Security Engineer

The Mom Project is excited to support Etsy with their search for a Security Engineer to join their team on a contract basis!

About the Team

The Enterprise Security and Access Management (ESAM team) safeguards the end to end security experience for Etsy admin—from the devices they use to everything they access with them. We achieve this by unifying digital access management with physical device security measures. Our goal is to enforce proper device management, reduce unnecessary access, strengthen identity guarantees, identify and patch vulnerabilities, and minimize the blast radius of security incidents. We focus on both what individuals have access to (ensuring necessary permissions on applications) and how they access it (ensuring trusted devices are used).

As part of the team, you’ll work on strengthening Etsy’s identity and access management controls, focusing specifically on the growing landscape of non-human identities (e.g., service accounts, CI/CD pipelines, cloud resources) and the secrets that power them.

About the Role

Etsy is seeking a Security Software Engineer I with experience in Identity and Access Management (IAM) to help secure access across our cloud infrastructure. In this role, you’ll design and build systems to enforce strong access controls for non-human identities, support secret lifecycle management, and ensure Etsy’s infrastructure adheres to the Principle of Least Privilege (PoLP) at scale.

You’ll play a critical role in evaluating and improving Etsy’s controls around service accounts, IAM roles, key rotation, and usage monitoring, especially in Google Cloud Platform (GCP). Your work will help the company reduce risk and increase confidence in how internal services authenticate and access sensitive resources.

Role Details:

As a Security Software Engineer I you’ll…

• Design and implement scalable controls for non-human identity management across GCP, SaaS, and internal systems.
• Identify gaps in how service accounts, workload identities, and automation credentials are provisioned, used, and decommissioned.
• Partner with Infrastructure Security to improve service account secrets management, including key rotation, secret storage, and permission scoping.
• Act as a subject matter expert in access management of human and non-human identities, offering guidance to engineers across the company.
• Proactively identify security gaps and risks across company-managed devices and access systems, aligning findings with the team’s mission to strengthen device integrity.
• Collaborate with cross-functional teams to align security efforts with Etsy’s infrastructure modernization initiatives.
• Develop and implement coding solutions when technical challenges arise (e.g., automation, reporting, integrations).

Qualifications:

• 5+ years of experience in Security Engineering with a focus on identity, access management, or cloud security.
• Deep knowledge of IAM concepts, especially service accounts, workload identity, impersonation, and least privilege access in cloud environments.
• Experience in designing, implementing, and managing IAM solutions.
• Identity and access management subject matter expertise, including :
  • Authentication protocols (SAML, OIDC, OAuth)
  • Cloud IAM platforms (GCP preferred)
  • Access control models (ABAC)
  • Identity Providers (Okta)
• Identity Governance and Administration (IGA)

Hours and Location

• Monday - Friday, 40 hours/week
• 100% remote - US

We offer a competitive salary range for this position. Most candidates who join our team are hired at the median of this range, ensuring fair and equitable compensation based on experience and qualifications.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.