Job Specifications
Why Deliveroo
Our mission is to transform the way you shop and eat, bringing the neighbourhood to your door by connecting consumers, restaurants, shops and riders. We are transforming the way the world eats and shops by making access to food and products more convenient and enjoyable. We give people the opportunity to buy what they want, as they want it, when and where they want it.
We are a technology-driven company at the forefront of the most rapidly expanding industry in the world. We are still a small team, making a very large impact, looking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.
About The Role
We are looking for a Staff Security Engineer (L6) with deep expertise in Identity & Access Management (IAM) to help design, build, and evolve our identity, authentication, and access control capabilities across the organisation.
This is a hands-on senior engineering role within Corporate Security Engineering. You will act as a technical leader across IAM and broader security engineering initiatives - designing scalable identity systems, building secure-by-default access controls, and developing internal integrations and automation that materially improve our risk posture.
You will combine strong security engineering capability with deep IAM domain knowledge, influencing architectural decisions, mentoring engineers, and partnering with stakeholders across engineering, IT, compliance, and product teams.
What You'll Be Doing
Identity & Access Architecture
Own and evolve Deliveroo’s IAM architecture across identity providers (e.g., Okta, Azure AD, Google Cloud Identity), identity governance (e.g., ConductorOne, SailPoint IdentityNow), and cloud IAM (AWS/GCP).
Design scalable solutions for authentication, authorisation, provisioning, deprovisioning, RBAC/ABAC, JIT access, and privileged access management.
Drive improvements to access governance processes including certifications, SoD controls, and policy enforcement.
Lead implementations and technical integrations between domains, ensuring engineering core principles are adhered to.
Develop ‘Paved Roads’ for stakeholders enforcing IAM best good practices to teams.
Security Engineering
Deliveroo’s strategy is to leverage best-in-class security and IAM tooling wherever possible. In this role, you will maximise the value of those platforms by designing and building the custom integrations, middleware, and complementary automation that surround them.
This Includes
Developing bespoke integrations between IAM platforms and internal systems to ensure seamless lifecycle management and access governance.
Building middleware solutions to address edge cases (e.g. automated group creation where authoritative HR data does not exist).
Designing and implementing self-service RBAC capabilities that enable business teams to manage roles within defined guardrails.
Creating automation layers that enhance ROI from commercial tooling by reducing manual effort and embedding controls into engineering workflows.
Extending off-the-shelf platforms with APIs, event-driven services, and workflow orchestration to meet Deliveroo’s scale and complexity.
You will focus on ensuring our purchased tooling is deeply integrated, automated, and aligned with our broader security architecture.
Automation & Integration
Build scalable automation across IAM services using modern programming languages (e.g., Go, Java, Python, JavaScript).
Develop and maintain integrations using REST APIs, SCIM, webhooks, and event-driven architectures.
Embed IAM controls into CI/CD pipelines and infrastructure-as-code environments.
Improve reliability and reduce manual operational burden through engineering-led solutions.
Cloud & Platform Security
Work across AWS, GCP, or Azure environments to ensure IAM and security architecture aligns with cloud-native best practices.
Design and review IAM roles, policies, and trust boundaries in cloud environments.
Support Zero Trust and secure-by-default principles across infrastructure and application layers.
Technical Leadership & Influence
Act as a subject matter expert in IAM across the organisation.
Mentor and support engineers in secure design, IAM protocols, and security engineering practices.
Partner with Security GRC, IT, and Engineering leadership to balance risk reduction with developer experience.
Influence adoption of best practices across authentication, authorisation, and access governance.
Requirements
7+ years of experience in software or security engineering, with significant hands-on technical depth.
Strong experience in at least one modern programming language (Go, Java, Scala, Python, or similar).
Proven experience designing and operating IAM systems in a cloud-first environment.
Deep understanding of authentication and authorisation protocols:
SAML
OAuth2 / OIDC
SCIM
MFA and modern identity assurance methods
Experience with identity provider
About the Company
Deliveroo is an award-winning delivery service founded in 2013 by William Shu and Greg Orlowski.
Deliveroo works with approximately 176,000 best-loved restaurants and grocery partners, as well as around 150,000 riders to provide the best food delivery experience in the world. Deliveroo is headquartered in London, with offices around the globe.
Deliveroo operates across 10 markets, including Belgium, France, Hong Kong, Italy, Ireland, Qatar, Singapore, United Arab Emirates, Kuwait and the United Kingdom.
Know more