Senior Security Engineer, IAM

About the role

Senior Security Engineer (L5) focused on Identity & Access Management (IAM). You will design, build, and evolve Deliveroo's identity, authentication, and access control capabilities across the organisation, acting as a technical leader across IAM and broader security engineering initiatives.

What you’ll be doing

• Identity & Access Architecture
  • Own and evolve Deliveroo’s IAM architecture across identity providers (e.g., Okta, Azure AD, Google Cloud Identity), identity governance (e.g., ConductorOne, SailPoint IdentityNow), and cloud IAM (AWS/GCP).
  • Design scalable solutions for authentication, authorisation, provisioning, deprovisioning, RBAC/ABAC, JIT access, and privileged access management.
  • Drive improvements to access governance processes including certifications, SoD controls, and policy enforcement.
  • Lead implementations and technical integrations between domains, ensuring engineering core principles are adhered to.
  • Develop “Paved Roads” for stakeholders enforcing IAM best practices to teams.
• Security Engineering
  • Develop bespoke integrations between IAM platforms and internal systems to ensure seamless lifecycle management and access governance.
  • Build middleware solutions to address edge cases (e.g., automated group creation where authoritative HR data does not exist).
  • Design and implement self-service RBAC capabilities that enable business teams to manage roles within defined guardrails.
  • Create automation layers that enhance ROI from commercial tooling by reducing manual effort and embedding controls into engineering workflows.
  • Extend off-the-shelf platforms with APIs, event-driven services, and workflow orchestration to meet Deliveroo’s scale and complexity.
• Automation & Integration
  • Build scalable automation across IAM services using modern programming languages (e.g., Go, Java, Python, JavaScript).
  • Develop and maintain integrations using REST APIs, SCIM, webhooks, and event-driven architectures.
  • Embed IAM controls into CI/CD pipelines and infrastructure-as-code environments.
  • Improve reliability and reduce manual operational burden through engineering-led solutions.
• Cloud & Platform Security
  • Work across AWS, GCP, or Azure environments to ensure IAM and security architecture aligns with cloud-native best practices.
  • Design and review IAM roles, policies, and trust boundaries in cloud environments.
  • Support Zero Trust and secure-by-default principles across infrastructure and application layers.
• Technical Leadership & Influence
  • Act as a subject-matter expert in IAM across the organisation.
  • Mentor and support engineers in secure design, IAM protocols, and security engineering practices.
  • Partner with Security GRC, IT, and Engineering leadership to balance risk reduction with developer experience.
  • Influence adoption of best practices across authentication, authorisation, and access governance.

Requirements

• 5+ years of experience in software or security engineering with significant technical depth.
• Strong experience in at least one modern programming language (Go, Java, Scala, Python, or similar).
• Proven experience designing and operating IAM systems in a cloud-first environment.
• Deep understanding of authentication and authorisation protocols: SAML, OAuth2 / OIDC, SCIM, MFA and modern identity assurance methods.
• Experience with identity providers and directories such as Okta, Azure AD, Google Cloud Identity, or Active Directory.
• Hands-on experience with identity governance platforms (e.g., ConductorOne, SailPoint IdentityNow), including lifecycle management, access reviews, and ABAC models.
• Strong understanding of cloud IAM (AWS IAM, GCP IAM, Azure RBAC).
• Experience building secure integrations and automation using REST APIs and event-driven architectures.
• Experience leading significant cross-team security initiatives.
• Strong knowledge of RBAC, ABAC, PAM, and Zero Trust architecture principles.
• Experience working in high-growth, cloud-native environments.
• Strong architectural thinking and ability to design resilient, scalable systems.
• Excellent communication skills with the ability to influence cross-functional stakeholders and drive adoption of secure design patterns.

Nice to have

• Experience implementing or integrating Just-in-Time (JIT) access or Privileged Access Management tooling.
• Experience embedding IAM controls into developer workflows (Terraform, CI/CD, GitOps).
• Experience in regulated environments (SOX, GDPR, PCI).
• Containerisation and orchestration experience (Docker, Kubernetes).

How you’ll make an impact

• Identity and access systems are scalable, automated, and secure-by-default.
• Commercial IAM tooling delivers strong ROI through high-quality integrations and automation.
• Manual access management effort is materially reduced through engineering solutions.
• IAM controls are deeply integrated into cloud and engineering workflows.
• Engineers across the company adopt authentication and authorisation best practices.
• Security posture improves without negatively impacting developer velocity.

Benefits

Benefits differ by country. We offer many benefits in areas including healthcare, well-being, parental leave, pensions, and generous annual leave allowances, including time off to support a charitable cause of your choice. Benefits are country-specific; please ask your recruiter for more information.

Diversity

At Deliveroo, we believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are – your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest-growing businesses in a rapidly growing industry. We are committed to diversity, equity and inclusion in all aspects of our hiring process. We recognise that some candidates may require adjustments to apply for a position or fairly participate in the interview process. If you require any adjustments, please let us know. We will make every effort to provide the necessary adjustments to ensure you have an equitable opportunity to succeed.