Staff IAM Engineer
$170k - $190k USD
Ironclad is the leading AI contracting platform that transforms agreements into assets. Contracts move faster, insights surface instantly, and agents push work forward, all with you in control. Whether you’re buying or selling, Ironclad unifies the entire process on one intelligent platform, providing leaders with the visibility they need to stay one step ahead. That’s why the world’s most transformative organizations, from Rivian to the World Health Organization and the Associated Press, trust Ironclad to accelerate their business.
We’re consistently recognized as a leader in the industry: a Leader in the Forrester Wave and Gartner Magic Quadrant for Contract Lifecycle Management, a Fortune Great Place to Work, and one of Fast Company’s Most Innovative Workplaces. Ironclad has also been named to Forbes’ AI 50 and Business Insider’s list of Companies to Bet Your Career On. We’re backed by leading investors including Accel, Y Combinator, Sequoia, BOND, and Franklin Templeton. For more information, visit www.ironcladapp.com or follow us on LinkedIn.
This is a hybrid role. Office attendance is required at least twice a week on Tuesdays and Thursdays for collaboration and connection. There may be additional in-office days for team or company events.
Identity & Corporate Security Engineering @ Ironclad
In this role, you’ll own security-critical identity and corporate security controls that protect Ironclad’s people, systems, and data. You’ll work cross-functionally with IT & Business Systems, Security Detection & Response, Trust & Compliance, and application owners to ensure access is appropriate, devices are trusted, and audit and monitoring requirements are met without sacrificing a great employee experience.
At Ironclad, we’ve built a product that brings a two thousand year old profession into the digital age, and you’ll play a pivotal role in enabling secure, scalable operations. We work in a highly collaborative environment and strive to foster a positive, inclusive culture. If you’d like to join us on our mission to build the product that legal teams love, let’s talk!
What you will do:
Support implementation and operations of our Identity Governance & Administration (IGA) platform to ensure employees gain appropriate access for their role, approvals are captured, and access is revoked efficiently upon separation
Access control design as a security control by defining and enforcing RBAC standards for sensitive systems
Continuous improvement of identity controls by reducing standing privileges and hardening authentication policies (SSO, MFA)
Lead the integration of new SaaS applications into our SSO (Single Sign-On) and MFA (Multi-Factor Authentication) ecosystem, providing security oversight for business systems implementations and operations
Evolve our corporate device trust program so only compliant devices can access corporate and production systems
Support endpoint security efforts including security policies, controls, and vulnerability management across macOS and Windows
Partner with Security Detection & Response to ensure visibility into corporate systems, including development of scripts and integrations as needed
Partner with Trust & Compliance to streamline or automate evidence collection to support internal and independent audits (e.g., SOC2)
Conduct periodic access reviews and audits; investigate and resolve identity- and access-related security incidents
Design, document, and execute plans to identify gaps and continuously improve access management lifecycle and identity architecture
What we are looking for:
4+ years of experience in security-focused software engineering, corporate engineering, IT, and/or program management
Demonstrated ability to identify risks and vulnerabilities in IT and business systems, balance risk with company priorities, and communicate risk to stakeholders
Strong understanding of IAM protocols and standards, including SAML 2.0, OIDC, SCIM, LDAP, OAuth, and familiarity with X.509
Experience with IdP and identity tooling (e.g., Okta, Active Directory, Google Workspace), including defining and enforcing Role-Based Access Control (RBAC) policies and Least Privilege principles across enterprise applications
Familiarity with endpoint engineering for macOS and Windows
SW Eng/Dev engineering and DevOps proficiency: Python and/or Go, Terraform, GAM scripting, Powershell scripting, JSON, Javascript
Demonstrated experience deploying new IT systems and processes across the organization with high user satisfaction
Strong analytical and problem-solving skills, attention to detail, and ability to operate independently with a high level of ownership
Experience with Okta, Salesforce, NetSuite, Workday, GCP, GWP, Microsoft Entra/Azure/Intune, JAMF
Backend and API testing/experience is a plus
Base Salary Range: $170,000 - $190,000
The base salary range represents the minimum and maximum of the salary range for this position based at our San Francisco headquarters. The actual base salary offered for this position will depend on numerous factors, including individual proficiency, anticipated performance, and the location of the selected candidate. Our base salary is just one component of Ironclad’s competitive total rewards package, which also includes equity awards (a new hire grant, along with opportunities for additional awards throughout your tenure), competitive health and wellness benefits, and a commitment to career growth and development.
US Full-Time Employee Benefits at Ironclad:
100% health coverage for employees (medical, dental, and vision), and 75% coverage for dependents with buy-up plan options available
Market-leading leave policies, including gender-neutral parental leave and compassionate leave
Family forming support through Maven for you and your partner
Paid time off - take the time you need, when you need it
Monthly stipends for wellbeing, hybrid work, and (if applicable) cell phone use
Mental health support through Modern Health, including therapy, coaching, and digital tools
Pre-tax commuter benefits (US Employees)
401(k) plan with Fidelity with employer match (US Employees)
Regular team events to connect, recharge, and have fun
And most importantly: the opportunity to help build the company you want to work at
**UK Employee-specific benefits are included on our UK job postings
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.