Senior Security IAM Engineer

• Own and evolve Scopely’s modern IAM architecture to support a dynamic, cloud-native environment across AWS, GCP, and SaaS applications
• Design and implement federated identity management (OIDC, SAML, SCIM) and role-based access control (RBAC) / attribute-based access control (ABAC) across internal and external platforms
• Develop scalable access automation solutions for developer self-service, least-privilege access, and ephemeral credentials
• Build and manage enterprise-wide authentication and authorization strategies leveraging modern identity providers like Okta, AWS IAM Identity Center, and Google Cloud IAM
• Partner with security and engineering teams to implement zero-trust principles and enforce adaptive access controls
• Automate provisioning, deprovisioning, and access audits with Infrastructure-as-Code (Terraform, Pulumi) and identity workflows
• Lead IAM threat modeling, access reviews, and anomaly detection to proactively identify misconfigurations or abuse
• Drive adoption of passwordless authentication, MFA everywhere, and just-in-time access to minimize risk
• Collaborate with compliance and security teams to ensure IAM policies align with regulatory requirements (SOC2, ISO27001, etc.)
• Serve as a subject matter expert on identity security, mentoring other engineers and influencing security strategy
• Collaborate with game teams to align workforce and gaming IAM strategies, ensuring seamless integration, security, and compliance across all identity and access management initiatives

• Experience working at a startup or high-scale technology company (FANG, unicorn, or fast-growth SaaS)—you understand how identity needs to scale
• Deep expertise in modern IAM principles—federation, fine-grained access controls, identity lifecycles, and zero-trust authentication
• Strong knowledge of cloud IAM models—AWS IAM, Google Cloud IAM, Azure AD, and their best practices for securing large-scale environments
• Proficiency in at least one programming/scripting language (Python, Go, TypeScript, or similar) for automating IAM workflows
• Hands-on experience with OAuth2, OIDC, SAML, SCIM, and integrating identity providers (Okta, Auth0, AWS IAM Identity Center, Google Workspace)
• Ability to build and manage IAM automation pipelines using Infrastructure-as-Code (Terraform, Pulumi) and CI/CD workflows
• Familiarity with Just-in-Time access management (JIT), ephemeral credentials (AWS STS, Google Workload Identity), and session-based security
• Comfortable working with large-scale distributed systems and developer-friendly IAM models—you know how to support an engineering culture without excessive friction.
• A strong threat modeling and security mindset, with the ability to anticipate risks and proactively mitigate IAM-related attack vectors
• Understanding of Identity and Access Governance and how it can apply in a fast-growth, high-scale environment
• Strong ability to effectively communicate complex IAM concepts, risks, and solutions to both technical and non-technical stakeholders, ensuring alignment with business and security objectives

Must Haves:

• Bachelor's degree in Computer Science, Information Security, or equivalent experience.
• 5+ years of hands-on IAM security engineering experience in a cloud-first, high-scale environment
• Experience designing IAM architectures for global organizations with complex access needs.
• A modern approach to IAM—you embrace automation, least privilege, and identity-aware security rather than legacy solutions
• Experience implementing and operating IAM-related security tools such as AWS IAM Access Analyzer, Google Cloud Policy Intelligence, Okta Workflows, and CIEM (Cloud Infrastructure Entitlement Management) platforms
• You have worked in a fast-growth startup or a high-scale tech company and thrived.
• You are comfortable navigating ambiguity and making data-driven security decisions without requiring explicit direction

Bonus Points for:

• Experience with passwordless authentication (WebAuthn, FIDO2).
• Previous work securing B2B or B2C authentication flows
• Contributions to open-source IAM or security tooling
• Building developer-friendly IAM automation tools that streamline security without adding excessive friction

About Us

Scopely is a global interactive entertainment and mobile-first video game company, home to many top, award-winning experiences such as "MONOPOLY GO!," “Star Trek™ Fleet Command,” “Stumble Guys,” “MARVEL Strike Force,” and “Yahtzee® With Buddies,” among others.
 
Scopely creates, publishes, and live-operates immersive games that empower a directed-by-consumer™ experience across multiple platforms--from mobile, web, PC and beyond.
 
Founded in 2011, Scopely is fueled by a world-class team and a proprietary technology platform Playgami that supports one of the most diversified portfolios in the games industry.

Recognized multiple times as one of Fast Company’s “World’s Most Innovative Companies,” Scopely is a multi-billion-dollar business due to its ability to create long-lasting game experiences that players enjoy for years.

Scopely has global operations in more than a dozen markets across Asia, EMEA, and North America, and is home to many internal game development teams, referred to as Scopely Studios, with additional game studio partners across four continents.

Scopely was acquired by Savvy Games Group in July 2023 for $4.9 billion, and is now an independent subsidiary of Savvy.

For more information on Scopely, visit: scopely.com