As a Staff Systems Engineer, Identity, you will serve as the primary technical owner of CoreWeave's enterprise identity ecosystem, with a focus on Okta and Opal. You will design, build, and operate identity lifecycle systems that are secure, automated, and scalable.
\nThis is a highly visible, high-impact role where identity sits at the center of security. You will define how access is granted, changed, and removed across the organization, enabling business velocity while enforcing least privilege and strong governance.
\nKey responsibilities include:
\nDesign and scale enterprise identity architecture that minimizes access sprawl and enforces least privilege
\nOwn and improve Joiner, Mover, and Leaver (JML) lifecycle processes across all critical systems
\nBuild and operate identity governance and administration (IGA) capabilities including birthright access models, role-based access control (RBAC), approval workflows and policy enforcement, access reviews and certification processes
\nAdminister and enhance Okta capabilities (SSO, MFA, adaptive policies, lifecycle management, SCIM, integrations)
\nBuild and scale access request workflows in Opal and integrated systems
\nIntegrate new applications into the identity ecosystem (SAML, OIDC, SCIM, role mapping)
\nDevelop automation and infrastructure-as-code to improve reliability and reduce manual effort
\nPartner with Security to strengthen identity as a core control plane (Zero Trust, authentication, authorization)
\nAlign identity systems with PeopleOps and organizational changes
\nMonitor and improve identity system health, observability, and performance
\nTroubleshoot complex authentication, provisioning, and authorization issues
\nMaintain documentation, runbooks, and architectural standards
\nServe as an escalation point for identity-related incidents
\nDrive continuous improvement in identity architecture, governance, and user experience
\nRequirements include:
\n7–10+ years of experience in IT systems engineering, identity engineering, or systems architecture
\nDeep hands-on experience with Okta in a complex enterprise environment
\nStrong expertise in identity and access concepts (SSO, MFA, SAML, OAuth, OIDC, SCIM, RBAC, Zero Trust)
\nProven experience designing lifecycle automation (JML) and access governance frameworks
\nExperience with IGA or access request platforms such as Opal
\nStrong automation and infrastructure-as-code experience (Terraform, APIs, Python/PowerShell/Golang)
\nAbility to integrate enterprise applications into centralized identity platforms
\nStrong troubleshooting skills across identity, federation, and provisioning systems
\nExcellent communication skills with the ability to influence cross-functional stakeholders
\nPreferred qualifications include familiarity with Active Directory, Entra ID, HRIS systems, and SaaS ecosystems, experience building identity observability and reporting, and relevant certifications (Okta, cloud, or security).
\nWhy CoreWeave?
\nAt CoreWeave, we work hard, have fun, and move fast! We're in an exciting stage of hyper-growth that you will not want to miss out on. We're not afraid of a little chaos, and we're constantly learning. Our team cares deeply about how we build our product and how we work together, which is represented through our core values:
\nBe Curious at Your Core
\nAct Like an Owner
\nEmpower Employees
\nDeliver Best-in-Class Client Experiences
\nAchieve More Together
\nWhy This Role Matters
\nIdentity is one of the most critical control planes in a modern enterprise. In this role, you will define how secure access is managed across CoreWeave, ensuring identity remains a foundational pillar of security, compliance, and scale.
\nThe base salary range for this role is $188,000 to $275,000. The starting salary will be determined based on job-related knowledge, skills, experience, and market location. We strive for both market alignment and internal equity when determining compensation. In addition to base salary, our total rewards package includes a discretionary bonus, equity awards, and a comprehensive benefits program (all based on eligibility).
\nWhat We Offer
\nThe range we've posted represents the typical compensation range for this role. To determine actual compensation, we review the market rate for each candidate which can include a variety of factors. These include qualifications, experience, interview performance, and location.
\nIn addition to a competitive salary, we offer a variety of benefits to support your needs, including medical, dental, and vision insurance, company-paid life insurance, voluntary supplemental life insurance, short and long-term disability insurance, flexible spending account, health savings account, tuition reimbursement, ability to participate in employee stock purchase program (ESPP), mental wellness benefits through Spring Health, family-forming support provided by Carrot, paid parental leave, flexible, full-service childcare support with Kinside, 401(k) with a generous employer match, flexible PTO, catered lunch each day in our office and data center locations, a casual work environment, and a work culture focused on innovative disruption.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_1e275c7d-4a3","directApply":true,"hiringOrganization":{"@type":"Organization","name":"CoreWeave","sameAs":"https://www.coreweave.com","logo":"https://logos.yubhub.co/coreweave.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/coreweave/jobs/4668575006","x-work-arrangement":"hybrid","x-experience-level":"staff","x-job-type":"full-time","x-salary-range":"Base salary range: $188,000 to $275,000","x-skills-required":["Okta","Opal","identity lifecycle systems","security","automation","infrastructure-as-code","Terraform","APIs","Python","PowerShell","Golang","identity and access concepts","SSO","MFA","SAML","OAuth","OIDC","SCIM","RBAC","Zero Trust","lifecycle automation","access governance frameworks","IGA","access request platforms","SaaS ecosystems","Active Directory","Entra ID","HRIS systems"],"x-skills-preferred":["identity observability and reporting","relevant certifications","cloud"],"datePosted":"2026-04-18T15:48:46.456Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Livingston, NJ / New York, NY / Sunnyvale, CA /Dallas, TX"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Okta, Opal, identity lifecycle systems, security, automation, infrastructure-as-code, Terraform, APIs, Python, PowerShell, Golang, identity and access concepts, SSO, MFA, SAML, OAuth, OIDC, SCIM, RBAC, Zero Trust, lifecycle automation, access governance frameworks, IGA, access request platforms, SaaS ecosystems, Active Directory, Entra ID, HRIS systems, identity observability and reporting, relevant certifications, cloud","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":188000,"maxValue":275000,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_1e9bd843-ca4"},"title":"Global Head of IT","description":"About the Role
\nKoBold's IT function supports a globally distributed team of ~280 geoscientists, data scientists, and engineers working across North America, Zambia, the DRC, and field exploration sites around the world. As we scale, our IT needs are evolving rapidly,from reactive, break/fix helpdesk support toward proactive, automated IT operations that work seamlessly across geographies, including remote field sites with limited connectivity.
\nIn this role, you will own the full operational scope of Global IT. That means endpoint management, software procurement and renewals, identity and access administration, license optimization, vendor management, employee onboarding and offboarding, hardware lifecycle management, and IT training. You’ll lead a team of IT support staff, set technical direction, manage the annual software budget, and be the person who makes sure nothing falls through the cracks,renewals don’t expire, new hires have everything they need on day one, and the fleet is healthy and compliant.
\nResponsibilities
\nEndpoint Management & Fleet Operations
\nSoftware Procurement, Licensing & Vendor Management
\nIdentity, Access & Employee Lifecycle
\nTeam Leadership & Training
\nCross-Functional Collaboration
\nQualifications
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_1e9bd843-ca4","directApply":true,"hiringOrganization":{"@type":"Organization","name":"KoBold","sameAs":"https://www.kobold.com/","logo":"https://logos.yubhub.co/kobold.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/koboldmetals/jobs/4683079005","x-work-arrangement":"remote","x-experience-level":"senior","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["endpoint management","software procurement","identity and access administration","license optimization","vendor management","employee onboarding and offboarding","hardware lifecycle management","IT training","MDM platforms","Jamf","Microsoft Intune","policy configuration","automated enrollment","compliance enforcement","Okta administration","SSO integrations","SCIM provisioning","group management","access request workflows","lifecycle automation","Google Workspace administration","license management","security settings","break-glass super-admin governance","DevOps principles","configuration-as-code","infrastructure automation","version-controlled policies","repeatable processes"],"x-skills-preferred":[],"datePosted":"2026-04-17T12:41:36.369Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote - US"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"IT","industry":"Technology","skills":"endpoint management, software procurement, identity and access administration, license optimization, vendor management, employee onboarding and offboarding, hardware lifecycle management, IT training, MDM platforms, Jamf, Microsoft Intune, policy configuration, automated enrollment, compliance enforcement, Okta administration, SSO integrations, SCIM provisioning, group management, access request workflows, lifecycle automation, Google Workspace administration, license management, security settings, break-glass super-admin governance, DevOps principles, configuration-as-code, infrastructure automation, version-controlled policies, repeatable processes"}]}