Senior Cybersecurity Engineer, Identity DevOps and Platform Automation

Rivian
Rivian

Software Engineering

Belgrade, Serbia

Posted on Jul 14, 2026

Job Description

About Rivian

Rivian is on a mission to keep the world adventurous forever. This goes for the emissions-free Electric Adventure Vehicles we build, and the curious, courageous souls we seek to attract.

As a company, we constantly challenge what’s possible, never simply accepting what has always been done. We reframe old problems, seek new solutions and operate comfortably in areas that are unknown. Our backgrounds are diverse, but our team shares a love of the outdoors and a desire to protect it for future generations.


Role Summary

Rivian is seeking a Senior Cybersecurity Engineer, Identity DevOps and Platform Automation to help design, build, and improve the IAM services, automation, and integration patterns that protect Rivian's people, applications, infrastructure, and data. This is a hands-on IAM engineering role for someone who brings identity depth, strong delivery habits, and the ability to own moderately complex work from design through validation and operational support.
You will help deliver reliable, auditable IAM services across Microsoft Entra ID, Microsoft Graph, identity governance, lifecycle workflows, and AWS-hosted automation. You will also help turn repeated identity integration work into clearer, more reusable patterns, reducing fragile manual processes and improving operational readiness. In this role, you will help build the identity foundations that power Rivian's enterprise operations.
Primary charter: deliver senior IAM ownership with emphasis on identity platform engineering, automation, integration engineering, and operational supportability while supporting Rivian's move toward a stronger Zero Trust access posture.
Location: Belgrade, Serbia (onsite/hybrid at a Rivian location; remote is not available). Participation in an incident on-call rotation is required.


Responsibilities

● Identity Platform Engineering: Design and deliver improvements to IAM platform components, with current emphasis on Microsoft Entra ID, Microsoft Graph, tenant governance, enterprise applications, directory and tenant configuration, and safer control-plane change patterns.
● Automation and Platform Delivery: Build and operate IAM automation, services, CLIs, APIs, workflows, and self-service paths through Git-based change, CI/CD, infrastructure as code, and AWS or equivalent cloud platform patterns.
● Governance and Lifecycle Delivery: Build and improve identity governance and lifecycle workflows in Microsoft Entra ID, including access requests, approvals, reviews, provisioning, deprovisioning, ownership tracking, and evidence generation.
● Integration Engineering: Support application onboarding through standard SSO and provisioning patterns such as SAML, OIDC, and SCIM, while helping turn repeated onboarding work and SCIM gateway patterns into reusable, validated automation.
● Platform Health and Drift Control: Improve observability, alerting, drift detection, and platform-health signals so important IAM platform components are easier to diagnose, operate, and improve over time.
● Delivery Discipline: Deliver controlled IAM platform change through design review, peer review, staged rollout, validation, monitoring, rollback or recovery planning, and clear documentation.
● Service Evolution: Evolve IAM platform services and automation with monitoring, runbooks, incident response, and fixes that reduce recurring failure modes. Participation in an incident on-call rotation is required.
● Collaboration: Work with HR, IT, Enterprise Security, SOC, application owners, and infrastructure partners to make identity platform controls practical, supportable, and aligned to business needs.


Qualifications

● Experience: 5+ years in IAM, identity platform engineering, IAM automation, cybersecurity engineering, platform delivery, or equivalent practical experience.
● Identity Platform Depth: Hands-on experience with Microsoft Entra ID and Microsoft Graph in enterprise identity environments, including tenant governance, enterprise applications, service principals, directory and tenant configuration, and Conditional Access policies.
● Automation and Delivery: Ability to build maintainable IAM automation, APIs, CLIs, workflows, or lightweight services using Python, PowerShell, Go, or equivalent, and deliver them through Git, CI/CD, infrastructure as code (Terraform, CloudFormation) on AWS or equivalent cloud platforms using serverless, container, or event-driven patterns.
● IAM Domain Literacy: Practical familiarity with adjacent IAM areas such as lifecycle, governance (RBAC/ABAC), SSO/federation (SAML, OAuth, OpenID Connect), provisioning (SCIM), privileged access, non-human identity, PKI/secrets (X.509), or Zero Trust access patterns.
● AI-Assisted Engineering: Experience using AI-assisted or AI-accelerated tools in real development, documentation, automation, or operational work.
● Operations: Experience supporting production or business-critical systems through monitoring, troubleshooting, validation, incident response, recovery planning, and continuous improvement.
● Communication: Clear written and verbal communication; effective in design reviews, handoffs, peer review, and cross-team coordination.

Bonus Points


● Identity Platform Automation at Scale: Experience building governed self-service, reusable automation, Microsoft Graph-driven workflows (including change notifications/webhooks), platform drift detection, policy-as-code (e.g., OPA/Rego), tenant hygiene automation, or enterprise application governance tooling.
● AWS / SRE Practice: Experience operating serverless (AWS Lambda, Azure Functions), container-based (Kubernetes, ECS), scheduled, or event-driven (EventBridge, SQS/SNS) workloads in AWS or equivalent cloud platforms with observability (metrics/logs/tracing, e.g., OpenTelemetry), alerting, runbooks, and incident response.
● Software-Engineering Depth: Experience raising automation quality through testing, versioning, packaging, reusable modules, typed interfaces, structured logging, configuration-driven behavior, or maintainable internal tools.
● Non-Human Identity and Secrets: Experience with workload identities and service principals, workload identity federation (OIDC-based) and the OAuth client-credentials flow, automation accounts, credential hygiene, secrets management, mTLS/X.509, vault-backed credential handling, or internal PKI patterns.




Equal Opportunity

Rivian is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender, gender expression, gender identity, genetic information or characteristics, physical or mental disability, marital/domestic partner status, age, military/veteran status, medical condition, or any other characteristic protected by law.

Rivian is committed to ensuring that our hiring process is accessible for persons with disabilities. If you have a disability or limitation, such as those covered by the Americans with Disabilities Act, that requires accommodations to assist you in the search and application process, please email us at candidateaccommodations@rivian.com.

Candidate Data Privacy

Rivian may collect, use and disclose your personal information or personal data (within the meaning of the applicable data protection laws) when you apply for employment and/or participate in our recruitment processes (“Candidate Personal Data”). This data includes contact, demographic, communications, educational, professional, employment, social media/website, network/device, recruiting system usage/interaction, security and preference information. Rivian may use your Candidate Personal Data for the purposes of (i) tracking interactions with our recruiting system; (ii) carrying out, analyzing and improving our application and recruitment process, including assessing you and your application and conducting employment, background and reference checks; (iii) establishing an employment relationship or entering into an employment contract with you; (iv) complying with our legal, regulatory and corporate governance obligations; (v) recordkeeping; (vi) ensuring network and information security and preventing fraud; and (vii) as otherwise required or permitted by applicable law.

Rivian may share your Candidate Personal Data with (i) internal personnel who have a need to know such information in order to perform their duties, including individuals on our People Team, Finance, Legal, and the team(s) with the position(s) for which you are applying; (ii) Rivian affiliates; and (iii) Rivian’s service providers, including providers of background checks, staffing services, and cloud services.

Rivian may transfer or store internationally your Candidate Personal Data, including to or in the United States, Canada, the United Kingdom, and the European Union and in the cloud, and this data may be subject to the laws and accessible to the courts, law enforcement and national security authorities of such jurisdictions.

Please note that we are currently not accepting applications from third party application services.