Now Brewing – cybersecurity engineer senior, Identity Lifecycle and Authentication Services! #tobeapartner
 
From the beginning, Starbucks set out to be a different kind of company. One that not only celebrated coffee and the rich tradition, but that also brought a feeling of connection. We are known for developing extraordinary leaders who share this passion and are guided by their service to others.

This role contributes to Starbucks’ success by implementing and continuously enhancing enterprise-wide Identity and Access Management (IAM) solutions that ensure secure, compliant, and efficient access to systems and data.

A successful Senior Cybersecurity Engineer on the Identity and Access Management (IAM) team at Starbucks is a hands-on technical professional with deep expertise in identity lifecycle, authentication, and authorization services. You thrive in a fast-paced, collaborative environment and are passionate about building secure, scalable identity solutions that deliver exceptional user experiences while meeting enterprise-grade security standards. You bring senior-level expertise in at least two key areas such as automated Identity Lifecycle Management (ILM) for workforce and B2B, modern authentication technologies like FIDO2/WebAuthn, Cloud and/or Directory Services, and Privileged Access Management (PAM). This broad technical foundation allows you to design and implement robust identity solutions that support both legacy and cloud-native environments, advancing Starbucks’ Zero Trust strategy and secure workforce enablement.

In this role, you will contribute to the design and delivery of a resilient, enterprise-scale identity platform that supports Starbucks’ global workforce and trusted external partners. Partnering with cross-functional teams, you will implement advanced identity capabilities such as hybrid authentication, automated identity lifecycle orchestration, and adaptive access controls using protocols like Continuous Access Evaluation Protocol (CAEP).

You will also contribute to the evolution of Starbucks’ Zero Trust architecture by applying technologies such as Just-In-Time (JIT) provisioning, SCIM for standardized identity data exchange, Identity Governance and Administration (IGA) platforms for access certification and role-based controls, and modern identity protocols and frameworks such as CTAP for user authentication and FIDO Device Onboarding (FDO) for secure device provisioning. This is a unique opportunity to shape secure digital access at scale while delivering intelligent, seamless, and compliant identity experiences across a dynamic enterprise environment.

As a cybersecurity engineer senior, Identity Lifecycle and Authentication Services, you will...

Deploy and maintain identity services that support authentication, authorization, and lifecycle management across cloud and on-prem environments.Contribute to the design and enforcement of Zero Trust principles across identity workflows.Conduct technical evaluations, proof-of-concepts, and vendor assessments for identity-related tools and services.Support the integration of technologies such as IGA, adaptive access controls and risk-based authentication mechanisms into Starbucks’ identity ecosystem.Configure and implement identity solutions using protocols and standards such as SAML, OAuth, OpenID Connect, and SCIM.Develop and maintain documentation, runbooks, and knowledge articles for identity services.Participate in incident response and troubleshooting related to identity and access issues.Collaborate with engineering, security, and business teams to integrate identity solutions into enterprise platforms and applications.Partner with the Security Architecture team to ensure platform goals and security solutions align with business strategy and objectives.Monitor threat intelligence feeds and reports, and develop remediation strategies based on findings.Design and implement security controls that meet compliance requirements, including SOX, PCI, and internal controls.Provide mentorship and technical guidance to junior engineers and cross-functional partners.

We’d love to hear from people with...

Basic Qualifications

5+ years of experience in information technology, with a strong emphasis on cybersecurity

5+ years of hands-on experience in Identity and Access Management (IAM), including workforce and B2B identity lifecycle management, and authentication processes

Demonstrated experience deploying and managing cloud identity platforms like Microsoft Entra ID in complex-hybrid environments

Solid understanding of identity standards and technologies such as SAML, OAuth, OpenID Connect, SCIM, and MFA

Solid understanding of IAM principles, including user lifecycle management, provisioning with SCIM, and compliance frameworks

Expertise in developing and executing enterprise-wide identity strategies and governance frameworks. Experience with IAM automation, including workflows, API integrations, and scripting (e.g. PowerShell)

Deep knowledge on Role-Based Access Control (RBAC) and fine-grained authorization including lifecycle management of non-human identities (NHIs)

Proven ability to assess, mitigate, and respond to cybersecurity risks and vulnerabilities

Excellent written and verbal communication skills, with the ability to convey complex technical concepts to diverse audiences
 

Preferred Qualifications

Certifications such as CISSP, CISM, CIPM, or others focused on cybersecurity, IAM, data privacy or information risk management.

 

As a Starbucks partner, you (and your family) will have access to medical, dental, vision, basic and supplemental life insurance, and other voluntary insurance benefits. Partners have access to short-term and long-term disability, paid parental leave, family expansion reimbursement, paid vacation from date of hire*, sick time (accrued at 1 hour for every 25 hours worked), eight paid holidays, and two personal days per year. Starbucks also offers eligible partners participation in a 401(k) retirement plan with employer match, a discounted company stock program (S.I.P.), Starbucks equity program (Bean Stock), incentivized emergency savings, and financial well-being tools.  Additionally, Starbucks offers 100% upfront tuition coverage for a first-time bachelor’s degree through Arizona State University’s online program via the Starbucks College Achievement Plan, student loan management resources, and access to other educational opportunities.  You will also have access to backup care and DACA reimbursement.   Starbucks will comply with any applicable state and local laws regarding employee leave benefits, including, but not limited to providing time off pursuant to the Colorado Healthy Families and Workplaces Act, and in accordance with its plans and policies. This list is subject to change depending on collective bargaining in locations where partners have a certified bargaining representative. For additional information regarding partner perks and more detailed information about benefits, go to starbucksbenefits.com.

*If you are working in CA, CO, IL, LA, ME, MA, NE, ND or RI, you will accrue vacation up to a maximum of 120 hours (190 in CA) for roles below director and 200 hours (316 in CA) for roles at director or above.  For roles in other states, you will be granted vacation time starting at 120 hours annually for roles below director and 200 hours annually for roles director and above.

The actual base pay offered to the successful candidate will be based on multiple factors, including but not limited to job-related knowledge/skills, experience, geographical location, and internal equity.  At Starbucks, it is not typical for an individual to be hired at the high end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate.

Join us and inspire with every cup. Apply today!

Starbucks Coffee Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, or protected veteran status, or any other characteristic protected by law.

Qualified applicants with criminal histories will be considered for employment in a manner consistent with all federal, state and local ordinances.
 
Starbucks Coffee Company is committed to offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability, please contact us at applicantaccommodation@starbucks.com or 1(888) 611-2258.