Our Mission & Values:
At Drata, we help companies earn and keep the trust of their users, customers, partners, and prospects. We’re the proof layer that shows great companies deserve the trust they aim to build.

We live our values every day. Built on Trust means consistency is everything. Act with Integrity by always doing the right thing. Being Customer-Obsessed keeps the people we serve at the center of our work. Competitive Fire drives us to push ourselves harder than anyone else. Diversity brings unique perspectives that lead to better solutions. Automation First ensures we save time and money by making efficiency a priority.

Our Culture & Work Style 🚀

At Drata, we’re not just building software - we’re building a mindset. Everything we do springs from:

• Be a Driver (Owner‑Operator Mentality): Own your work. Improve relentlessly. Deliver results.

• Move at Drata Speed (Precision & Velocity): Fast decisions. Quick learning. Immediate impact.

• Stay Mission-Driven (Customer‑Obsessed): Challenge assumptions. Deliver value. Stay hungry.

We pair that high-velocity culture with a thoughtful hybrid model because we believe flexibility and collaboration both matter. That’s why in the Bay we come together in-office Tuesday through Thursday our high‑impact collaboration days where teams align, strategize, and innovate. Mondays and Fridays are flexible, giving you space for focused work, balance, and autonomy.

If you thrive when you’re empowered, energized, and working with smart, mission-driven people, you’ll feel at home here.

Why Join The Drata Team?

The best way to understand the Driver’s Mindset is to see it in action. We’re an award-winning, mission-driven team of 600+ people worldwide, united by a culture that values trust, speed, and continuous growth.

• See the Speed: Watch our CEO, Adam Markowitz, discuss the hyper-growth journey, from $0 to $100M ARR in just four years

• Hear the Voice of the Team: Explore our "Life at Drata" page for employee testimonials on our collaborative and the growth opportunities available.

• Experience the Impact: See why we are consistently recognized on Fortune's Best Workplaces lists.

• Connect with Us on Socials: LinkedIn - follow us for company updates, employee stories, and career news.

Job Summary:

Drata's Identity & Access Management team owns the identity, authentication, and access control infrastructure that every customer uses to access the platform — and that every internal platform service relies on for trust boundaries.

• Authentication — SSO (SAML 2.0, OIDC), session/token management, MFA. We're focused on authentication for enterprise customers — large user populations, sophisticated identity setups, and the uptime and observability that scale demands.

• Authorization — the access control model that determines what users, services, and agents can do across the platform — from role-based access to fine-grained authorization for enterprise customers, internal services, and AI-driven actions.

• Provisioning & lifecycle — SCIM 2.0 provisioning for enterprise customers like Okta, Microsoft Entra ID, and others. Group-to-role mapping, conflict resolution, and the long tail of behaviors enterprise identity setups demand.

• Identity sync infrastructure — keeping Drata's view of the customer's workforce accurate via against Okta, M365, Google, and beyond. Efficiency across provider support, customers with small to enterprise user populations and to surface what's happening clearly when something goes wrong.

• Auth for platform services and AI — providing the trust primitives other Drata services build on, and supporting authentication and human-in-the-loop authorization patterns for AI features and agentic workflows.

What you'll do:

• Design and operate Drata's authentication surface: SSO integrations (SAML, OIDC), session and token handling, MFA, and flexible enterprise identity configurations.

• Contribute to Drata's authorization architecture — collaborating on direction, owning meaningful pieces of execution, and bringing your perspective on the tradeoffs (RBAC vs. ABAC vs. etc., policy engines, audit and observability of access decisions).

• Build and harden SCIM provisioning at enterprise scale: group sync, role mapping, deactivation, conflict resolution, and the long tail of IdP-specific behavior.

• Build and operate identity sync workflows — full and delta syncs across major identity providers — with the observability, retry semantics, and parity guarantees enterprise sync demands.

• Build authentication and authorization for AI features and agentic flows: scoped credentials for AI agents, human-in-the-loop approval workflows, and the audit trail needed to defend AI-driven actions in a compliance product.

• Provide the auth primitives other platform services depend on, and represent IAM in cross-team architecture discussions.

• Threat-model identity surfaces, partner with security on hardening, and own the response when identity is implicated in an incident.

What you'll bring:

• 7+ years building production software, with meaningful time spent on authentication, authorization, or identity infrastructure.

• 3+ years experience in a NodeJS / TypeScript codebase with a deep understanding of Typescript.

• Working knowledge of the identity protocols this team operates against: OAuth 2.0 / OIDC, SAML 2.0, SCIM 2.0. You don't need to have shipped all three — fluent enough to design against them.

• Experience designing or operating access control systems — at minimum RBAC, ideally with exposure to attribute-based or relationship-based authorization.

• Working knowledge of surfacing observability & security information from complex systems.

• Experience designing and collaborating on API design and architecture

• Strong fundamentals in session management, token lifecycle, MFA, and the security tradeoffs that come with each.

• Production experience operating on a major cloud (AWS preferred; we use it heavily).

• Security-first instinct: you think about misuse before you ship, and you can defend a design decision against a threat model.

• Comfortable in collaborative architecture work — contributing to designs you don't fully own while owning execution on the pieces you do.

Nice-to-Haves

• Experience integrating with or building on top of identity platforms: Okta, Microsoft Entra ID, Auth0, Ping, WorkOS.

• Experience with authorization engines (OpenFGA, Cedar, OPA) or with designing a custom policy model.

• Experience operating SCIM, SSO, or identity sync at enterprise scale (multi-IdP, multi-domain customers).

• Familiarity with durable workflow engines (e.g., Temporal).

• Experience with HRIS API integrations

• Compliance context: SOC 2, ISO 27001, NIST, FedRAMP — Drata is a compliance product, so a working understanding helps.

• Experience building auth for AI agents, MCP servers, or other emerging agentic-system contexts — scoped credentials, delegation, HITL approvals.

• Bug bounty, appsec, or red-team experience on identity surfaces.

How we support you:
At Drata, our people are our strongest advantage—and we prove it with support that exceeds industry standards. Our total rewards package is designed to power your well-being, accelerate your growth, and keep your work-life balance thriving.

Explore how we invest in your Life at Drata.

• Shared Success: We provide stock equity to ensure that as the company grows, you share directly in that success. Equity gives every employee a sense of ownership and the opportunity to celebrate our wins together—because your contributions don’t just support our progress; they help drive our collective success.

• Health & Wellness: Up to 100% employer-paid premiums for medical, dental, and vision coverage for employees and their dependents, along with comprehensive wellness benefits and healthcare concierge services designed to support your needs beyond traditional insurance.

• Financial Well-being: A comprehensive suite of financial benefits, including a 401(k) plan, company-paid life and disability insurance, tax-advantaged spending accounts, and a range of discounted voluntary offerings to help you customize and strengthen your overall financial position.

• Family Support: We want to support you in life's most important moments, so we offer a paid Parental Leave policy, after six months of employment. Employees also receive access to Kindbody fertility and family-building benefits and dedicated leave specialists who help guide you through the entire process.

• Growth & Development: Generous annual stipends for both professional and personal development, empowering you to invest in your continued growth. You’ll also have access to a wide range of internal learning opportunities, ensuring you can build new skills, deepen your expertise, and advance your career with confidence.

• Time Off & Flexibility: We believe that to do your best work, you should get the time you need for rest, rejuvenation and recovery. Drata offers a flexible vacation policy, paid holidays, and other perks to recharge.

This role will receive a competitive base salary, benefits, and stock, typically in the form of Restricted Stock Units (RSUs). The applicable salary range for this role is: $174,500 - $236,100.

A variety of factors are considered when determining someone’s leveling and compensation–including a candidate’s professional background and experience. These ranges may be modified in the future and final offer amounts may vary from the amounts listed above.