Senior Identity Engineer

Department: Technology

The Senior Identity Engineer will lead the design, integration, and automation of identity controls across MLB's workforce and customer platforms. This is a hands-on engineering role at the intersection of identity, software engineering, and security: building production-grade integrations and services across Okta, Auth0, federation, and access governance. This role helps protect employees, partners, and contractors while securing identity experiences used by millions of fans.

This role includes participation in a rotational, after-hours on-call schedule, including major game days, ticket launches, and partner broadcasts

Responsibilities

• Design, implement, and maintain identity security controls across Okta and Auth0, including SSO, MFA, federation, lifecycle management, and policy-based access
• Engineer secure authentication and authorization patterns across SaaS, cloud, internal, and consumer-facing applications
• Build and maintain production-grade integrations, automation, and internal tooling using APIs, events, and workflow orchestration
• Lead complex identity integrations using SAML, OAuth 2.0, OpenID Connect, SCIM, JWT, and related standards
• Automate joiner-mover-leaver processes, provisioning and deprovisioning workflows, and entitlement management
• Design and automate management of non-human identities, including service accounts, machine identities, service-to-service access, and AI agent use cases
• Serve as a senior escalation point for complex identity incidents involving federation, account lifecycle, authorization failures, provisioning, and policy enforcement
• Support investigations and recovery efforts related to suspicious access patterns, authentication abuse, and identity-driven security events
• Integrate security into CI/CD pipelines and contribute to application and API security tooling
• Partner with Engineering, IT, Product, HR, and third-party vendors to embed identity controls into system design and operational processes
• Mentor engineers and contribute to standards, runbooks, architecture guidance, and peer reviews

Qualifications & Skills

• Strong experience with Okta is required, including Workflows, Lifecycle Management, Universal Directory, Adaptive MFA, and federation
• Bachelor’s or Master’s degree in Computer Science, Software Engineering, Cybersecurity, or a related field, or equivalent practical experience
• 5+ years of experience in identity engineering, security engineering, or software engineering
• Strong understanding of authentication, authorization, access control, federation, and applied cryptography
• Strong understanding of identity and security protocols and standards, including OAuth, OpenID Connect, SAML, SCIM, JWT, TLS, XML signing/encryption, and secure session management
• Experience building production-quality code and integrating with REST APIs, webhooks, event-driven systems, and identity-related data formats such as JSON and XML Fluency in one or more languages (e.g. Python, Go, Java, or TypeScript)
• Experience with Active Directory/Entra ID, cloud platforms (AWS/Azure/GCP), and engineering tooling such as Git, CI/CD, and Terraform
• Experience with Auth0 supporting customer identity, registration, login, account linking, and authorization use cases are a plus
• Relevant certifications from recognized organizations such as (ISC)², GIAC, CompTIA, ISACA, Okta, Auth0, or cloud providers (AWS, Azure, GCP) are a plus
• Ability to independently own and drive complex, high-impact initiatives to completion with sound judgment and accountability
• Strong written and verbal communication skills, with the ability to actively listen and convey technical concepts clearly to engineering, product, and leadership audiences

Salary Range: $140,000 - $175,000 (Base Salary) + Bonus

As a candidate for this position, your salary and related aspects of compensation will be contingent upon your work experience, education, skills, and any other factors MLB considers relevant to the hiring decision. In addition to your salary, MLB believes in providing a competitive compensation and benefits package for its employees.

Top MLB Perks & Benefits

• Competitive Benefits Package
• Company 401K Contribution
• Paid Time Off and Holidays
• Paid Parental Leave
• Access to Free Tickets to Baseball Games & MLB.TV
• Discounts at MLB Store | MLBShop.com
• Employee Assistance Programs (EAP)
• Onsite/Online Training & Development Programs
• Tuition Reimbursement
• Disability Benefits (short term and long term)
• Life and Accidental Death Insurance
• Pet Insurance