Staff Cybersecurity Engineer - Identity Platform Engineering (IAM/IGA), DevSecOps
Rivian · Belgrade, Serbia
This listing has closed — view similar roles below.
- On site
- Full-time
- $150,000 / year
- Belgrade, Serbia
Job highlights
- Modernize identity governance and lifecycle capabilities.
- Shift IAM team to automation-first engineering model.
- Partner cross-functionally with HR, IT, and Security.
- Build IAM automation using AWS, Python, and Go.
- Improve joiner, mover, leaver processes end-to-end.
About the role
About Rivian
Rivian is on a mission to keep the world adventurous forever. This goes for the emissions-free Electric Adventure Vehicles we build, and the curious, courageous souls we seek to attract.
As a company, we constantly challenge what’s possible, never simply accepting what has always been done. We reframe old problems, seek new solutions and operate comfortably in areas that are unknown. Our backgrounds are diverse, but our team shares a love of the outdoors and a desire to protect it for future generations.
Role Summary
Rivian is seeking a Staff Cybersecurity Engineer - Identity Platform Engineering (IAM/IGA) to modernize identity governance and lifecycle capabilities while helping shift our Serbia-based IAM team from an operations-heavy model into an automation-first engineering operating model. You’ll partner cross-functionally with HR, IT, Enterprise Security, and the SOC to deliver reliable, auditable IAM services built on Microsoft Entra ID (or equivalent enterprise identity platforms), with automation deployed and operated in AWS using disciplined delivery practices.
Primary charter: modernize identity governance and lifecycle while establishing an automation-first, measurable engineering operating model for IAM.
Location: Belgrade, Serbia (onsite/hybrid at a Rivian location; remote is not available). Participation in an incident on-call rotation is required.
Responsibilities
- IGA Modernization: Drive governance modernization (self-service access requests, approvals, fulfillment, access reviews/certifications, evidence generation), leveraging SailPoint and Microsoft Entra ID governance workflows to deliver usable, auditable, scalable outcomes.
- Automation & DevSecOps: Design and build IAM automation and platform components (APIs, scripts, services); establish reusable patterns/templates; and coach engineers to deploy and operate automation via Git-based delivery, CI/CD pipelines, and IaC in AWS.
- Delivery Practices: Drive an engineering-quality delivery model: design/peer review, automated checks/testing where practical, staged rollouts, rollback plans, and operational readiness for IAM changes.
- Engineering Enablement: Uplift team engineering practices through reusable templates/patterns, design reviews, and coaching on automation-first delivery and safe rollout discipline.
- Identity Lifecycle Reliability: Improve joiner/mover/leaver processes end-to-end, strengthening lifecycle automation, verified deprovisioning, and access revocation with clear health signals and robust failure handling.
- Modern AuthN/AuthZ Patterns: Establish standard authentication and authorization patterns (SSO, MFA, OAuth/OIDC/SAML) with pragmatic exception handling and migration runbooks, including modern policy patterns in Microsoft Entra ID (e.g., Conditional Access).
- Operational Excellence: Treat IAM as a service: improve monitoring and runbooks, participate in incident response and on-call rotation, and drive post-incident improvements that prevent recurrence.
- Cross-Functional Alignment: Orchestrate delivery across HR IT, IT, Enterprise Security, and SOC partners; unblock decisions, communicate tradeoffs clearly, and land standards that are adopted (not just documented).
Qualifications
- Experience: 8+ years of relevant experience in IAM / cybersecurity engineering / identity platform engineering (or equivalent practical experience delivering comparable scope).
- IAM Domain Depth: Significant experience across identity lifecycle, governance concepts, authentication/authorization patterns, and privileged access fundamentals, including hands-on experience with a leading enterprise identity platform (e.g., Microsoft Entra ID, Okta) or equivalent.
- Engineering / DevSecOps Foundation: Strong hands-on ability using Go, Python, or PowerShell and Git-based workflows, with experience building CI/CD pipelines, using IaC (Terraform or CloudFormation), and deploying/operating automation in cloud environments (AWS or equivalent).
- Staff-Level Delivery: Demonstrated ability to drive cross-functional initiatives to completion and land changes that persist through standards, automation, and adoption, with a track record of improving operational outcomes through disciplined delivery.
- Operational Ownership: Experience supporting production identity systems with monitoring, incident response, and continuous improvement; comfort operating in an on-call rotation (IAM incidents).
- Delivery Discipline: Proven ability to deliver controlled change with design review, staged rollout, rollback readiness, and operational readiness criteria.
- Collaboration & Influence: Strong written and verbal communication; ability to align stakeholders and uplift team practices through mentoring, design reviews, and enablement.
Key skills/competency
- Identity and Access Management (IAM)
- Identity Governance and Administration (IGA)
- Cybersecurity Engineering
- DevSecOps
- Microsoft Entra ID
- SailPoint
- AWS
- Python
- Go
- Terraform
Skills & topics
- Staff Cybersecurity Engineer
- Identity Platform Engineering
- IAM
- IGA
- DevSecOps
- Cybersecurity
- Belgrade
- Serbia
- AWS
- Python
- Go
- Microsoft Entra ID
- SailPoint
- Terraform
- CI/CD
How to get hired
- Tailor your resume: Highlight IAM, DevSecOps, and cloud automation experience relevant to Rivian's needs.
- Showcase technical skills: Emphasize proficiency in Python, Go, PowerShell, Git, CI/CD, and IaC (Terraform).
- Demonstrate leadership: Provide examples of driving cross-functional initiatives and improving operational outcomes.
- Prepare for technical interviews: Be ready to discuss IAM concepts, cloud architecture, and automation strategies.
- Understand Rivian's mission: Connect your passion for technology with Rivian's goals.
Technical preparation
Master Python, Go, or PowerShell for automation.,Practice IaC with Terraform for cloud environments.,Build CI/CD pipelines with Git-based workflows.,Understand Microsoft Entra ID and SailPoint.
Behavioral questions
Describe a complex cross-functional initiative you led.,How have you improved operational outcomes through discipline?,Share an example of mentoring or enabling a team.,Explain how you handle incident response and post-mortems.
Frequently asked questions
- What are the key responsibilities for a Staff Cybersecurity Engineer at Rivian?
- The Staff Cybersecurity Engineer at Rivian is primarily responsible for modernizing identity governance and lifecycle capabilities. This includes driving self-service access requests, implementing access reviews, and developing automation for identity lifecycle management. You will also be involved in building IAM platform components, establishing DevSecOps practices, and ensuring operational excellence for identity systems.
- What technical skills are most important for this Staff Cybersecurity Engineer role at Rivian?
- Key technical skills include significant experience with enterprise identity platforms like Microsoft Entra ID or Okta, hands-on ability with scripting languages such as Go, Python, or PowerShell, and proficiency with Git-based workflows. Experience with CI/CD pipelines, Infrastructure as Code (IaC) tools like Terraform, and deploying/operating automation in AWS are also crucial.
- Is this a remote position at Rivian?
- No, this Staff Cybersecurity Engineer position is based in Belgrade, Serbia, and requires onsite or hybrid presence at a Rivian location. Remote work is not available for this role.
- What is the expected experience level for the Staff Cybersecurity Engineer role at Rivian?
- Rivian is looking for candidates with 8+ years of relevant experience in IAM, cybersecurity engineering, or identity platform engineering. The role also emphasizes staff-level delivery capabilities, including driving cross-functional initiatives and influencing team practices.
- Does this role require on-call participation at Rivian?
- Yes, participation in an incident on-call rotation is required for this Staff Cybersecurity Engineer position. This involves supporting production identity systems and responding to IAM-related incidents.
- What does Rivian mean by 'automation-first engineering operating model' for IAM?
- An automation-first engineering operating model means shifting from manual, operations-heavy tasks to automated processes for IAM functions. This involves designing and building automation using APIs, scripts, and IaC, with deployment through CI/CD pipelines, to ensure efficiency, reliability, and scalability.
- How does Rivian approach delivery and quality for IAM changes?
- Rivian emphasizes an engineering-quality delivery model that includes design and peer reviews, automated checks and testing, staged rollouts, rollback plans, and ensuring operational readiness before implementing IAM changes.
Similar roles
Open positions we recommend based on this role.