Senior Security Engineer, Identity & Access Management (IAM)

Hi, we're Oscar. We’re hiring a Senior Security Engineer, I to join our Security team in our New York office. 

Oscar is a technology-driven, consumer-focused health insurance startup founded in 2012 and headquartered in New York City. Our goal is to make health insurance simple, transparent, and human. We need your help to do so.

About the role:

Taking care of our members includes securing their data. The mission of the Security team is to protect the data our customers have entrusted to us, and make it possible for Oscar management to make informed, risk-calibrated decisions.

Identity and Access Management (IAM) is one of the most critical parts of security to get right. We are building out our IAM program to become a leader in the area. We’re looking for someone to help us achieve that mission and serve as a key contributor to the Security Team and its partner teams.

You will report into the Director of Identity & Access Management.

Responsibilities:

• Contribute key input to the strategy Oscar will follow to achieve a robust and leading identity management program.
• Architect, build, test, deploy, and monitor Oscar’s IAM systems and beyond.
• Build risk assessment frameworks and deliver action plans to manage the assessed risk.
• Help build technical and non-technical processes, policies, and standards that reflect security best practices and minimizes Oscar's security risks.
• Engineer and facilitate cross-organizational access reviews.
• Build and maintain mutual trust with key stakeholders in the company, such as Engineering, Legal, Compliance, and the People team.
• Act as a key technical resource in the IAM space for the organization

Requirements:

• Have 5+ years of career experience related to information security and/or software development.
• Deep knowledge of identity and access management concepts (e.g. OAuth2, OpenID Connect, SAML, RBAC, ABAC, MFA) or a willingness to immerse yourself in the area.
• Be able to write production-quality code in at least one programming language and an interest in learning more languages. We currently use Python, Javascript, and Go.
• Knowledge of *nix systems.
• Communicate security risks effectively using risk management language to both technical and non-technical audiences, including executive leadership and offering a depth of technical perspective to engineers.
• Ability to lead technical efforts and junior resources

Life at Oscar: 

At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves and find both belonging and support. We're on a mission to change health care -- an experience made whole by our unique backgrounds and perspectives.

We encourage our members to care for their whole selves, and we encourage our employees to do the same with comprehensive medical benefits, generous paid-time off, paid parental leave, retirement plans, company social events, stocked kitchens, wellness programs, and volunteer opportunities.

Reasonable Accommodation:

Oscar applicants are considered solely based on their qualifications, without regard to applicant’s disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (accommodations@hioscar.com) to make the need for an accommodation known.

Pay Transparency Policy:

Oscar ensures that you won't be discharged or discriminated against based on whether you've inquired about, discussed, or disclosed your pay. Read the full policy here.