Moveworks

Information Technology And Services

SeniorIdentity&AccessManagementEngineer

Austin, Texas, United States FULL TIME

The Brief

“Senior Identity & Access Management Engineer at Moveworks. Skills: Identity and Access Management (IAM), AWS IAM, Azure IAM, Kubernetes IAM, SaaS IAM, Teleport, Terraform, Okta administration, OAuth, OIDC, SAML, SCIM. Drive IAM application development: Code, design, and implement solutions. Drive IAM projects end-to-end: Take ambiguous access problems, understand and define requirements, architect solutions, and own the rollout/operationalization”

What You'll Achieve.

Shape the future of our identity and access strategy; Develop robust access models across AWS, Azure, Kubernetes, and reduce privilege sprawl; Build observability through logging, metrics, and reporting in our SIEM; Modernize access reviews to deliver real security impact with minimal friction; Continuously de-risk IAM threats; Drive adoption of secure-by-default patterns; Directly protect Moveworks’ most critical systems; Enable our engineers to move fast, safely, and confidently; Enable robust and reliable solutions to keep our engineering teams active; Reduce unnecessary privileges; Minimize manual grants; Create scalable 'safe baseline' access that covers routine work without daily elevation; Ensure access changes are observable in our SIEM; Build repeatable reporting that surfaces risky access and drift; Design a UAR process & solution that meets compliance requirements while improving real security signal—minimizing approver burden through scoping, automation, and clear decision support; Propose appropriate controls and mitigations; Drive adoption with partner teams; Develop solutions to continuously de-risk; Reliably distinguish meaningful IAM risk from noise; Gather context efficiently; Escalate with crisp rationale and actionable mitigations; Write lightweight procedures, runbooks, and automation so access decisions are consistent, scalable, and not dependent on tribal knowledge

Industry & Context.

Information Technology And Services

Problems you'll solve

Untangling ambiguous access challenges; Architecting secure, automated solutions; Develop with secure access models in mind; Reduce unnecessary privileges; Minimize manual grants; Create scalable 'safe baseline' access; Identify high-risk permissions and misuse paths; Propose appropriate controls and mitigations; Distinguish meaningful IAM risk from noise

Eligibility Requirements

US Citizenship preferred (Some responsibilities in this role involve working with U. S. government customer environments subject to regulatory access requirements. Eligibility may be contingent on the ability to satisfy applicable export control or government contract obligations.), Eligibility for export control or government contract obligations may be contingent on satisfying applicable requirements.

What They're Looking For.

Must Have

5+ years of experience working in IAM, security engineering, or platform engineering with substantial IAM responsibilities in production environments, Grasp of IAM best practices and common failure modes (e.g., least privilege, privilege escalation paths, separation of duties, breakglass, auditability), Practical experience implementing and designing access control in AWS, Azure, GCP environments and partnering with teams who manage infrastructure at scale, Experience with Okta administration and patterns (e.g., groups, app assignments, lifecycle/provisioning), or equivalent experience with a similar SSO product, Ability to spot dangerous permissions and misuse paths (including insider-threat scenarios), assess risk, and identify suitable mitigations and controls, Comfortable using scripting languages and AI coding tools to build reliable automation, and able to read/validate what the code is doing, Working understanding of OAuth, OIDC, SAML, and SCIM, including when to use which, failure modes, and common pitfalls, Proven ability to build long-lasting relationships with various technical teams, such as Engineering, Information Technology, Infrastructure, and DevOps teams

Nice to Have

US Citizenship preferred, Experience configuring IAM in Teleport, Terraform and Kubernetes environments is a plus

What You'll Do.

Drive IAM application development: Code

and implement solutions

Drive IAM projects end-to-end: Take ambiguous access problems

understand and define requirements

and own the rollout/operationalization

Develop with secure access models in mind: Continuously develop role design improvements and access assignment patterns across AWS

and internal systems to reduce unnecessary privileges

minimize manual grants

and create scalable “safe baseline” access

Develop on operationalizing logging and metrics: Ensure access changes are observable in our SIEM build repeatable reporting that surfaces risky access and drift

Run and improve user access reviews (UAR): Develop

execute and design a UAR process & solution that meets compliance requirements while improving real security signal—minimizing approver burden through scoping

and clear decision support

Develop technology to continuously de-risk: Identify high-risk permissions and misuse paths

propose appropriate controls and mitigations

drive adoption with partner teams

and develop solutions to continuously de-risk

Operate with security judgment and high signal: Reliably distinguish meaningful IAM risk from noise

gather context efficiently

and escalate with crisp rationale and actionable mitigations

Document and standardize the paved road: Write lightweight procedures

and automation so access decisions are consistent

and not dependent on tribal knowledge

How You'll Work.

Team & Collaboration

Partner closely with teams to drive adoption of secure-by-default patterns; Build long-lasting relationships with various technical teams, such as Engineering, Information Technology, Infrastructure, and DevOps teams

Process & Methodology

Drive IAM projects end-to-end: Take ambiguous access problems, understand and define requirements, architect solutions, and own the rollout/operationalization (not just the design)

Free ATS check

Applying for this Senior Identity & Access Management Engineer role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

Skill Signal 53 detected

Core

Teleport ×4

Terraform ×4

Required

OAuth ×3

OIDC ×3

SAML ×3

SCIM ×3

Coding ×3

Designing IAM solutions ×3

Building IAM solutions ×3

Scaling IAM solutions ×3

Developing access models ×3

Reducing privilege sprawl ×3

Nice to have

SaaS applications

GCP

Security engineering

Platform engineering

IAM best practices

Least privilege

Privilege escalation paths

Separation of duties

Breakglass

Auditability

Behavioural

Collaboration

Role Details

Work Mode

Remote Friendly

Type

FULL TIME

Experience

5–+ yrs

Education

BS+ in computer science or a related fie

How to Apply on SmartRecruiters

SmartRecruiters often includes a video screening step — check camera and mic permissions.
Link your GitHub or portfolio directly in the profile section for technical roles.
Applications may be reviewed by AI scoring before reaching a recruiter — use keywords from the job description.

ANONYMOUS · UNFILTERED

What do employees actually say about Moveworks?

Real rants from real employees. Read before you apply.

Read Company Rants →