Whoop29d ago

Security Engineer, IAM

Bostonmid

EngineeringSecuritySecurity Engineer

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

At WHOOP, we’re on a mission to unlock human performance and healthspan.

Technical Tools

EngineeringSecuritySecurity Engineer

At WHOOP, we’re on a mission to unlock human performance and healthspan. Our wearable technology provides personalized insights that help millions of members better understand their bodies and make smarter decisions about training, recovery, and lifestyle.

Identity is foundational to securing modern cloud-native platforms, SaaS ecosystems, and enterprise systems. We are seeking an IAM Security Engineer to support the design, implementation, and continuous improvement of identity and access management controls across workforce identity, SaaS platforms, and production cloud environments.

In this role, you will work closely with Security, IT, and Engineering teams to implement secure authentication and authorization patterns that protect critical systems and data.

Implement authentication and authorization controls across SaaS platforms, cloud infrastructure, and internal applications
Configure and maintain SSO, MFA, conditional access policies, and federation integrations
Assist with the evolution of single sign-on (SSO), multi-factor authentication (MFA), conditional access, and zero trust access models
Assist in design and enforce role-based and attribute-based access control models (RBAC/ABAC) across cloud and SaaS systems
Validate identity provider integrations, including application onboarding and SCIM provisioning
Partner with Engineering to secure application authentication flows, API access, service-to-service authentication, and token management
Harden and optimize identity provider configurations, including lifecycle management, federation, and SCIM provisioning
Support AWS IAM security, including policy implementation, role configuration, cross-account access management, and identity federation
Implement privileged access and identity lifecycle controls, including provisioning, deprovisioning, access reviews, entitlement governance, least privilege enforcement, and just-in-time access mechanisms
Secure APIs, service accounts, and non-human identities used in automation and CI/CD workflows
Implement and improve identity monitoring and detection capabilities, including anomaly detection, session risk analysis, and identity threat response
Partner with GRC to support identity-related audits, evidence collection, and control validation across frameworks such as ISO 27001, SOC 2, PCI DSS, and GDPR
Contribute to incident response efforts involving identity compromise, credential abuse, or unauthorized access events

3+ years of experience in IAM engineering or identity architecture
Hands-on experience with enterprise identity providers such as Okta, Azure AD, or similar enterprise IAM platforms
Strong understanding of modern authentication and authorization protocols, including SAML, OAuth 2.0, OIDC, SCIM, and JWT
Experience designing and implementing RBAC and/or ABAC models in cloud-native environments
Strong knowledge of AWS IAM, cross-account access models, and cloud identity federation
Experience securing APIs, service accounts, machine identities, and CI/CD authentication workflows
Experience with privileged access management concepts and least privilege enforcement
Experience automating IAM tasks using scripting or infrastructure-as-code tools (i.e., Python, Terraform, or similar infrastructure-as-code tooling)
Familiarity with identity threat detection and response methodologies
Bachelor’s degree in Computer Science, Cybersecurity, or related field; relevant certifications (i.e., CISSP, CISM, GIAC, AWS Security Specialty, Okta Certified Professional) or equivalent practical experience will also be considered