About the Department
The Identity and Access Management (IAM) team is dedicated to ensuring the secure and efficient management of user identities, access privileges, and authentication mechanisms across all company systems, applications, and data. Our mission is to safeguard the organization against unauthorized access, protect sensitive information, and enable seamless user experiences while adhering to industry best practices and compliance standards.

About the Role

As an Identity and Access Management (IAM) Security Engineer, you will play a crucial role in designing, implementing, and managing identity and access management solutions. You will be responsible for safeguarding our systems, applications, and data by ensuring secure user access, authentication, and authorization mechanisms.

A Security engineers work may include reviewing reports from various sources (automated scanners, employee reports, logs, etc.), managing and configuring automated tooling (Terraform, Open Policy Agent, Workers, etc.), building controls to enforce policy (two factor authentication requirements, role based access, etc), creating tools, reports or platforms to support the team’s goals.

Desirable skills, knowledge and experience

Security engineers take part in a wide variety of tasks and projects in the team. One individual is not expected to know everything, but a working knowledge in several of the following areas is required:

  • Strong understanding of identity federation (SAML, OAuth, OpenID Connect, etc.)
  • Experience with Identity and Access Management policy application and enforcement
  • Experience designing, implementing, and managing IAM solutions
  • Experience working with Open Policy Agent
  • Experience working in DevOps / DevSecOps
  • Experience working with configuration management tools like Terraform, Ansible, etc.
  • Experience working with Information Technology platforms and systems
  • Experience with SaaS security (Google Workspace, Salesforce, Workday, Atlassian, etc.)
  • Experience in configuration, troubleshooting and maintenance of network security infrastructure (Web content filtering, Firewall, IDS and DLP controls)
  • Experience with API gateways and API security
  • Experience with Zero Trust security
  • Experience in secure configuration of cloud-based storage and data management systems
  • Experience with secure configuration of containerized application platforms (e.g. Kubernetes)
  • Advanced programming experience (Python, TypeScript, Bash, etc.)


Compensation may be adjusted depending on work location.

  • For Colorado-based hires: Estimated annual salary of $168,000 – $206,000
  • For New York City, Washington, and California (excluding Bay Area) based hires: Estimated annual salary of $187,000 – $229,000
  • For Bay Area-based hires: Estimated annual salary of $196,000 – $240,000


This role is eligible to participate in Cloudflare’s equity plan.


Cloudflare offers a complete package of benefits and programs to support you and your family.  Our benefits programs can help you pay health care expenses, support caregiving, build capital for the future and make life a little easier and fun!  The below is a description of our benefits for employees in the United States, and benefits may vary for employees based outside the U.S.

Health & Welfare Benefits

  • Medical/Rx Insurance
  • Dental Insurance
  • Vision Insurance
  • Flexible Spending Accounts
  • Commuter Spending Accounts
  • Fertility & Family Forming Benefits
  • On-demand mental health support and Employee Assistance Program
  • Global Travel Medical Insurance

Financial Benefits

  • Short and Long Term Disability Insurance
  • Life & Accident Insurance
  • 401(k) Retirement Savings Plan
  • Employee Stock Participation Plan

Time Off

  • Flexible paid time off covering vacation and sick leave
Job Overview
Job alerts

Subscribe to our weekly job alerts below and never miss the latest jobs

Sign in

Sign Up

Forgotten Password

Job Quick Search