IAM Security Engineer

Elastic, the Search AI Company, enables everyone to find the answers they need in real time, using all their data, at scale — unleashing the potential of businesses and people. The Elastic Search AI Platform, used by more than 50% of the Fortune 500, brings together the precision of search and the intelligence of AI to enable everyone to accelerate the results that matter. By taking advantage of all structured and unstructured data — securing and protecting private information more effectively — Elastic’s complete, cloud-based solutions for search, security, and observability help organizations deliver on the promise of AI.

The IAM Security Engineer will play an integral role in safeguarding Elastic’s IT systems by enhancing the strategic collaboration between the IT and the InfoSec organization.

This role requires deep expertise in Okta's capabilities (SSO, MFA, SCIM provisioning, SAML, and ABAC) and a strong background in solving complex access-related problems in enterprise SaaS applications.

Identity and Access Management (IAM) Architecture

• Develop and enforce IAM policies and procedures, optimizing role-based access control (RBAC), attribute-based access control (ABAC) and leveraging Just In Time access and single sign-on (SSO) capabilities to scale security controls effectively.
• Architect, implement, and manage Okta integrations for SSO, MFA, SCIM provisioning, and ABAC across a diverse SaaS application landscape.
• Develop and maintain fine-grained access control policies leveraging Okta’s Universal Directory, SCIM attributes, and metadata-driven rules to enforce secure access.
• Solve identity and access governance challenges in cloud and SaaS environments, ensuring appropriate user access based on business needs, security policies, and compliance requirements.
• Implement IAM best practices and procedures in collaboration with the InfoSec IAM architect.
• Continuously monitor identities, access rights, and usage patterns to proactively mitigate risks and enhance the organization’s security posture.
• Drive security transformation by deploying innovative solutions that improve identity-centric security frameworks.

Collaboration and Strategic Alignment

• Act as a liaison between IT and InfoSec teams to align security strategies with IT initiatives and organizational goals.
• Collaborate on the integration of IAM solutions into IT and InfoSec processes, ensuring both security and operational efficiency.
• Provide advisory support to IT and InfoSec leadership on IAM best practices, tools, and scalability strategies.
• Drive cross-functional collaboration to embed security transformation initiatives into organizational workflows.

Documentation and Technical Leadership

• Create and maintain technical documentation, including architecture diagrams, technical designs, and standard operating procedures (SOPs).
• Proactively propose and implement security improvements aligned with organizational needs and emerging threats.
• Mentor team members on advanced IAM strategies and the use of tools like Okta to achieve efficient security controls at scale.

Minimum Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• 8+ years of experience in security engineering, consulting, or transformation roles.
• Proven experience in driving security transformation initiatives, especially within cloud-native environments.
• Strong knowledge of identity governance, risk-based access control (RBAC/ABAC), and least privilege access models.
• Proficiency with IAM tools, particularly Okta, including its use for lifecycle automation, SSO, and access policies.
• Familiarity with prominent enterprise SaaS applications, such as Salesforce, NetSuite, and others, and their integration into IAM strategies.
• Expertise in applicable frameworks (i.e. NIST, FedRAMP, ISO 27001) and zero-trust principles.

Preferred Skills and Certifications

• Okta Certified Professional/Administrator or relevant IAM certifications.
• Certifications such as CISSP, Certified Identity and Access Manager (CIAM), or similar.
• Advanced experience with Okta’s API capabilities and custom configurations for enterprise-scale security.
• In-depth knowledge of cloud-based IAM solutions and endpoint protection technologies.
• Demonstrated ability to assess risks and implement controls to mitigate IAM-related vulnerabilities.

Compensation for this role is in the form of base salary. This role does not have a variable compensation component. The typical starting salary range for new hires in this role is listed below.

The typical starting salary range for this role is:

$122,300—$193,400 CAD

As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life.

• Competitive pay based on the work you do here and not your previous salary
• Health coverage for you and your family in many locations
• Ability to craft your calendar with flexible locations and schedules for many roles
• Generous number of vacation days each year
• Increase your impact - We match up to $2000 (or local currency equivalent) for financial donations and service
• Up to 40 hours each year to use toward volunteer projects you love
• Embracing parenthood with minimum of 16 weeks of parental leave

Elastic is an equal opportunity/affirmative action employer committed to diversity, equity, and inclusion. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, pregnancy, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, disability status, or any other basis protected by federal, state or local law, ordinance or regulation.

We welcome individuals with disabilities and strive to create an accessible and inclusive experience for all individuals. To request an accommodation during the application or the recruiting process, please email candidate_accessibility@elastic.co. We will reply to your request within 24 business hours of submission.