Canoo Technologies Inc.

Sr. Cloud IAM Security Engineer

Full Time
Location : Location
Additional Locations

About Canoo

About Canoo

 Canoo’s mission is to bring EVs to Everyone and build a world-class team to deploy this sustainable mobility revolution. We have developed breakthrough electric vehicles that are reinventing the automotive landscape with pioneering technologies, award-winning designs, and a unique business model that spans all owners in the full lifecycle of the vehicle. Canoo is starting production in 2022 and is distinguished by its pioneering and experienced team of technologists, engineers, and designers. With offices around the country, the company is scaling quickly and seeking candidates who love to challenge themselves, are motivated by purpose, and possess a strong desire to get things done.


The “Canoo Way”

 Canoo’s success is the direct result of our disciplined application of our core operating principles and drills, which are based on three main principles: Think 80/20 (“Important versus less important”), Act 30/30 (“Reduce waste and increase output”), and Live 90/10 (“We have each other’s back”). We hire based on “MET” - Mindset, Equipment and willingness to Train - and seek individuals that take accountability and deliver results while being Humble, Hungry to succeed, and Hunting for opportunities to win. We train our team to engage with each other by modulating between their intellect (iQ) and emotional intelligence (eQ), applying Facts, Finesse, and Force when they communicate. The principles and drills of the CANOO Way have been fundamental to our success, our ability to grow, continuously improve, innovate and are at the core of our day-to-day operations.


Canoo is looking for top Cloud Identity and Access Management (IAM) top talent to help continuously improve our platform.  This role requires hands-on AWS expertise, continuously governing and protecting all access vectors associated with Canoo cloud environments.  This role includes Privileged Access Management (PAM) and Just in Time (JIT) access.


This Cloud IAM role includes responsibility for technical design, implementation, and operations of IAM foundational technology platform, operationalizing processes across HR and IT, and supporting compliance objectives and reporting. 


If you have passion for cutting edge cloud services, deep interest in cybersecurity architecture and information security technologies, can convert complex requirements into efficient designs, and enjoy working in a fast-paced environment with talented engineers then Canoo is for you.


The ideal candidate must have hands-on experience with:

  • Design, implementation, and integration of IAM solutions in an AWS and MS Azure/O365 cloud environment
  • Architectural design of Access Control, User Entitlements, Application Credentials, User Access Policy Management
  • Enhancing security related to PAM
  • Create and maintain documentation, including process and technical
  • Oversight IAM functions company-wide and provide regular status reports
  • Regularly develop and maintain metrics and Key Risk Indicators (KRI) for IAM services
  • Ensure users are granted access to cloud and SaaS environments, systems, applications, and databases based on their job responsibilities
  • Employ and maintain Segregation of Duties (SoD) and least privilege principles across all services



  • Coding ability using C, C++, C#, Python, Java, or PowerShell
  • 5+ years of validated experience in IAM
  • Hands-on AWS experience, including using AWS CLI, Terraform, IAM Roles, role adoption and IAM Policies
  • 2+ years of in-depth experience working with IAM within Microsoft Azure cloud services and Amazon Web Services (AWS) environments
  • Hands-on experience with creating, modifying, maintaining user access via Saviynt, SailPoint or MS
  • Hands-on experience with assigning entitlements to roles and groups via RBAC
  • Worked with application registrations and granting required permissions to non-Human accounts in the cloud
  • Experience with modern API protocols (REST, SCIM, etc.)
  • Experience with role-based access provisioning, establishing team-based roles and assigning them entitlements


  • Experience working in a highly regulated (audited) Information Security work environment
  • Experience designing and implementing Identity Federation
  • Experience configuring and operating Okta
  • Hands-on experience with OAuth and API security
  • Experience with IAM Operational tasks – User provisioning, IDM Platform Configuration, Role design/mining, build and execute periodic access reviews
  • Familiar with Identity Governance and Administration concepts, including entitlements, role-based access provisioning, zero trust and access certifications
  • Familiar with Active Directory concepts, including users, computers, groups, policies
  • Solid understanding of protocols, services, and traffic flows for authentication
  • Ability to work on multiple projects at a time in a fast-paced environment.

What's Cool About Working Here...

  • Meaningful, challenging work that will redefine automotive landscape and make EVs available to everyone
  • Comprehensive Health Insurance
  • Equity Compensation
  • Flexible Paid Time Off
  • Casual workplace with an unbelievable feeling of energy

Canoo is an equal opportunity-affirmative action employer and considers all qualified applicants for employment based on business needs, job requirements and individual qualifications, without regard to race, color, religion, sex, age, disability, sexual orientation, gender identity or expression, marital status, past or present military service or any other status protected by the laws or regulations in the locations where we operate. We also consider qualified applicants with criminal histories consistent with applicable federal, state and local law.


Any unsolicited resumes or candidate profiles submitted in response to our job posting shall be considered the property of Canoo Inc. and its subsidiaries and are not subject to payment of referral or placement fees if any such candidate is later hired by Canoo unless you have a signed written agreement in place with us which covers the applicable job posting. 


Canoo cares deeply about the safety of all candidates who may be asked to participate in an in-person interview. While the company remains operational, some of our positions are remote, while others require working on-site. Canoo is following the Covid-19 protocols set forth by local state and federal governance and the CDC guidelines. Candidates who are vaccinated will be asked to provide a copy of proof of vaccination upon arrival for the interview. Candidates who are not vaccinated will be asked to provide proof of a negative Covid-19 test that is no less than 48 hours old. We ask that you practice hand hygiene, social distance, and wear face coverings to reduce the risks of exposure to Covid-19. We appreciate your cooperation with our safety protocols while you explore your future with Canoo!


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed