Key skills
CC++C#JavaJavaScriptGoRubyRustPythonOktaEntra IDAzure ADOAuthOIDCSAMLSCIMAWSAzureGCPIdentity and Access ManagementIdentity federationPrivileged accessIdentity lifecycle automationAPI designAIAgenticIAMGitHubLeadership
About this role
GitHub is the world’s leading platform for agentic software development, and they are seeking a Staff Security Engineer to lead the technical direction of Identity & Access Management. This role involves setting architectural direction for identity services, leading IAM platform evolution, and ensuring the reliability and operational maturity of IAM services.
Responsibilities:
- Set the technical direction for GitHub's identity and access management service area. Lead architecture and design across identity lifecycle, entitlements, privileged access, identity federation, and the workforce IDP. Author and shepherd design reviews
- Lead multi-quarter IAM platform evolution. Take complex identity programs (e.g., IDP migrations, privileged access maturation, identity lifecycle automation) from architecture through production rollout. Prioritize long-term correctness over shallow wins; design for reversibility, parity validation, and phased cutovers that let dependent workstreams proceed without regression
- Make least-privilege and just-in-time access the default for production systems. Lead the design of least privileged access within production systems; partner with adjacent Engineering teams on evolving production system access patterns
- Own reliability, supportability, and operational maturity for IAM services. Participate in and provide technical leadership for the on-call rotation; lead postmortems; reduce incident volume through systemic fixes. Set the quality bar for testing, observability, deployment safety, and rollback across the IAM service area. Mentor senior engineers and raise the bar for code and design review
Requirements:
- 9+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
- OR Associate's Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 8+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
- OR Bachelor's Degree in Computer Science or related field AND 7+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
- OR Master's Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 5+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
- OR Doctorate in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 3+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
- OR equivalent experience
- Experience with identity directories and IDPs (e.g., Okta, Entra ID / Azure AD) and authentication/authorization protocols (OAuth, OIDC, SAML, SCIM)
- Experience leading an enterprise IDP migration or large-scale identity platform consolidation, including parity validation, device trust, and phased cutovers
- Experience operating IAM services in one or more major cloud environments (AWS, Azure, or GCP)
- Experience designing systems and APIs intended for programmatic or AI-agent consumption (e.g., structured tool APIs, agentic workflows, paved-path templates)
- Experience providing technical leadership for a production identity services