Staff Systems Administrator

As one of the first pioneers of earned wage access, our passion at EarnIn is building products that deliver real-time financial flexibility for those with the unique needs of living paycheck to paycheck. Our community members access their earnings as they earn them, with options to spend, save, and grow their money without mandatory fees, interest rates, or credit checks.

We’re fortunate to have an incredibly experienced leadership team, combined with world-class funding partners like A16Z, Matrix Partners, DST, Ribbit Capital, and a very healthy core business with a tremendous runway. We’re growing fast and are excited to continue bringing world-class talent onboard to help shape the next chapter of our growth journey.

Join EarnIn's IT team to own enterprise identity architecture end-to-end and lead AI-enabled automation that replaces manual workflows with scalable, auditable systems. The base salary range for this full-time position is $221,900 - $271,200, plus equity and benefits. Our salary ranges are determined by role, level, and location. This is a hybrid position in Mountain View (Headquarters) and will require in-office work 2 days a week.

• →Design and evolve EarnIn's enterprise identity model with Workday as the authoritative HRIS source and Okta as the central control plane. Drive zero-touch joiner/mover/leaver provisioning and own the program's First-Pass Automation Yield (FPAY) metric.
• →Architect privileged access management at scale: just-in-time elevation, time-bound exceptions, managed-device enforcement, and policy-driven entitlement reviews. Build and maintain the IAM Roles Catalog with expiring exceptions and clear ownership for every entitlement.
• →Lead federation strategy across AWS, Databricks, and the SaaS estate. Standardize entitlements via Identity-as-Code (Terraform) so every change is reviewable, diffable, and reversible.
• →Design a Continuous Access Evaluation pipeline -- manual-grant detection, quarterly evidence packaging, tamper-resistant sealing -- so audit readiness is a standing capability rather than a quarterly scramble.
• →Lead the design and rollout of agentic AI workflows that replace ticket-driven, human-in-the-loop IT processes: access intake, approvals routing, ownership reconciliation, helpdesk triage, and drift remediation.
• →Build reusable AI patterns, guardrails, and components (eval harnesses, tool-use scaffolds, prompt and policy libraries) that other EarnIn teams can adopt to AI-enable their own workflows. Partner with team leads across the company to turn working automations into a repeatable practice.
• →Set architectural direction for the IT team: tool selection, identity protocols (SAML, OAuth2, OIDC, SCIM), automation patterns, observability, and build-vs-buy decisions. Mentor IT engineers through code review, ADRs, runbooks, and design docs.

• Bachelor's degree (or higher) in Computer Science, Information Systems, or a related technical field
• 7+ years in IT Engineering or Identity & Access roles, including experience setting technical direction for a program and being accountable for the outcome.
• Demonstrated experience architecting and implementing an enterprise IAM program end-to-end -- design, rollout, and operational steady-state -- at meaningful scale, not solely operating a vendor product.
• Significant hands-on expertise in Okta (Workflows, Identity Governance, sign-on policies, group rules) and at least one HRIS-driven lifecycle integration (Workday preferred). Fluency in SAML, OAuth2, OIDC, SCIM, federation, JIT provisioning, and PAM patterns.
• Experience codifying identity infrastructure (Terraform, GitOps, or equivalent) and shipping changes through code review rather than admin consoles. Proficient in Python.
• Track record of systematically replacing manual processes with automation as the explicit operating model of the team -- not as a side project.
• Demonstrated experience designing, shipping, or championing AI-enabled workflows in a production environment (LLM-backed agents, retrieval-augmented assistants, or agentic automation replacing human-in-the-loop steps). Uses AI-assisted development tools (e.g., Copilot, Cursor, Claude Code) to accelerate own work.
• Clear written and verbal communication: able to lead an architecture review, write a decision doc, and explain why a control matters to both a developer and a CFO.
• Experience in a fintech or regulated environment (SOC 2, PCI) with audit-grade evidence pipelines is a plus
• Hands-on work with Databricks federation or AWS IAM Identity Center is a plus
• Certifications such as Okta Certified Consultant/Administrator or CISSP are a plus

#LI-Hybrid