to join Handshake. Here’s why:
Category Leader: Over 92% coverage across US universities & 77% of total US university student population.
Proven Market Demand: Deep employer partnerships across Fortune 500s and the world’s leading AI research labs.
World-Class Team: Leadership from Scale AI, OpenAI, xAI, Notion, Coinbase, and Palantir, just to name a few.
Capitalized & Scaling: $434M raised with a $175M+ run rate.

Handshake is seeking a Senior IAM Automation Engineer to own the architecture, design, and implementation of our enterprise identity automation and governance ecosystem. You’ll define the long-term IAM automation strategy, build resilient and scalable lifecycle workflows, and enable secure-by-default identity operations across SaaS, cloud, and internal platforms.
You’ll partner closely with Security, IT Engineering, People Operations, and Product/Platform Engineering to deliver highly automated, auditable, and reliable identity solutions.

• Architect, build, and own automated onboarding, offboarding, and access-change workflows across Okta, Workday, SCIM, and event-driven systems.

• Engineer integration layers between identity platforms and internal applications using Python, REST APIs, Webhooks, and Terraform.

• Implement error-handling, reconciliation logic, telemetry, and monitoring to ensure reliability and determinism in identity lifecycle events.

• Modernize existing provisioning logic and replace manual processes with scalable automation frameworks.

• Develop tooling and pipelines enabling version-controlled, testable, observable IAM automation.

• Act as a technical owner for Handshake’s IAM ecosystem, including Okta, Google Workspace, GCP, AWS IAM, and internal access systems.

• Engineer and optimize authentication & authorization protocols (OIDC, OAuth2, SAML, JWT), fine-grained access policies, and scalable RBAC/ABAC models.

• Build custom automation using Okta Workflows or API-driven orchestration.

• Design SOC2-compliant access controls, approvals, attestations, and auditability mechanisms.

• Build automated access certification systems with full data lineage.

• Conduct identity-related incident forensics and implement preventative automation.

• Provide cross-functional leadership, setting standards, best practices, and reference architectures for identity automation.

• Serve as service owner for IAM automation platforms with accountability for uptime, consistency, and continuous improvement.

• 4–7+ years of hands-on IAM engineering, identity automation, or identity governance experience.

• Strong scripting/automation skills in Python, Node.js, and REST-based integrations.

• Experience with IAM platforms such as Okta, Google Workspace/GCP, Azure AD, or similar.

• Deep understanding of identity protocols, token flows, SCIM, and distributed lifecycle orchestration.

• Experience with Terraform or other infrastructure-as-code frameworks.

• Ability to diagnose complex identity issues across SaaS, cloud, and distributed systems.

• Strong understanding of DevOps practices, observability, and secure engineering principles.

• Demonstrated ownership mindset across architecture, implementation, monitoring, and iterative improvement.

• Advanced experience with GCP IAM, Google Workspace IAM, AWS IAM, cross-account access patterns, and policy automation.

• Experience with Okta Workflows, SailPoint/IGA, or Privileged Access Management (PAM) solutions.

• Experience designing scalable authorization models for high-growth or distributed organizations.

• Certifications such as Okta Architect, Azure Identity Engineer, CISSP.

• Prior experience in SaaS, high-growth, or distributed engineering environments.

Handshake delivers benefits that help you feel supported—and thrive at work and in life.
The below benefits are for full-time US employees.

🎯 Ownership: Equity in a fast-growing company
💰 Financial Wellness: 401(k) match, competitive compensation, financial coaching
🍼 Family Support: Paid parental leave, fertility benefits, parental coaching
💝 Wellbeing: Medical, dental, and vision, mental health support, wellness stipend
📚 Growth: Learning stipend, ongoing development
💻 Remote & Office: Internet, commuting, and free lunch/gym in our SF office
🏝 Time Off: Flexible PTO, 15 holidays + 2 flex days
🤝 Connection: Team outings & referral bonuses

Explore our mission, values, and comprehensive US benefits at joinhandshake.com/careers.