We're transforming the grocery industry

At Instacart, we invite the world to share love through food because we believe everyone should have access to the food they love and more time to enjoy it together. Where others see a simple need for grocery delivery, we see exciting complexity and endless opportunity to serve the varied needs of our community. We work to deliver an essential service that customers rely on to get their groceries and household goods, while also offering safe and flexible earnings opportunities to Instacart Personal Shoppers.

Instacart has become a lifeline for millions of people, and we’re building the team to help push our shopping cart forward. If you’re ready to do the best work of your life, come join our table.

**Instacart is a Flex First team **

There’s no one-size fits all approach to how we do our best work. Our employees have the flexibility to choose where they do their best work—whether it’s from home, an office, or your favorite coffee shop—while staying connected and building community through regular in-person events. Learn more about our flexible approach to where we work.

Overview

Instacart’s IT organization empowers every employee to work securely, reliably, and at scale. We’re looking for a Senior Corporate Engineer II to own and evolve our security-critical workforce platforms, including our Okta identity platform, device trust program, and office networks across San Francisco, New York City, and Toronto. Your work will directly impact every Instacart employee and partner by ensuring seamless, safe access to the tools we rely on every day.

You’ll collaborate closely with Security Engineering, Enterprise Applications, Workplace, Compliance, and our Help Desk teams to ship automation, harden our posture, and raise operational reliability. This is a hands-on role in a fast-paced, ever-changing environment—ideal for someone who thrives in ambiguity, rolls up their sleeves to solve complex problems, and brings sound architectural judgment to high-stakes systems.

We are a dynamic team that loves tackling unique scenarios while building solutions that are scalable and secure. The role is remote-friendly within North America, with a preference for candidates in the Pacific Time Zone and the San Francisco Bay Area. Occasional travel to Instacart offices may be required (up to 10%).

About the Job

Own the architecture, security, and day-to-day operations of our enterprise Okta tenant, including delivery of Okta Identity Governance (OIG), lifecycle management, SCIM provisioning, SSO integrations (SAML/OIDC), MFA, risk-based policies, and device trust.
Design and maintain Infrastructure-as-Code for identity and access using Terraform, building reusable modules, guardrails, and automated workflows integrated with HRIS and ITSM systems to achieve least-privilege and timely provisioning/deprovisioning.
Architect, operate, and continuously improve Instacart’s office network infrastructure (firewalls, routing/switching, wireless) across SF, NYC, and Toronto; drive zero-trust segmentation, observability, capacity planning, and vendor/partner management.
Lead and participate in incident response for identity and network events, drive rapid mitigation and root-cause analysis, and implement durable remediations through post-incident reviews and change management.
Standardize and execute certificate and key lifecycles for SAML/TLS across SaaS applications; eliminate manual toil with scripting and robust runbooks that increase reliability and auditability.
Partner with Security and Compliance to meet controls and audit needs (e.g., access reviews, evidence collection), improve access risk management, and unlock license savings via automated revocation and right-sizing.
Mentor teammates, elevate documentation and operational excellence, and help shape the roadmap by prioritizing high-impact work in a rapidly evolving environment.

About You

Minimum Qualifications

7+ years of experience in corporate IT engineering or a related field with a focus on identity and access management (IAM) and enterprise networking.
3+ years of hands-on administration of Okta in production (1,000+ users), including SSO integrations (SAML/OIDC), SCIM provisioning, MFA, and policy design.
2+ years implementing identity governance and automation using Okta Workflows, Okta Identity Governance (OIG), or an equivalent IGA platform.
Proficiency with Infrastructure-as-Code and automation: Terraform (required) and at least one scripting language (Python, Bash, or PowerShell).
Demonstrated experience planning and executing certificate rotations and key management for SAML/TLS across multiple SaaS applications.
Hands-on experience operating and troubleshooting office network infrastructure (switching, routing, wireless, firewalls) and VPN/zero-trust access using technologies such as Cisco/Meraki, Aruba, and Palo Alto.
Proven track record leading critical incidents and executing structured change management, including authoring runbooks and conducting post-incident reviews.
Working knowledge of endpoint management and device trust (e.g., Jamf, Kandji, Intune) and integrating device posture into access controls.
Bachelor’s degree in Computer Science, Engineering, Information Systems, or equivalent practical experience.
Located in Pacific or Mountain time zone required.

Preferred Qualifications

Okta certifications (Administrator, Professional, or Consultant) and/or networking/security certifications (e.g., CCNP, PCNSE).
Experience building Git-based CI/CD pipelines for identity and network automation (e.g., GitHub Actions, CircleCI) and implementing policy-as-code.
Familiarity with compliance frameworks and audits (SOX, SOC 2, ISO 27001) and hands-on experience running access reviews and evidence collection.
Experience administering Google Workspace and/or Microsoft 365 identity and security configurations at scale.
Exposure to secrets management and PKI (e.g., HashiCorp Vault, AWS KMS) and log/monitoring platforms (e.g., Datadog, Splunk).
Strong cross-functional communication skills and experience leading complex, multi-stakeholder projects from scoping through delivery.

#LI-Remote

Instacart provides highly market-competitive compensation and benefits in each location where our employees work. This role is remote and the base pay range for a successful candidate is dependent on their permanent work location. Please review our Flex First remote work policy here. Currently, we are only hiring in the following provinces: Ontario, Alberta, British Columbia, and Nova Scotia.

Offers may vary based on many factors, such as candidate experience and skills required for the role. Additionally, this role is eligible for a new hire equity grant as well as annual refresh grants. Please read more about our benefits offerings here.

For Canadian based candidates, the base pay ranges for a successful candidate are listed below.

CAN

$148,000—$156,000 CAD

We're transforming the grocery industry

Instacart has become a lifeline for millions of people, and we’re building the team to help push our shopping cart forward. If you’re ready to do the best work of your life, come join our table.

**Instacart is a Flex First team **

Overview

About the Job

Own the architecture, security, and day-to-day operations of our enterprise Okta tenant, including delivery of Okta Identity Governance (OIG), lifecycle management, SCIM provisioning, SSO integrations (SAML/OIDC), MFA, risk-based policies, and device trust.
Design and maintain Infrastructure-as-Code for identity and access using Terraform, building reusable modules, guardrails, and automated workflows integrated with HRIS and ITSM systems to achieve least-privilege and timely provisioning/deprovisioning.
Architect, operate, and continuously improve Instacart’s office network infrastructure (firewalls, routing/switching, wireless) across SF, NYC, and Toronto; drive zero-trust segmentation, observability, capacity planning, and vendor/partner management.
Lead and participate in incident response for identity and network events, drive rapid mitigation and root-cause analysis, and implement durable remediations through post-incident reviews and change management.
Standardize and execute certificate and key lifecycles for SAML/TLS across SaaS applications; eliminate manual toil with scripting and robust runbooks that increase reliability and auditability.
Partner with Security and Compliance to meet controls and audit needs (e.g., access reviews, evidence collection), improve access risk management, and unlock license savings via automated revocation and right-sizing.
Mentor teammates, elevate documentation and operational excellence, and help shape the roadmap by prioritizing high-impact work in a rapidly evolving environment.

About You

Minimum Qualifications

7+ years of experience in corporate IT engineering or a related field with a focus on identity and access management (IAM) and enterprise networking.
3+ years of hands-on administration of Okta in production (1,000+ users), including SSO integrations (SAML/OIDC), SCIM provisioning, MFA, and policy design.
2+ years implementing identity governance and automation using Okta Workflows, Okta Identity Governance (OIG), or an equivalent IGA platform.
Proficiency with Infrastructure-as-Code and automation: Terraform (required) and at least one scripting language (Python, Bash, or PowerShell).
Demonstrated experience planning and executing certificate rotations and key management for SAML/TLS across multiple SaaS applications.
Hands-on experience operating and troubleshooting office network infrastructure (switching, routing, wireless, firewalls) and VPN/zero-trust access using technologies such as Cisco/Meraki, Aruba, and Palo Alto.
Proven track record leading critical incidents and executing structured change management, including authoring runbooks and conducting post-incident reviews.
Working knowledge of endpoint management and device trust (e.g., Jamf, Kandji, Intune) and integrating device posture into access controls.
Bachelor’s degree in Computer Science, Engineering, Information Systems, or equivalent practical experience.
Located in Pacific or Mountain time zone required.

Preferred Qualifications

Okta certifications (Administrator, Professional, or Consultant) and/or networking/security certifications (e.g., CCNP, PCNSE).
Experience building Git-based CI/CD pipelines for identity and network automation (e.g., GitHub Actions, CircleCI) and implementing policy-as-code.
Familiarity with compliance frameworks and audits (SOX, SOC 2, ISO 27001) and hands-on experience running access reviews and evidence collection.
Experience administering Google Workspace and/or Microsoft 365 identity and security configurations at scale.
Exposure to secrets management and PKI (e.g., HashiCorp Vault, AWS KMS) and log/monitoring platforms (e.g., Datadog, Splunk).
Strong cross-functional communication skills and experience leading complex, multi-stakeholder projects from scoping through delivery.

#LI-Remote

For Canadian based candidates, the base pay ranges for a successful candidate are listed below.

CAN

$148,000—$156,000 CAD

Senior Corporate Engineer II

What you'd actually do

Skills

Required

Nice to have

What the JD emphasized

Overview

About the Job

About You

Minimum Qualifications

Preferred Qualifications

Overview

About the Job

About You

Minimum Qualifications

Preferred Qualifications