Position Summary
We are seeking a mid-level Okta Customer Identity (CIAM) Engineer to design, implement, and operate customer-facing identity capabilities using the Okta platform. This role is ideal for an engineer who can independently deliver well-scoped solutions, apply security best practices to customer authentication flows, and improve reliability through automation and testable deployments.

The CIAM Engineer will work closely with application teams, security, and governance partners to ensure customer identity experiences are secure, scalable, and compliant, supporting use cases such as registration, login, MFA, federation, M2M, and API access patterns.

Key Responsibilities
CIAM Platform Engineering & Operations

• Administer and enhance Okta CIAM configurations including customer authentication policies, MFA enrollment, session management, and sign-on policies.
• Build, maintain, and optimize customer identity flows (e.g., login, registration, account recovery, step-up authentication) with attention to security and user experience.
• Implement and manage customer identity features such as custom claims, token/session behavior, and Authorization Server configurations where applicable.
• Monitor platform health and customer authentication signals; respond to incidents and trends impacting customer login success and security posture.

Integrations & Federation

• Design and implement integrations with customer-facing applications using OIDC/OAuth 2.0 and SAML 2.0, including troubleshooting end-to-end auth flows.
• Partner with application teams to define requirements for claims, scopes, redirect URIs, logout behavior, and session controls.

Automation, Provisioning & Workflows

• Build and maintain automation using Okta Workflows, event hooks/inline hooks (as applicable), and scripting to reduce manual operations and improve consistency.
• Improve operational readiness via runbooks, standardized onboarding of new apps, and reusable configuration patterns.

Security, Governance & Documentation

• Apply security best practices across customer identity including least privilege, secure token policies, MFA strategy, and strong auditability.
• Support compliance and audit evidence collection including configuration traceability, change history, logs, and documented controls.
• Maintain high-quality, versioned documentation including architecture notes, configuration standards, integration guides, and operational runbooks.
• Collaborate with security and governance teams to ensure identity designs align to enterprise policies and customer risk tolerances.

Leadership & Standards

• Leads small-to-medium initiatives end-to-end: scoping, design, implementation, testing, and production rollout.
• Provides technical guidance to junior admins/engineers through reviews, pairing, and knowledge sharing.
• Contributes to reference architecture and platform standards including reusable patterns, best practices, guardrails, and design templates.

Required Qualifications

• Bachelor’s Degree and/or equivalent combination of education and experience
• Proven relevant engineering experience including combined with hands-on with Okta in a customer identity context.
• Strong understanding of CIAM fundamentals including authentication flows, MFA enrollment, sessions, and secure customer login patterns.
• Hands-on experience implementing and troubleshooting protocols such as OIDC, OAuth 2.0, and SAML 2.0.
• Strong troubleshooting, analytical, written, and verbal communication skills.

Preferred Qualifications

• Okta certification(s) such as Okta Certified Administrator or Professional is preferrable.
• Experience with Authorization Servers, custom claims, token customization, and hooks.
• Experience integrating identity logs with monitoring or SIEM tools.
• Familiarity with security and compliance frameworks such as NIST, SOC 2, and HIPAA.
• Familiarity with ITSM tools and change management processes (e.g., ServiceNow, Jira).
• Experience managing identity configuration using tools like Terraform.
• Practical experience with automation and repeatability concepts.

Insulet Corporation is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.