Onboarding Engineer (Remote – U.S.)

📍 Location: Remote (U.S. only)
💼 Type: Full-time
💰 Compensation: $95,000 - $150,000 (subject to qualifications and experience) + equity + premium benefits

We’re Files.com, a profitable, founder-led SaaS company powering secure file transfer and automation for 4,000+ brands you know: Marc Jacobs, GrubHub, Michelin, Hot Topic, Stamps.com, Planet Fitness, KFC, and more.

We’ve built a $35M+ business with just 70 people by hiring smart, clear-thinking communicators who act fast and own outcomes. Backed by $46.5M from Riverwood Capital, we’re scaling intentionally—and this role is a core part of that growth.

• Onboarding as an engineering discipline: You’ll design production architectures: SSO, RBAC, data flows, automation triggers, IP allowlists, encryption at rest/in transit, audit pipelines — the works.
• Enterprise surface area, real technical depth: SFTP/FTPS/HTTPS, PGP, REST APIs, webhooks; IdPs (Okta, Azure AD, AD FS, LDAP), key management, least-privilege RBAC; hybrid networks, reverse proxies, TLS, DNS, NAT, egress controls; storage integrations (S3/Blob), SharePoint/OneDrive connectors — you’ll touch them all.
• Prevent, don’t just resolve: Support fixes after the fact. Onboarding eliminates friction up front: migration plans, throughput testing, cutover playbooks, rollback strategies, observability from day one.
• A product you’re proud to implement: Files.com powers mission-critical workflows at global scale. You’ll implement a platform that’s fast, reliable, and secure — not build workarounds for “known issues.”

• Map requirements into robust architectures: identity, access, encryption, automation, retention, and auditability.
• Author cutover plans with throughput targets, back-pressure handling, retry logic, and verification (checksums, manifests).

• Stand up SAML/OIDC SSO with Okta/Azure AD; configure SCIM for lifecycle provisioning.
• Model least-privilege RBAC, groups/roles, device/IP policies, and MFA posture.

• Connect storage backends (e.g., S3/Blob), enterprise systems, and endpoints.
• Use our REST API and webhooks to build event-driven automations; script glue in Python/PowerShell/Bash when needed.

• Work through real-world constraints: egress proxies, TLS versions/cipher suites, DPI/IDS appliances, MTU/path issues, DNS/CAA/CAA misconfigurations, and IP allowlists.
• Validate performance end-to-end: parallelism, window sizes, chunking, and timeouts.

• Run admin training and technical handoffs; produce crisp diagrams, runbooks, and KB articles.
• Feed patterns back to Product & Engineering; turn one-off fixes into repeatable playbooks.

• SAML assertion bugs (NameID/ACS mismatch, clock skew) and OIDC scope/claim mapping.
• SCIM drift detection, deprovisioning safety, and group-driven role assignment.
• SFTP/FTPS tuning across high-latency links; negotiating ciphers/MACs; passive mode firewall pinholes.
• Proxy/TLS handshake failures (SNI, intermediate certs, mTLS); rotating keys/certs without downtime.
• Event-driven pipelines with webhooks, retries, idempotency keys, and dead-letter strategies.
• Bulk migrations: parallel workers, rate limiting, checksum validation, and resumable transfers.
• Building observability from day one: audit streams, SIEM forwarding, and success SLOs.

• Production deployments shipped on schedule with zero “failed launches.”
• Adoption curves that climb in the first 30–90 days: usage, automations, departments onboarded.
• Security posture locked: SSO/SCIM live, RBAC least-privilege, audit forwarding enabled.
• Throughput targets met or exceeded with documented performance baselines and runbooks.
• Expansion signals identified early via consultative discovery (more sites, features, or storage).
• Playbooks created that the next Onboarding Engineer (or customer admin) can reuse verbatim.

• ✅ You think like an engineer and a consultant: deep systems knowledge + crisp customer communication.
• ✅ You’re fluent in at least several of: SAML/OIDC/SCIM, SFTP/FTPS/HTTPS, TLS & PKI, REST/webhooks, Python/PowerShell/Bash, IP networking, proxies/firewalls.
• ✅ You enjoy live debugging over Zoom as much as writing a clean, reusable runbook after.
• ✅ You anticipate failure modes and design guardrails so they never reach production.
• ✅ You’re remote-savvy: strong async notes, tight agendas, excellent ownership.

• Onboarding → Product / Platform (shape the roadmap with customer patterns)
• Onboarding → Customer Success / Strategic Accounts (own long-term outcomes)
• Onboarding → Team Lead / Manager (scale the craft across the org)

Your trajectory is limited only by your clarity, discipline, and output.