Responsibilities
- Own and evolve Amplitude's IT automation platform with Okta Workflows as the primary engine.
- Design and deliver reliable, scalable automations across onboarding and offboarding, access provisioning, SaaS license management, and compliance workflows.
- Architect solutions with a high bar for maintainability and documentation, not one-off scripts.
- Own the full Okta configuration surface, SSO integrations, SCIM provisioning, group rules, adaptive MFA, RBAC lifecycle automation, and access review workflows in Lumos.
- Debug the full federation layer including attribute mapping, JIT provisioning, and SCIM reconciliation.
- Maintain production-grade configurations across the fleet.
- Design, implement, and troubleshoot complex SAML 2.0 and OIDC integrations across enterprise SaaS applications.
- Understand both the SP and IdP sides of federation deeply, including attribute statements, assertion mapping, binding types, token claims, and PKCE flows.
- Own the integration from initial configuration through ongoing reconciliation and incident triage.
- Administer macOS device management at scale via Kandji, including zero-touch provisioning, Blueprint and Library Item configuration, software deployment, and security policy enforcement.
- Maintain fleet compliance through automated checks.
- Diagnose complex endpoint issues without escalation.
- Have familiarity with Jumpcloud for Windows devices.
- Champion AI adoption within IT, identifying high-value automation opportunities.
- Evaluate AI-native and low-code tooling.
- Build agentic workflows that augment IT service delivery.
- Use LLMs to accelerate work (drafting runbooks, triaging issues, summarizing access reviews).
- Build AI-powered automations where they create real leverage.
- Own Google Workspace administration, including directory configuration, group management, Drive and sharing policy enforcement, DLP settings, and audit log triage.
- Maintain clean provisioning and deprovisioning integration between Workspace and Okta.
- Support SOC 2 evidence collection and access review workflows.
- Build and maintain automated pipelines that surface access anomalies, generate reviewer-ready reports, and track remediation to closure.
- Understand the compliance surface and own operational execution without hand-holding from GRC.
- Own the full onboarding and offboarding lifecycle end-to-end - from Day 1 provisioning through final access termination - across Okta, Google Workspace, Kandji, and the broader SaaS stack.
- Design and maintain automated workflows ensuring every joiner, mover, and leaver is handled consistently, completely, and on time.
- Understand how lifecycle gaps create compliance risk, orphaned accounts, lingering elevated access, missed deprovisioning, and build controls and audit trails to close those gaps.
- Work closely with People Ops and IT Security to align lifecycle triggers with HR systems.
- Enforce role-based provisioning via SCIM and group rules.
- Produce evidence needed for SOC 2 and access review cycles.
- Manage the lifecycle of Amplitude's corporate SaaS stack, vendor onboarding integrations, license optimization, app security reviews, and offboarding automation.
- Maintain up-to-date documentation, runbooks, and operational playbooks for every platform owned.
- Partner with IT Security, Engineering, People Ops, and Finance to deliver high-impact projects.
- Communicate clearly with both technical and executive audiences on project status, risk, and outcomes.
Requirements
- 5–8+ years in IT systems engineering, with hands-on depth in at least three of: Okta/IdP administration, SAML/OIDC federation engineering, macOS endpoint management (Kandji or Jamf), Google Workspace administration, IT automation and integration, or SOC 2/compliance operations.
- Built net-new SAML 2.0 and OIDC integrations from scratch on both the SP and IdP sides.
- Can debug assertion failures, fix attribute mapping mismatches, troubleshoot SCIM sync errors, and own the full federation lifecycle without escalating to a vendor or another engineer.
- Demonstrated track record of building multi-step, multi-system automation workflows with measurable business impact.
- Okta Workflows experience is strongly preferred.
- Design for maintainability, not just function.
- Comfortable writing Python, Bash, or equivalent to extend low-code platforms, build lightweight tooling, or debug integration issues.
- Can move quickly without looping in engineering.
- Actively use AI tools (Claude, Copilot, or similar) to accelerate your own work.
- Have built or designed AI-powered automations or agentic workflows.
- Genuine curiosity about where LLMs and AI-native tooling create leverage in IT operations is a hard requirement, not a nice-to-have.
- Work through ambiguous problems independently from initial triage through remediation and documentation.
- Do not wait for perfect requirements.
- Strong cross-functional collaboration skills.
- Able to translate complex technical decisions for non-technical stakeholders and work effectively with Legal, People, Security, and Engineering.
Nice to Have
- Deep Okta Workflows experience including complex branching, error handling, and cross-app orchestration.
- Experience with enterprise iPaaS platforms (Workato or equivalent) in addition to Okta Workflows.
- Familiarity with AI tool governance - acceptable use policies, connector security reviews, and data classification in AI contexts.
- Experience supporting M&A technical integrations or cross-tenant identity migrations.
- Zero-trust architecture patterns, CASB/SSPM tooling, or ZTNA experience.
- Certifications in Okta, Kandji, or Google Workspace.
- Prior experience at a high-growth tech company with a lean IT team and large scope.