Whoop - Security Engineer, IAM
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• 3+ years of experience in IAM engineering or identity architecture • Hands-on experience with enterprise identity providers such as Okta, Azure AD, or similar enterprise IAM platforms • Strong understanding of modern authentication and authorization protocols, including SAML, OAuth 2.0, OIDC, SCIM, and JWT • Experience designing and implementing RBAC and/or ABAC models in cloud-native environments • Strong knowledge of AWS IAM, cross-account access models, and cloud identity federation • Experience securing APIs, service accounts, machine identities, and CI/CD authentication workflows • Experience with privileged access management concepts and least privilege enforcement • Experience automating IAM tasks using scripting or infrastructure-as-code tools (i.e., Python, Terraform, or similar infrastructure-as-code tooling) • Familiarity with identity threat detection and response methodologies • Bachelor’s degree in Computer Science, Cybersecurity, or related field; relevant certifications (i.e., CISSP, CISM, GIAC, AWS Security Specialty, Okta Certified Professional) or equivalent practical experience will also be considered • This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office. • Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
Responsibilities
• Implement authentication and authorization controls across SaaS platforms, cloud infrastructure, and internal applications • Configure and maintain SSO, MFA, conditional access policies, and federation integrations • Assist with the evolution of single sign-on (SSO), multi-factor authentication (MFA), conditional access, and zero trust access models • Assist in design and enforce role-based and attribute-based access control models (RBAC/ABAC) across cloud and SaaS systems • Validate identity provider integrations, including application onboarding and SCIM provisioning • Partner with Engineering to secure application authentication flows, API access, service-to-service authentication, and token management • Harden and optimize identity provider configurations, including lifecycle management, federation, and SCIM provisioning • Support AWS IAM security, including policy implementation, role configuration, cross-account access management, and identity federation • Implement privileged access and identity lifecycle controls, including provisioning, deprovisioning, access reviews, entitlement governance, least privilege enforcement, and just-in-time access mechanisms • Secure APIs, service accounts, and non-human identities used in automation and CI/CD workflows • Implement and improve identity monitoring and detection capabilities, including anomaly detection, session risk analysis, and identity threat response • Partner with GRC to support identity-related audits, evidence collection, and control validation across frameworks such as ISO 27001, SOC 2, PCI DSS, and GDPR • Contribute to incident response efforts involving identity compromise, credential abuse, or unauthorized access events
No credit card. Takes 10 seconds.