Hiring Identity Engineers: The Complete Guide

# Identity Engineer

**Location:** San Francisco, CA (Hybrid) · **Employment Type:** Full-time · **Level:** Mid-Senior

## About [Company]

[Company] is a B2B SaaS platform trusted by 500+ Fortune 1000 companies to manage their most sensitive business data. Security and identity are foundational to enterprise trust—our customers' security teams evaluate us rigorously before deployment.

Our platform authenticates 2 million users daily, integrates with 1,000+ enterprise identity providers, and maintains SOC 2 Type II and ISO 27001 certifications. Identity is core infrastructure, not an afterthought.

**Why join [Company]?**

- Work on enterprise identity at scale—2M daily authentications, 1000+ IdP integrations
- Solve real enterprise challenges (SSO, provisioning, access control)
- Security-critical work with direct customer impact
- Join a 6-person identity team within a 200-person engineering org
- Series D company, strong enterprise traction, path to profitability
- Competitive compensation with meaningful equity

## The Role

We're looking for an Identity Engineer to help us build world-class authentication and authorization systems. You'll work on SSO integrations, user provisioning, access control, and the identity infrastructure that enterprise customers require.

Enterprise identity is complex. Every customer has a different IdP (Okta, Azure AD, Ping, custom solutions), different security requirements, and different provisioning workflows. You'll build systems that handle this diversity reliably and securely.

The ideal candidate has deep experience with identity protocols (OAuth 2.0, OIDC, SAML) and understands enterprise requirements. You have a security-first mindset—identity systems are attack surfaces, and misconfiguration creates vulnerabilities.

## What You'll Work On

### First 30 Days
- Onboard to our identity stack, SSO integrations, and authentication flows
- Understand our customer base and their identity configurations
- Ship your first identity improvement or integration fix

### First 90 Days
- Own an identity system component (SSO, provisioning, or access control)
- Contribute to new IdP integrations or feature development
- Participate in customer security reviews
- Build relationships with security and customer success teams

### First Year
- Lead identity initiatives that improve security or customer experience
- Architect improvements to our identity infrastructure
- Develop new enterprise capabilities (MFA, passwordless, conditional access)
- Mentor teammates on identity engineering best practices

## Objectives of This Role

- Maintain 99.99% authentication availability
- Reduce SSO integration time for new enterprise customers
- Expand IdP coverage to support customer requirements
- Improve provisioning reliability and reduce support tickets
- Support successful security audits and compliance certifications

## Responsibilities

**Authentication & SSO (50%)**
- Build and maintain SSO integrations (SAML 2.0, OIDC)
- Implement multi-factor authentication and passwordless options
- Design authentication flows for security and usability
- Debug SSO issues with customer IdPs
- Ensure authentication security best practices

**Provisioning & Lifecycle (30%)**
- Implement SCIM provisioning for user lifecycle management
- Build directory sync integrations
- Design role and group mapping from customer directories
- Handle provisioning edge cases and error handling
- Support customer onboarding for provisioning setup

**Authorization & Access Control (20%)**
- Build authorization systems for multi-tenant access control
- Implement role-based and attribute-based access control
- Design permission models that scale with customer complexity
- Audit and monitor access for compliance
- Collaborate with security team on access policies

## Required Skills and Qualifications

**Technical Skills**
- 5+ years of software engineering experience
- 3+ years in identity, authentication, or security
- Deep knowledge of OAuth 2.0 and OpenID Connect
- Strong SAML 2.0 implementation experience
- Experience with user provisioning (SCIM)
- Backend development skills (Python, Go, or Java)
- Understanding of cryptography and secure coding

**Identity Knowledge**
- Familiarity with enterprise IdPs (Okta, Azure AD, Ping)
- Understanding of directory services (LDAP, Active Directory)
- Experience with MFA and authentication factors

**Soft Skills**
- Security-first mindset—identity is a security domain
- Clear communication with customers and security teams
- Analytical approach to debugging SSO issues
- Patience for enterprise integration complexity

## Preferred Skills and Qualifications

- Identity platform experience (Okta, Auth0, Ping Identity)
- Zero-trust architecture experience
- SOC 2 or ISO 27001 audit experience
- Experience with identity governance (IGA)
- Background in security engineering
- Customer-facing experience for enterprise accounts

## Tech Stack

**Backend:** Python, Go, PostgreSQL

**Identity:** SAML libraries, OIDC providers, custom identity service

**Integrations:** Okta, Azure AD, Google Workspace, Ping, OneLogin, custom SAML/OIDC

**Provisioning:** SCIM service, directory sync workers

**Infrastructure:** AWS (EKS, Cognito), Kubernetes

**Security:** HashiCorp Vault for secrets, audit logging, Datadog

## Compensation and Benefits

**Salary:** $145,000 - $195,000 (based on experience)

**Equity:** 0.04% - 0.12% (4-year vest, 1-year cliff)

**Benefits:**

*Health & Wellness*
- Medical, dental, and vision insurance (100% covered)
- $100/month wellness stipend
- Mental health support through Modern Health

*Time Off*
- Unlimited PTO with 15-day minimum encouraged
- 11 paid company holidays
- 16 weeks paid parental leave

*Professional Development*
- $2,500 annual learning budget
- Conference attendance (Identiverse, Oktane)
- Security certification support

*Financial*
- 401(k) with 4% company match
- Equity refresh grants annually

*Workspace*
- $1,500 home office setup allowance
- Hybrid work (2-3 days in SF office)
- MacBook Pro and equipment of choice

## Engineering Culture

**How we work:**
- Security-first approach to all identity work
- Rigorous code review for security-critical changes
- Close collaboration with security and compliance teams
- Customer empathy—enterprise SSO is frustrating, make it smooth
- Blameless post-mortems after security incidents

**What we value:**
- Security over convenience—identity protects customer data
- Reliability—authentication must work every time
- Customer success—enterprise integrations should be smooth
- Continuous learning as identity standards evolve
- Work-life balance (on-call is light and well-supported)

## Interview Process

Our interview process typically takes 2 weeks.

- **Step 1: Recruiter Screen** (30 min)
  Background discussion and role overview.

- **Step 2: Technical Screen** (60 min)
  Identity fundamentals with an identity engineer. OAuth, SAML, and your experience.

- **Step 3: Identity Deep Dive** (90 min)
  Technical discussion about identity system design, protocol details, and security considerations.

- **Step 4: System Design** (60 min)
  Design an identity system component: SSO integration, provisioning, or access control.

- **Step 5: Security Discussion** (45 min)
  Discussion with security team about threat modeling and secure design.

- **Step 6: Team Interviews** (2 x 30 min)
  Meet potential teammates. Discussion about collaboration and customer-facing work.

---

*[Company] is an equal opportunity employer.*