Whoop
Security Engineer, IAM
TLDR
Implement authentication and authorization controls while supporting AWS IAM security and optimizing identity provider configurations.
Responsibilities
Qualifications
- Implement authentication and authorization controls across SaaS platforms, cloud infrastructure, and internal applications
- Configure and maintain SSO, MFA, conditional access policies, and federation integrations
- Assist with the evolution of single sign-on (SSO), multi-factor authentication (MFA), conditional access, and zero trust access models
- Assist in design and enforce role-based and attribute-based access control models (RBAC/ABAC) across cloud and SaaS systems
- Validate identity provider integrations, including application onboarding and SCIM provisioning
- Partner with Engineering to secure application authentication flows, API access, service-to-service authentication, and token management
- Harden and optimize identity provider configurations, including lifecycle management, federation, and SCIM provisioning
- Support AWS IAM security, including policy implementation, role configuration, cross-account access management, and identity federation
- Implement privileged access and identity lifecycle controls, including provisioning, deprovisioning, access reviews, entitlement governance, least privilege enforcement, and just-in-time access mechanisms
- Secure APIs, service accounts, and non-human identities used in automation and CI/CD workflows
- Implement and improve identity monitoring and detection capabilities, including anomaly detection, session risk analysis, and identity threat response
- Partner with GRC to support identity-related audits, evidence collection, and control validation across frameworks such as ISO 27001, SOC 2, PCI DSS, and GDPR
- Contribute to incident response efforts involving identity compromise, credential abuse, or unauthorized access events
- 3+ years of experience in IAM engineering or identity architecture
- Hands-on experience with enterprise identity providers such as Okta, Azure AD, or similar enterprise IAM platforms
- Strong understanding of modern authentication and authorization protocols, including SAML, OAuth 2.0, OIDC, SCIM, and JWT
- Experience designing and implementing RBAC and/or ABAC models in cloud-native environments
- Strong knowledge of AWS IAM, cross-account access models, and cloud identity federation
- Experience securing APIs, service accounts, machine identities, and CI/CD authentication workflows
- Experience with privileged access management concepts and least privilege enforcement
- Experience automating IAM tasks using scripting or infrastructure-as-code tools (i.e., Python, Terraform, or similar infrastructure-as-code tooling)
- Familiarity with identity threat detection and response methodologies
- Bachelor’s degree in Computer Science, Cybersecurity, or related field; relevant certifications (i.e., CISSP, CISM, GIAC, AWS Security Specialty, Okta Certified Professional) or equivalent practical experience will also be considered
Whoop builds a performance optimization platform that helps individuals understand their bodies and health through advanced wearable technology. Targeted at fitness enthusiasts and health-conscious individuals, this startup stands out by focusing on personalized metrics and insights that drive improved performance and longevity.
- Founded
- Founded 2007
- Employees
- 51-200 employees
- Industry
- Internet Software & Services
Security Engineer