Staff Security Engineer, IAM

Posted 1 day 16 hours ago by DELIVEROO

£80,000 - £100,000 Annual
Permanent
Full Time
Other
London, United Kingdom
Job Description
Why Deliveroo

Our mission is to transform the way you shop and eat, bringing the neighbourhood to your door by connecting consumers, restaurants, shops and riders. We are transforming the way the world eats and shops by making access to food and products more convenient and enjoyable. We give people the opportunity to buy what they want, as they want it, when and where they want it.

We are a technology-driven company at the forefront of the most rapidly expanding industry in the world. We are still a small team, making a very large impact, looking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.

About the role

We are looking for a Staff Security Engineer (L6) with deep expertise in Identity & Access Management (IAM) to help design, build, and evolve our identity, authentication, and access control capabilities across the organisation.

This is a hands on senior engineering role within Corporate Security Engineering. You will act as a technical leader across IAM and broader security engineering initiatives - designing scalable identity systems, building secure by default access controls, and developing internal integrations and automation that materially improve our risk posture.

You will combine strong security engineering capability with deep IAM domain knowledge, influencing architectural decisions, mentoring engineers, and partnering with stakeholders across engineering, IT, compliance, and product teams.

What you'll be doing: Identity & Access Architecture

  • Own and evolve Deliveroo's IAM architecture across identity providers (e.g., Okta, Azure AD, Google Cloud Identity), identity governance (e.g., ConductorOne, SailPoint IdentityNow), and cloud IAM (AWS/GCP).

  • Design scalable solutions for authentication, authorisation, provisioning, deprovisioning, RBAC/ABAC, JIT access, and privileged access management.

  • Drive improvements to access governance processes including certifications, SoD controls, and policy enforcement.

  • Lead implementations and technical integrations between domains, ensuring engineering core principles are adhered to.

  • Develop "Paved Roads" for stakeholders enforcing IAM best good practices to teams.

Security Engineering

Deliveroo's strategy is to leverage best-in-class security and IAM tooling wherever possible. In this role, you will maximise the value of those platforms by designing and building the custom integrations, middleware, and complementary automation that surround them.

This includes:

  • Developing bespoke integrations between IAM platforms and internal systems to ensure seamless lifecycle management and access governance.

  • Building middleware solutions to address edge cases (e.g. automated group creation where authoritative HR data does not exist).

  • Designing and implementing self service RBAC capabilities that enable business teams to manage roles within defined guardrails.

  • Creating automation layers that enhance ROI from commercial tooling by reducing manual effort and embedding controls into engineering workflows.

  • Extending off the shelf platforms with APIs, event driven services, and workflow orchestration to meet Deliveroo's scale and complexity.

You will focus on ensuring our purchased tooling is deeply integrated, automated, and aligned with our broader security architecture.

Automation & Integration

  • Build scalable automation across IAM services using modern programming languages (e.g., Go, Java, Python, JavaScript).

  • Develop and maintain integrations using REST APIs, SCIM, webhooks, and event driven architectures.

  • Embed IAM controls into CI/CD pipelines and infrastructure as code environments.

  • Improve reliability and reduce manual operational burden through engineering led solutions.

Cloud & Platform Security

  • Work across AWS, GCP, or Azure environments to ensure IAM and security architecture aligns with cloud native best practices.

  • Design and review IAM roles, policies, and trust boundaries in cloud environments.

  • Support Zero Trust and secure by default principles across infrastructure and application layers.

Technical Leadership & Influence

  • Act as a subject matter expert in IAM across the organisation.

  • Mentor and support engineers in secure design, IAM protocols, and security engineering practices.

  • Partner with Security GRC, IT, and Engineering leadership to balance risk reduction with developer experience.

  • Influence adoption of best practices across authentication, authorisation, and access governance.

Requirements:

  • 7+ years of experience in software or security engineering, with significant hands on technical depth.

  • Strong experience in at least one modern programming language (Go, Java, Scala, Python, or similar).

  • Proven experience designing and operating IAM systems in a cloud first environment.

  • Deep understanding of authentication and authorisation protocols:

    • SAML

    • OAuth2 / OIDC

    • SCIM

    • MFA and modern identity assurance methods

  • Experience with identity providers and directories such as Okta, Azure AD, Google Cloud Identity, or Active Directory.

  • Hands on experience with identity governance platforms (e.g., ConductorOne, SailPoint IdentityNow), including lifecycle management, access reviews, and ABAC models.

  • Strong understanding of cloud IAM (AWS IAM, GCP IAM, Azure RBAC).

  • Experience building secure integrations and automation using REST APIs and event driven architectures.

  • Experience leading significant cross team security initiatives.

  • Strong knowledge of RBAC, ABAC, PAM, and Zero Trust architecture principles.

  • Experience working in high growth, cloud native environments.

  • Strong architectural thinking and ability to design resilient, scalable systems.

  • Excellent communication skills with the ability to influence cross functional stakeholders and drive adoption of secure design patterns.

Nice to have:

  • Experience implementing or integrating Just in Time (JIT) access or Privileged Access Management tooling.

  • Experience embedding IAM controls into developer workflows (Terraform, CI/CD, GitOps).

  • Experience in regulated environments (SOX, GDPR, PCI).

  • Containerisation and orchestration experience (Docker, Kubernetes).

How you'll make an impact:

  • Identity and access systems are scalable, automated, and secure by default.

  • Commercial IAM tooling delivers strong ROI through high quality integrations and automation.

  • Manual access management effort is materially reduced through engineering solutions.

  • IAM controls are deeply integrated into cloud and engineering workflows.

  • Engineers across the company adopt authentication and authorisation best practices.

  • Security posture improves without negatively impacting developer velocity.

Why This Role is Exciting:

This is an opportunity to shape IAM and security engineering at scale within a global technology company. You will influence foundational systems that protect millions of users, work on high impact security integrations, and help define the long term identity and access strategy.

You'll operate at the intersection of security architecture, software engineering, and cloud platform design - solving complex identity challenges while building systems that make secure access seamless across the organisation.

Workplace & Benefits

At Deliveroo we know that people are the heart of the business and we prioritise their welfare. Benefits differ by country, but we offer many benefits in areas including healthcare, well being, parental leave, pensions, and generous annual leave allowances, including time off to support a charitable cause of your choice. Benefits are country specific, please ask your recruiter for more information.

Diversity

At Deliveroo, we believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest growing businesses in a rapidly growing industry.

We are committed to diversity, equity and inclusion in all aspects of our hiring process. We recognise that some candidates may require adjustments to apply for a position or fairly participate in the interview process. If you require any adjustments, please don't hesitate to let us know. We will make every effort to provide the necessary adjustments to ensure you have an equitable opportunity to succeed.