Senior IT Engineer

Senior IT Engineer

San Francisco Bay Area

• IT Automation & Workflow Engineering:
  Own and evolve the company's IT automation platform with Okta Workflows as the primary engine. Design and deliver reliable, scalable automations across onboarding and offboarding, access provisioning, SaaS license management, and compliance workflows. You architect solutions, not one-off scripts, and you hold yourself to a high bar for maintainability and documentation.
• Identity & Access Management:
  Own the full Okta configuration surface, SSO integrations, SCIM provisioning, group rules, adaptive MFA, RBAC lifecycle automation, and access review workflows in Lumos. You are expected to debug the full federation layer including attribute mapping, JIT provisioning, and SCIM reconciliation, and maintain production‑grade configurations across the fleet.
• SAML, OIDC & Federation Engineering:
  Design, implement, and troubleshoot complex SAML 2.0 and OIDC integrations across enterprise SaaS applications. You understand both the SP and IdP sides of federation deeply, attribute statements, assertion mapping, binding types, token claims, and PKCE flows are not new territory. You own the integration from initial configuration through ongoing reconciliation and incident triage.
• Endpoint & Device Management:
  Administer macOS device management at scale via Kandji, including zero‑touch provisioning, Blueprint and Library Item configuration, software deployment, and security policy enforcement. You maintain fleet compliance through automated checks and can diagnose complex endpoint issues without escalation. You also have familiarity with Jumpcloud for Windows devices.
• AI‑Assisted IT Operations:
  Champion AI adoption within IT, identifying high‑value automation opportunities, evaluating AI‑native and low‑code tooling, and building agentic workflows that augment IT service delivery. You use LLMs to accelerate your own work (drafting runbooks, triaging issues, summarizing access reviews) and you build AI‑powered automations where they create real leverage.
• Google Workspace Administration:
  Own Workspace admin depth, directory configuration, group management, Drive and sharing policy enforcement, DLP settings, and audit log triage. You maintain clean provisioning and deprovisioning integration between Workspace and Okta.
• IT Compliance & Access Reviews:
  Support SOC 2 evidence collection and access review workflows, including building and maintaining automated pipelines that surface access anomalies, generate reviewer‑ready reports, and track remediation to closure. You understand the compliance surface and can own the operational execution without hand‑holding from GRC.
• Employee Lifecycle & Compliance Operations:
  Own the full onboarding and offboarding lifecycle end‑to‑end - from Day 1 provisioning through final access termination - across Okta, Google Workspace, Kandji, and the broader SaaS stack. You design and maintain the automated workflows that ensure every joiner, mover, and leaver is handled consistently, completely, and on time. You understand how lifecycle gaps create compliance risk, orphaned accounts, lingering elevated access, missed deprovisioning, and you build the controls and audit trails that close those gaps.
  
  You work closely with People Ops and IT Security to align lifecycle triggers with HR systems, enforce role‑based provisioning via SCIM and group rules, and produce the evidence needed for SOC 2 and access review cycles. Nothing falls through the cracks on your watch.
• SaaS Governance & Tool Management:
  Manage the lifecycle of the company's corporate SaaS stack, vendor onboarding integrations, license optimization, app security reviews, and offboarding automation. You maintain up‑to‑date documentation, runbooks, and operational playbooks for every platform you own.
• Cross‑Functional Partnership & Project Delivery:
  Partner with IT Security, Engineering, People Ops, and Finance to deliver high‑impact projects. Communicate clearly with both technical and executive audiences on project status, risk, and outcomes.

• Experience:
  
  5–8+ years in IT systems engineering, with hands‑on depth in at least three…