Senior IT Engineer

Amplitude is the leading AI analytics platform, helping over 4,700 customers—including Atlassian, Burger King, NBCUniversal, and Square—build better products and digital experiences. With powerful AI Agents embedded across our platform, teams can analyze, test, and optimize user experiences faster than ever. Ranked #1 across multiple categories in G2’s Winter 2026 Report, Amplitude is the best-in-class solution for product, data, and marketing teams. Learn more at amplitude.com . As an organization, we deliver for our customers by living our values. We operate from a place of humility, take ownership of problems and successes, approach challenges with a growth mindset, and put our customers at the center of everything we do. Amplitude’s Commitment to Diversity Equity & Inclusion (DEI): Amplitude believes that diversity enables the creation of better products, improves the ability to solve complex problems, and drives more powerful solutions. We strive to create an environment of inclusion—one focused on psychological safety, empathy, and human connection—that will allow employees of all backgrounds to thrive. Senior IT Engineer at Amplitude (View all jobs) San Francisco Bay Area What You'll Do IT Automation & Workflow Engineering: Own and evolve Amplitude's IT automation platform with Okta Workflows as the primary engine. Design and deliver reliable, scalable automations across onboarding and offboarding, access provisioning, SaaS license management, and compliance workflows. You architect solutions, not one-off scripts, and you hold yourself to a high bar for maintainability and documentation. Identity & Access Management: Own the full Okta configuration surface, SSO integrations, SCIM provisioning, group rules, adaptive MFA, RBAC lifecycle automation, and access review workflows in Lumos. You are expected to debug the full federation layer including attribute mapping, JIT provisioning, and SCIM reconciliation, and maintain production-grade configurations across the fleet. SAML, OIDC & Federation Engineering: Design, implement, and troubleshoot complex SAML 2.0 and OIDC integrations across enterprise SaaS applications. You understand both the SP and IdP sides of federation deeply, attribute statements, assertion mapping, binding types, token claims, and PKCE flows are not new territory. You own the integration from initial configuration through ongoing reconciliation and incident triage. Endpoint & Device Management: Administer macOS device management at scale via Kandji, including zero-touch provisioning, Blueprint and Library Item configuration, software deployment, and security policy enforcement. You maintain fleet compliance through automated checks and can diagnose complex endpoint issues without escalation. You also have familiarity with Jumpcloud for Windows devices.  AI-Assisted IT Operations: Champion AI adoption within IT, identifying high-value automation opportunities, evaluating AI-native and low-code tooling, and building agentic workflows that augment IT service delivery. You use LLMs to accelerate your own work (drafting runbooks, triaging issues, summarizing access reviews) and you build AI-powered automations where they create real leverage. Google Workspace Administration: Own Workspace admin depth, directory configuration, group management, Drive and sharing policy enforcement, DLP settings, and audit log triage. You maintain clean provisioning and deprovisioning integration between Workspace and Okta. IT Compliance & Access Reviews: Support SOC 2 evidence collection and access review workflows, including building and maintaining automated pipelines that surface access anomalies, generate reviewer-ready reports, and track remediation to closure. You understand the compliance surface and can own the operational execution without hand-holding from GRC. Employee Lifecycle & Compliance Operations: Own the full onboarding and offboarding lifecycle end-to-end - from Day 1 provisioning through final access termination - across Okta, Google Workspace, Kandji, and the broader SaaS stack. You design and maintain the automated workflows that ensure every joiner, mover, and leaver is handled consistently, completely, and on time. You understand how lifecycle gaps create compliance risk, orphaned accounts, lingering elevated access, missed deprovisioning, and you build the controls and audit trails that close those gaps. You work closely with People Ops and IT Security to align lifecycle triggers with HR systems, enforce role-based provisioning via SCIM and group rules, and produce the evidence needed for SOC 2 and access review cycles. Nothing falls through the cracks on your watch. SaaS Governance & Tool Management: Manage the lifecycle of Amplitude's corporate SaaS stack, vendor onboarding integrations, license optimization, app security reviews, and offboarding automation. You maintain up-to-date documentation, runbooks, and operational playbooks for every platform you own. Cross-Functional Partnership & Project Delivery: Partner with IT Security, Engineering, People Ops, and Finance to deliver high-impact projects. Communicate clearly with both technical and executive audiences on project status, risk, and outcomes. What You'll Need Experience: 5–8+ years in IT systems engineering, with hands-on depth in at least three of: Okta/IdP administration, SAML/OIDC federation engineering, macOS endpoint management (Kandji or Jamf), Google Workspace administration, IT automation and integration, or SOC 2/compliance operations. Identity & federation depth: You have built net-new SAML 2.0 and OIDC integrations from scratch on both the SP and IdP sides. You can debug assertion failures, fix attribute mapping mismatches, troubleshoot SCIM sync errors, and own the full federation lifecycle without escalating to a vendor or another engineer. Automation architecture: You have a demonstrated track record of building multi-step, multi-system automati