About the Team The Identity Access Management (IAM) team is at the heart of our global security efforts, ensuring that the right people have the right access to the right resources at the right time. Our team operates across North America, EMEA, and is expanding into APAC, reflecting our global presence and the critical nature of our work. We are a dedicated group of engineers who work together to design and implement robust IAM solutions that protect our organization's most valuable assets. Our work involves close collaboration with various departments to ensure that identity management and access control are seamlessly integrated into all aspects of our business. We value innovation, teamwork, and a proactive approach to security. If you're driven by the challenge of securing identities in a global environment and want to be part of a team that impacts every corner of our organization, we welcome you to join us. About the Role Roku is seeking a senior-level IAM Engineer to help enhance their Zero Trust Architecture, work on standardization efforts, and support a multi-cloud and geo-distributed workforce. The ideal candidate should have hands-on experience in securing cloud technologies, IAM, and Azure, as well as knowledge of IT security practices and regulatory compliance. They should also possess strong analytical skills and the ability to communicate technical concepts effectively. What you’ll be doing Assess, design, implement and troubleshoot Roku’s Zero Trust Architecture Work on enterprise-wide standardization efforts around IAM across all global regions, monitoring and alerting, and plotting growth in support of our Zero Trust Architecture philosophy based on NIST SP 800-207 Evolve and scale privileged access management, auditability and monitoring to support our evolution to a multi-cloud and geo-distributed workforce. Be an advocate for fusing security into DevOps processes working with our various DevOps teams on application security. Assist the wider IT team which includes Networking and Security within your local region and globally. Manage the onboarding of enterprise apps into Azure. Collaborate with teams to identify opportunities for automation and implement automated solutions where applicable We’re excited if you have Strong analytical skills and attention to detail to effectively troubleshoot complex infrastructure issues. Ability to communicate technical concepts to both technical and non-technical stakeholders through clear verbal and written communication skills. 5 years of hands-on experience securing cloud technologies, identity & access management supported by Microsoft. Possess advanced knowledge of Azure Single Sign-On (SSO) login methods, specifically OAuth2, OpenID Connect, and SAML, and demonstrate expertise in their integration with various applications. Microsoft 365 and supporting infrastructure – Entra ID, Endpoint Management, Exchange Online, Identity Governance Endpoint and Configuration Management knowledge – Intune, JAMF, Defender Azure Cloud and AWS experience required. GCP experience is a bonus. Experience with migrating legacy LDAP applications to Azure SSO Solid understanding of Microsoft's Conditional Access policies Automation & programming skills with Azure bash, PowerShell and MSFT Graph, other languages are a plus Azure knowledge including: Conditional Access, Function apps, logic apps, Entra ID Domain Services, PIM, automation accounts, Resources (Storage, DBs, VM, networking, resource groups) MFA, FIDO, Passwordless auth, Passkey Azure OpenAI experience is a plus Proven understanding of Zero Trust Architecture Strong experience and in-depth understanding of SaaS Knowledge of IT security practices and regulatory compliance, including NIST, GDPR, SOC 2, PCI DSS, and HIPAA Logging (SIEM), Monitoring, Alerting and Response in relation to triggered security events (Identity, Device or Service based) Backup/recovery understanding and business continuity DevOps skills a bonus: IaC ( Infrastructure as code) using tools such as Terraform, Azure tools (Blueprint, Bicep, ARM), AWS CloudFormation, etc. DNS expertise Understanding of email security. Practical Linux and Networking skills a plus Familiarity with Jira and Confluence Microsoft Azure, AWS, GCP, or CISSP (or similar) certifications or others are a plus B.S. Degree in Computer Science, Information Technology, Engineering discipline or equivalent experience. LI-GL1