Senior Security Engineer

1Password is a rapidly growing company focused on building a secure digital future. The Senior Security Engineer will contribute to the implementation and improvement of identity and access management solutions, ensuring secure access to internal and SaaS systems while collaborating with various teams to enhance security operations.

Responsibilities:

• Lead medium-to-large identity security initiatives by taking loosely defined or ambiguous problem statements and turning them into well-scoped, executable projects, owning delivery from initial problem framing and technical design through implementation, rollout, and steady-state operation
• To operate as a technical leader by helping define the Corporate Security roadmap
• Design and implement scalable identity and access management solutions, including authentication, access controls, identity lifecycle management, and secure access to internal and SaaS systems
• Identify opportunities to improve the reliability, scalability, and maintainability of identity platforms, and drive those improvements through automation, configuration as code, and operational best practices
• Partner closely with IT Engineering’s Identity team to align on identity architecture, lifecycle processes, and platform ownership
• Collaborate with the rest of the Corporate Security team to ensure identity controls integrate cleanly into broader security initiatives
• Work cross-functionally with Procurement and GRC to align identity security solutions with vendor onboarding, compliance requirements, and organizational risk posture
• Provide technical leadership within the Identity Security squad, supporting other engineers through design reviews, feedback, and shared problem-solving
• Participate in security audits, tabletop exercises, and identity-related incident response, bringing an identity-focused perspective to broader Security Operations activities

Requirements:

• Minimum of 5 years of combined experience in IT or security, with deep focus on corporate or enterprise identity and access management
• Strong hands-on experience administering and securing identity providers such as Okta or Google Workspace, including SSO, federation (SAML/OIDC), MFA, SCIM provisioning, and access governance
• Advanced understanding of identity security concepts and their application, including RBAC, conditional access, least privilege, JIT, identity lifecycle management, and identity's role in securing SaaS platforms
• Experience working in a remote-first environment where identity and device posture form the basis of access control. Hands-on experience configuring or supporting conditional access policies, leveraging device posture signals (via tools such as Device Trust (Kolide), Iru (Kandji), Jamf, Intune, CrowdStrike, or SentinelOne), and working with ZTNA or modern VPN solutions (e.g., Tailscale, Twingate, Palo Alto Prisma Access, Zscaler)
• Proven ability to design and deliver medium-to-large security initiatives, owning outcomes from planning through implementation and ongoing operation
• Experience using scripting, automation, and configuration as code (Python, Bash, Terraform, CI/CD) to scale identity operations and improve reliability; familiarity with SOAR platforms (Tines, Torq, Splunk) is a plus
• Ability to identify gaps in quality, testing, or documentation, and raise the bar for maintainability, observability, and operational excellence
• Strong collaboration and communication skills, with the ability to align cross-functional partners (IT Engineering, Procurement, GRC, Detection & Response) on priorities, risks, and timelines
• Demonstrated commitment to mentoring peers, sharing best practices, and contributing to a culture of shared ownership and continuous improvement
• Experience being customer zero - dogfooding security or identity products internally and providing actionable feedback to improve both internal workflows and customer-facing value