Senior IAM Security Engineer

About us

Pomelo Care is a multi-disciplinary team of clinicians, engineers and problem solvers who are passionate about improving care for moms and babies. We are transforming outcomes for pregnant people and babies with evidence-based pregnancy and newborn care at scale. Our technology-driven care platform enables us to engage patients early, conduct individualized risk assessments for poor pregnancy outcomes, and deliver coordinated, personalized virtual care throughout pregnancy, NICU stays, and the first postpartum year. We measure ourselves by reductions in preterm births, NICU admissions, c-sections and maternal mortality; we improve outcomes and reduce healthcare spend.

What you'll do

Pomelo Care is growing our information security team. We are looking for someone excited by the opportunity to be part of a fast-paced environment that pushes you to learn while doing. This role needs to be both strategic and intensely focused on identity and access management with an emphasis on process, scalability, and automation.

As a Senior IAM Security Engineer you will be pivotal in the design, implementation, and scaling of IAM solutions that support our internal workforce, members, partners and critical workloads. Your core responsibility will be setting and implementing strategy to protect our systems, applications, and data by establishing and maintaining secure user access, robust authentication protocols, and effective authorization mechanisms. You will be tasked with ensuring that our IAM infrastructure is not only secure but also scalable and efficient, supporting the evolving needs of our organization.

This role requires a deep understanding of IAM technologies and best practices. You will work closely with cross-functional teams, including IT, HR, and legal, to ensure secure, seamless, and efficient access to systems and information. Key responsibilities will include: 

• Develop and implement an IAM strategy that aligns with our company goals and objectives.  Provide leadership and direction on all IAM-related matters.
• Understand Business Requirements and Security Risks. Collaborate with stakeholders to comprehend business objectives, assess security risks, and design scalable IAM solutions that align with organizational needs. Develop and implement policies and procedures to mitigate identified risks. Ensure compliance with relevant laws, regulations, and industry standards (e.g., HIPAA, CCPA/CPRA, PCI, SOX).
• Design and Implement IAM Solutions. Develop comprehensive IAM strategies that address both current and future security requirements, ensuring alignment with business goals, regulatory standards.
• Architect and Deploy IAM Infrastructure. Lead the design, testing, and deployment of IAM solutions across authentication, authorization, and accounting, ensuring they are scalable and resilient. Ensure the accuracy and integrity of identity data across systems including integration with upstream and downstream applications.
• Collaborate with IT, HR, legal, and other departments to address IAM needs and concerns. Communicate IAM updates, policies, and procedures to all employees. Serve as the primary point of contact for IAM-related matters.
• Leverage Okta as the corporate Identity Provider (IDP). Utilize Okta to secure identities, streamline user management, and integrate with other security tools and systems.
• Help build SSO Integrations across all systems and applications. Design and implement Single Sign-On (SSO) integrations using SAML, OIDC, OAuth, and SCIM to enhance security and user experience. Ensure proper user provisioning, de-provisioning, role management and device authorizations.
• Develop and Manage Identity Governance and Administration (IGA). Create and manage the IGA platform, incorporating processes and workflows for birthright access, Just-In-Time (JIT) provisioning, and access certification. Provide management for Privilege Access Management (PAM) and oversight for Non Human Identities (NHI).
• Automate Role Management. Develop and maintain automated role-based (RBAC) and attribute-based (ABAC) access controls to ensure efficient and secure access management.
• Provide Operational Support for IAM Systems. Ensure the continuous, reliable operation of IAM systems, addressing issues promptly to maintain security and efficiency including in the areas of Consumer Identity Verification.
• Monitor and audit access to systems and data to ensure compliance with policies.
  
  

Who you are

• Bachelor’s degree in Information Technology, Computer Science, or a related field. Advanced degree preferred.
• 7+ years of experience in baseline technology functions such as information security, IT, software engineering or system administration (implementation, configuration, and coding) with 3 to 5 years of that experience administering IAM systems and procedures.
• Strong developer experience with APIs, scripting and web services (bash, shell, Java, JavaScript, Python, REST, etc.) to implement custom integrations and automation of system administrator tasks.
• Deep knowledge of IAM protocols and technology (SSO, OAuth, OIDC, SAML, SCIM, MFA, PAM, etc.).
• Experience implementing Identity Governance and Administration (IGA) solutions including lifecycle management, SCIM, birthright access (RBAC, ABAC), just-in-time (JIT) provisioning, and access certifications.
• Experience implementing Zero Trust principles.
• Security-minded approach and experience developing multi-layered and auditable system controls, integrations, processes, and procedures. 
• Excellent leadership, communication, and interpersonal skills.
• Demonstrated ability to simplify complex systems and implement clean, efficient architectures.
• Relevant certifications are highly desirable (e.g. CISSP, CISM)
  
  

Why you should join our team

By joining Pomelo, you will get in on the ground floor of a fast-moving, well-funded, and mission-driven startup that always puts the patient first. You will learn, grow and be challenged -- and have fun with your team while doing it.

We strive to create an environment where employees from all backgrounds are respected. We also offer:

• Competitive healthcare benefits
• Generous equity compensation
• Unlimited vacation
• Membership in the First Round Network (a curated and confidential community with events, guides, thousands of Q&A questions, and opportunities for 1-1 mentorship)

At Pomelo, we are committed to hiring the best team to improve outcomes for all mothers and babies, regardless of their background. We need diverse perspectives to reflect the diversity of problems we face and the population we serve. We look to hire people from a variety of backgrounds, including but not limited to race, age, sexual orientation, gender identity and expression, national origin, religion, disability, and veteran status.

Our salary ranges are based on paying competitively for our company’s size and industry, and are one part of the total compensation package that also includes equity, benefits, and other opportunities at Pomelo Care. In accordance with New York City, Colorado, California, and other applicable laws, Pomelo Care is required to provide a reasonable estimate of the compensation range for this role. Individual pay decisions are ultimately based on a number of factors, including qualifications for the role, experience level, skillset, geography, and balancing internal equity. Given that this role is open to candidates of different skill levels, determining a salary range is challenging. A reasonable estimate of the current salary range is $150,000 to $200,000. We expect most candidates to fall in the middle of the range.

#LI-Remote