Staff Corporate Engineer

This is a fully remote position, open to applicants in California, +18 more states.

📋 Description

• Develop and take ownership of the long-term identity architecture strategy for Instacart, setting the technical direction for our Okta identity platform, which includes Okta Identity Governance (OIG), lifecycle management, SCIM provisioning, SSO integrations (SAML/OIDC), MFA, risk-based policies, and device trust. Establish the architectural patterns and governance frameworks for the team to implement.

• Create and manage the Infrastructure as Code (IaC) engineering standards and platform patterns for identity and access within Corporate Engineering; author reusable Terraform frameworks, guardrails, and automation blueprints that the team will adopt to achieve consistent, auditable, least-privilege provisioning at scale, integrated with HRIS and ITSM systems.

• Define the office network architecture strategy and target-state design for Instacart across San Francisco, New York City, and Toronto; lead the transition to zero-trust segmentation, set observability and capacity standards, and guide vendor strategy for all office locations.

• Take charge of the IT endpoint strategy for Mobile Device Management (MDM) for both Mac and Windows, focusing on implementing and securing our workforce endpoints. Explore best practices in endpoint management and replatform our systems as necessary.

• Serve as the technical authority during significant IT incidents; oversee post-incident learning programs, drive systemic architectural improvements to minimize impact and incident frequency, and define the incident response standards adopted by the team.

• Identify opportunities to position Instacart's Corporate Engineering and IT team at the forefront of AI adoption, including building tools that facilitate the next generation of IT and progressing beyond a cloud-native/SaaS era into the next generation of AI-native work.

• Lead the access governance and compliance architecture strategy in collaboration with Security Engineering and Compliance; define the frameworks for access reviews, evidence collection, and access risk management that ensure Instacart's posture evolves with the business and achieves license efficiency through automated revocation and right-sizing.

• Act as a technical force multiplier across Corporate Engineering and related teams; mentor senior engineers, define team-wide engineering standards and documentation practices, and own the technical roadmap for identity and network platforms. Identify and advocate for high-impact, multi-quarter initiatives that enhance the organization’s security and reliability posture.

⛳️ Requirements

• Over 10 years of experience in corporate IT engineering or a related field, with extensive expertise in identity and access management (IAM) and endpoint systems.

• More than 5 years of hands-on experience managing an enterprise Okta tenant at scale (5,000+ users), including making architecture-level decisions regarding SSO (SAML/OIDC), SCIM provisioning, MFA, risk-based policies, and device trust.

• At least 3 years of experience in designing and implementing identity governance and automation using Okta Workflows, Okta Identity Governance (OIG), or a similar Identity Governance and Administration (IGA) platform, with proven ownership of organization-wide governance frameworks.

• Expert-level proficiency in Infrastructure as Code: Terraform is required, including experience in establishing reusable module frameworks and IaC engineering standards that are adopted by the team. Proficiency in at least one scripting language (Python, PowerShell, or equivalent) and REST API/webhook integration is also necessary.

• Experience with endpoint management (MDM) systems in a mixed Mac and Windows environment, ideally utilizing IaC methodologies.

• A strong history of technical leadership across teams, setting architectural direction, defining standards, and facilitating cross-functional alignment without direct managerial authority.

• Familiarity with enterprise network infrastructure (firewalls, routing/switching, wireless) including the design of zero-trust architecture and strategies for multi-site networks.

• Excellent written and verbal communication skills; capable of clearly articulating technical strategies and architectural trade-offs to both engineers and business stakeholders.

🏝️ Benefits

• Health insurance

• 401(k) matching

• Flexible work hours

• Paid time off

• Remote work options