Senior IT Engineer

United States·San Francisco

OtherIt Engineer

0 views0 saves0 applied

Apply Now

Quick Summary

Key Responsibilities

Own and evolve Amplitude's IT automation platform with Okta Workflows as the primary engine. Design and deliver reliable, scalable automations across onboarding and offboarding, access provisioning,

Requirements Summary

You work through ambiguous problems independently from initial triage through remediation and documentation. You don't wait for perfect requirements.

Technical Tools

OtherIt Engineer

Amplitude is the leading AI analytics platform, helping over 4,700 customers—including Atlassian, Burger King, NBCUniversal, and Square—build better products and digital experiences. With powerful AI Agents embedded across our platform, teams can analyze, test, and optimize user experiences faster than ever. Ranked #1 across multiple categories in G2’s Winter 2026 Report, Amplitude is the best-in-class solution for product, data, and marketing teams. Learn more at amplitude.com.

As an organization, we deliver for our customers by living our values. We operate from a place of humility, take ownership of problems and successes, approach challenges with a growth mindset, and put our customers at the center of everything we do.

Responsibilities

~3 min read

→IT Automation & Workflow Engineering: Own and evolve Amplitude's IT automation platform with Okta Workflows as the primary engine. Design and deliver reliable, scalable automations across onboarding and offboarding, access provisioning, SaaS license management, and compliance workflows. You architect solutions, not one-off scripts, and you hold yourself to a high bar for maintainability and documentation.
→Identity & Access Management: Own the full Okta configuration surface, SSO integrations, SCIM provisioning, group rules, adaptive MFA, RBAC lifecycle automation, and access review workflows in Lumos. You are expected to debug the full federation layer including attribute mapping, JIT provisioning, and SCIM reconciliation, and maintain production-grade configurations across the fleet.
→SAML, OIDC & Federation Engineering: Design, implement, and troubleshoot complex SAML 2.0 and OIDC integrations across enterprise SaaS applications. You understand both the SP and IdP sides of federation deeply, attribute statements, assertion mapping, binding types, token claims, and PKCE flows are not new territory. You own the integration from initial configuration through ongoing reconciliation and incident triage.
→Endpoint & Device Management: Administer macOS device management at scale via Kandji, including zero-touch provisioning, Blueprint and Library Item configuration, software deployment, and security policy enforcement. You maintain fleet compliance through automated checks and can diagnose complex endpoint issues without escalation. You also have familiarity with Jumpcloud for Windows devices.
→AI-Assisted IT Operations: Champion AI adoption within IT, identifying high-value automation opportunities, evaluating AI-native and low-code tooling, and building agentic workflows that augment IT service delivery. You use LLMs to accelerate your own work (drafting runbooks, triaging issues, summarizing access reviews) and you build AI-powered automations where they create real leverage.
→Google Workspace Administration: Own Workspace admin depth, directory configuration, group management, Drive and sharing policy enforcement, DLP settings, and audit log triage. You maintain clean provisioning and deprovisioning integration between Workspace and Okta.
→IT Compliance & Access Reviews: Support SOC 2 evidence collection and access review workflows, including building and maintaining automated pipelines that surface access anomalies, generate reviewer-ready reports, and track remediation to closure. You understand the compliance surface and can own the operational execution without hand-holding from GRC.
→Employee Lifecycle & Compliance Operations: Own the full onboarding and offboarding lifecycle end-to-end - from Day 1 provisioning through final access termination - across Okta, Google Workspace, Kandji, and the broader SaaS stack. You design and maintain the automated workflows that ensure every joiner, mover, and leaver is handled consistently, completely, and on time. You understand how lifecycle gaps create compliance risk, orphaned accounts, lingering elevated access, missed deprovisioning, and you build the controls and audit trails that close those gaps. You work closely with People Ops and IT Security to align lifecycle triggers with HR systems, enforce role-based provisioning via SCIM and group rules, and produce the evidence needed for SOC 2 and access review cycles. Nothing falls through the cracks on your watch.
→SaaS Governance & Tool Management: Manage the lifecycle of Amplitude's corporate SaaS stack, vendor onboarding integrations, license optimization, app security reviews, and offboarding automation. You maintain up-to-date documentation, runbooks, and operational playbooks for every platform you own.
→Cross-Functional Partnership & Project Delivery: Partner with IT Security, Engineering, People Ops, and Finance to deliver high-impact projects. Communicate clearly with both technical and executive audiences on project status, risk, and outcomes.

Experience: 5–8+ years in IT systems engineering, with hands-on depth in at least three of: Okta/IdP administration, SAML/OIDC federation engineering, macOS endpoint management (Kandji or Jamf), Google Workspace administration, IT automation and integration, or SOC 2/compliance operations.
Identity & federation depth: You have built net-new SAML 2.0 and OIDC integrations from scratch on both the SP and IdP sides. You can debug assertion failures, fix attribute mapping mismatches, troubleshoot SCIM sync errors, and own the full federation lifecycle without escalating to a vendor or another engineer.
Automation architecture: You have a demonstrated track record of building multi-step, multi-system automation workflows with measurable business impact. Okta Workflows experience is strongly preferred. You design for maintainability, not just function.
Technical skills: Comfortable writing Python, Bash, or equivalent to extend low-code platforms, build lightweight tooling, or debug integration issues. You can move quickly without looping in engineering.
AI proficiency: You actively use AI tools (Claude, Copilot, or similar) to accelerate your own work, and you have built or designed AI-powered automations or agentic workflows. Genuine curiosity about where LLMs and AI-native tooling create leverage in IT operations is a hard requirement, not a nice-to-have.
Autonomy & ownership: You work through ambiguous problems independently from initial triage through remediation and documentation. You don't wait for perfect requirements.
Communication: Strong cross-functional collaboration skills. Able to translate complex technical decisions for non-technical stakeholders and work effectively with Legal, People, Security, and Engineering.

Deep Okta Workflows experience including complex branching, error handling, and cross-app orchestration
Experience with enterprise iPaaS platforms (Workato or equivalent) in addition to Okta Workflows
Familiarity with AI tool governance - acceptable use policies, connector security reviews, and data classification in AI contexts
Experience supporting M&A technical integrations or cross-tenant identity migrations
Zero-trust architecture patterns, CASB/SSPM tooling, or ZTNA experience
Certifications in Okta, Kandji, or Google Workspace
Prior experience at a high-growth tech company with a lean IT team and large scope

What We Offer

~3 min read

✓We were recognized in the Newsweek Excellence Index 2024.

✓Our customers love us! They've said we're the #1 product analytics solution for 19 quarters in a row on G2.

✓We care A LOT about product innovation. Fast Company called us the #3 most innovative enterprise company in the world.

✓We invest in our people. We offer mentorship programs, management training, and wellness initiatives.

✓We give back to our communities. We give every Ampliteer a charitable giving grant and paid volunteer time off.

✓We were founded in 2012, went public via a direct listing in September 2021, and are now trading under the ticker $AMPL.

✓We’re a global and fast-growing team! We have employees around the world and offices in San Francisco (HQ), New York, Vancouver, Amsterdam, London, Paris, Singapore, and Tokyo.

✓Our mascot is Data Monster, who loves to chow down on numbers, charts, and graphs. Nom nom.