Customer Identity Engineer

We are seeking a mid-level Okta Customer Identity (CIAM) Engineer to design, implement, and operate customer-facing identity capabilities using the Okta platform. This role is ideal for an engineer who can independently deliver well-scoped solutions, apply security best practices to customer authentication flows, and improve reliability through automation and testable deployments. The CIAM Engineer will work closely with application teams, security, and governance partners to ensure customer identity experiences are secure, scalable, and compliant, supporting use cases such as registration, login, MFA, federation, M2M, and API access patterns. Key Responsibilities CIAM Platform Engineering & Operations

• Administer and enhance Okta CIAM configurations including customer authentication policies, MFA enrollment, session management, and sign-on policies.
• Build, maintain, and optimize customer identity flows (e.g., login, registration, account recovery, step-up authentication) with attention to security and user experience.
• Implement and manage customer identity features such as custom claims, token/session behavior, and Authorization Server configurations where applicable.
• Monitor platform health and customer authentication signals; respond to incidents and trends impacting customer login success and security posture.
Integrations & Federation
• Design and implement integrations with customer-facing applications using OIDC/OAuth 2.0 and SAML 2.0, including troubleshooting end-to-end auth flows.
• Partner with application teams to define requirements for claims, scopes, redirect URIs, logout behavior, and session controls.
Automation, Provisioning & Workflows
• Build and maintain automation using Okta Workflows, event hooks/inline hooks (as applicable), and scripting to reduce manual operations and improve consistency.
• Improve operational readiness via runbooks, standardized onboarding of new apps, and reusable configuration patterns.
Security, Governance & Documentation
• Apply security best practices across customer identity including least privilege, secure token policies, MFA strategy, and strong auditability.
• Support compliance and audit evidence collection including configuration traceability, change history, logs, and documented controls.
• Maintain high-quality, versioned documentation including architecture notes, configuration standards, integration guides, and operational runbooks.
• Collaborate with security and governance teams to ensure identity designs align to enterprise policies and customer risk tolerances.
Leadership & Standards
• Leads small-to-medium initiatives end-to-end: scoping, design, implementation, testing, and production rollout.
• Provides technical guidance to junior admins/engineers through reviews, pairing, and knowledge sharing.
• Contributes to reference architecture and platform standards including reusable patterns, best practices, guardrails, and design templates., Insulet Corporation (NASDAQ: PODD), headquartered in Massachusetts, is an innovative medical device company dedicated to simplifying life for people with diabetes and other conditions through its Omnipod product platform. The Omnipod Insulin Management System provides a unique alternative to traditional insulin delivery methods. With its simple, wearable design, the tubeless disposable Pod provides up to three days of non-stop insulin delivery, without the need to see or handle a needle. Insulet's flagship innovation, the Omnipod 5 Automated Insulin Delivery System, integrates with a continuous glucose monitor to manage blood sugar with no multiple daily injections, zero fingersticks, and can be controlled by a compatible personal smartphone in the U.S. or by the Omnipod 5 Controller. Insulet also leverages the unique design of its Pod by tailoring its Omnipod technology platform for the delivery of non-insulin subcutaneous drugs across other therapeutic areas. For more
information, please visit insulet.com and omnipod.com. We are looking for highly motivated, performance-driven individuals to be a part of our expanding team. We do this by hiring amazing people guided by shared values who exceed customer expectations. Our continued success depends on it!


• Bachelor's Degree and/or equivalent experience
• Proven relevant engineering experience including combined with hands-on with Okta in a customer identity context.
• Strong understanding of CIAM fundamentals including authentication flows, MFA enrollment, sessions, and secure customer login patterns.
• Hands-on experience implementing and troubleshooting protocols such as OIDC, OAuth 2.0, and SAML 2.0.
• Strong troubleshooting, analytical, written, and verbal communication skills.
Preferred Qualifications
• Okta certification(s) such as Okta Certified Administrator or Professional is preferrable.
• Experience with Authorization Servers, custom claims, token customization, and hooks.
• Experience integrating identity logs with monitoring or SIEM tools.
• Familiarity with security and compliance frameworks such as NIST, SOC 2, and HIPAA.
• Familiarity with ITSM tools and change management processes (e.g., ServiceNow, Jira).
• Experience managing identity configuration using tools like Terraform.
• Practical experience with automation and repeatability concepts.