This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
We are looking for a Staff Security Engineer (L6) with deep expertise in Identity & Access Management (IAM) to help design, build, and evolve our identity, authentication, and access control capabilities across the organisation. This is a hands-on senior engineering role within Corporate Security Engineering. You will act as a technical leader across IAM and broader security engineering initiatives - designing scalable identity systems, building secure-by-default access controls, and developing internal integrations and automation that materially improve our risk posture. You will combine strong security engineering capability with deep IAM domain knowledge, influencing architectural decisions, mentoring engineers, and partnering with stakeholders across engineering, IT, compliance, and product teams.
Job Responsibility:
Own and evolve Deliveroo’s IAM architecture across identity providers (e.g., Okta, Azure AD, Google Cloud Identity), identity governance (e.g., ConductorOne, SailPoint IdentityNow), and cloud IAM (AWS/GCP)
Design scalable solutions for authentication, authorisation, provisioning, deprovisioning, RBAC/ABAC, JIT access, and privileged access management
Drive improvements to access governance processes including certifications, SoD controls, and policy enforcement
Lead implementations and technical integrations between domains, ensuring engineering core principles are adhered to
Develop ‘Paved Roads’ for stakeholders enforcing IAM best good practices to teams
Developing bespoke integrations between IAM platforms and internal systems to ensure seamless lifecycle management and access governance
Building middleware solutions to address edge cases (e.g. automated group creation where authoritative HR data does not exist)
Designing and implementing self-service RBAC capabilities that enable business teams to manage roles within defined guardrails
Creating automation layers that enhance ROI from commercial tooling by reducing manual effort and embedding controls into engineering workflows
Extending off-the-shelf platforms with APIs, event-driven services, and workflow orchestration to meet Deliveroo’s scale and complexity
Build scalable automation across IAM services using modern programming languages (e.g., Go, Java, Python, JavaScript)
Develop and maintain integrations using REST APIs, SCIM, webhooks, and event-driven architectures
Embed IAM controls into CI/CD pipelines and infrastructure-as-code environments
Improve reliability and reduce manual operational burden through engineering-led solutions
Work across AWS, GCP, or Azure environments to ensure IAM and security architecture aligns with cloud-native best practices
Design and review IAM roles, policies, and trust boundaries in cloud environments
Support Zero Trust and secure-by-default principles across infrastructure and application layers
Act as a subject matter expert in IAM across the organisation
Mentor and support engineers in secure design, IAM protocols, and security engineering practices
Partner with Security GRC, IT, and Engineering leadership to balance risk reduction with developer experience
Influence adoption of best practices across authentication, authorisation, and access governance
Requirements:
7+ years of experience in software or security engineering, with significant hands-on technical depth
Strong experience in at least one modern programming language (Go, Java, Scala, Python, or similar)
Proven experience designing and operating IAM systems in a cloud-first environment
Deep understanding of authentication and authorisation protocols: SAML, OAuth2 / OIDC, SCIM, MFA and modern identity assurance methods
Experience with identity providers and directories such as Okta, Azure AD, Google Cloud Identity, or Active Directory
Hands-on experience with identity governance platforms (e.g., ConductorOne, SailPoint IdentityNow), including lifecycle management, access reviews, and ABAC models
Strong understanding of cloud IAM (AWS IAM, GCP IAM, Azure RBAC)
Experience building secure integrations and automation using REST APIs and event-driven architectures
Experience leading significant cross-team security initiatives
Strong knowledge of RBAC, ABAC, PAM, and Zero Trust architecture principles
Experience working in high-growth, cloud-native environments
Strong architectural thinking and ability to design resilient, scalable systems
Excellent communication skills with the ability to influence cross-functional stakeholders and drive adoption of secure design patterns
Nice to have:
Experience implementing or integrating Just-in-Time (JIT) access or Privileged Access Management tooling
Experience embedding IAM controls into developer workflows (Terraform, CI/CD, GitOps)
Experience in regulated environments (SOX, GDPR, PCI)
Containerisation and orchestration experience (Docker, Kubernetes)
What we offer:
25 days annual leave plus bank holidays, increasing with length of time spent working at Deliveroo
One day of paid leave per year to volunteer with a registered charity
Funded single cover healthcare on our core plan, with the option to add family members at own cost
Access to wellbeing apps such as LesMills+, Strava, Headspace, Yogaia via GymPass
Discounted dental insurance and a range of other flexible benefits, such as critical illness cover, partner life cover, travel insurance, health assessments
Life assurance
Maternity, paternity and maternity and shared parental leave, eligible from day one of employment
Excellent kit to enable working from home and a parent-friendly working culture
Access to free mortgage advice
Cycle to Work Scheme or Season Ticket Loans, depending how you wish to travel
Excellent learning and development opportunities and access to RooLearn, our learning platform, packed with high-quality training and content
Regular Employee Resource Group (ERG) led social events – examples include dinners, dance lessons and in-office yoga sessions
Summer and end-of-year parties
Free Deliveroo Plus: free delivery and access to special offers