Senior/Staff Identity and Access Management (IAM) Engineer
Zoox is seeking a highly skilled and experienced Identity and Access Management (IAM) Engineer who will be responsible for helping ensure the security of our end users and resources.
This position on the Cyber Security team is responsible for developing, maintaining and automating Identity & Access Management (IAM) solutions and operations at Zoox. This role requires a strong understanding of security principles, modern IAM methodologies (e.g., Zero Trust, least privilege), and a deep commitment to infrastructure-as-code and API-driven development practices.
The ideal candidate will be capable of engineering and delivering both enterprise and consumer focused solutions associated with IAM.
In this role, you will:
-
Lead the technical design and architecture of highly available and resilient IAM solutions, covering areas such as Identity Governance and Administration (IGA), Access Management (AM), Privileged Access Management (PAM), and Customer Identity and Access Management (CIAM).
-
Collaborate with application development and DevOps teams to embed security best practices and streamline secure authentication/authorization patterns.
-
Develop, test, and deploy IAM infrastructure and configuration using infrastructure-as-code (IaC) tools (e.g., Terraform, Ansible).
-
Define and enforce standards and policies related to identity, authentication, and authorization across the entire technology stack.
-
Stay current with emerging threats, technologies, and industry best practices in identity and access management.
Qualifications
- 8+ years experience in Information Security
-
Proven expertise in deploying and managing enterprise IAM platforms (e.g., SailPoint, EntraID, Active Directory, LDAP). Preference for experience with API-driven configuration and management over GUI-based administration.
-
Deep proficiency in Infrastructure-as-Code (IaC) tools such as Terraform for provisioning and managing IAM resources.
-
Strong development skills in at least one major programming language (Python preferred) for building automation tools and custom integrations.
-
Extensive experience with modern authentication and authorization standards (OAuth 2.0, OpenID Connect, SAML, SCIM).
Bonus Qualifications
-
Experience with workflows and tools like ArgoCD for continuous delivery of IAM configurations.
-
Familiarity with containerization technologies (Docker, Kubernetes) and their impact on identity design.
-
Knowledge of AWS IAM, Cognito and Resource Access Manager
-
Knowledge with Hashicorp Vault and/or AWS Secrets Manager
There are three major components to compensation for this position: salary, Amazon Restricted Stock Units (RSUs), and Zoox Stock Appreciation Rights. A sign-on bonus may be offered as part of the compensation package. The listed range applies only to the base salary. Compensation will vary based on geographic location and level. Leveling, as well as positioning within a level, is determined by a range of factors, including, but not limited to, a candidate's relevant years of experience, domain knowledge, and interview performance. The salary range listed in this posting is representative of the range of levels Zoox is considering for this position.
Zoox also offers a comprehensive package of benefits, including paid time off (e.g. sick leave, vacation, bereavement), unpaid time off, Zoox Stock Appreciation Rights, Amazon RSUs, health insurance, long-term care insurance, long-term and short-term disability insurance, and life insurance.