Principal Engineering Manager, Identity & Access Management

GitHub is looking for a Principal Engineering Manager to lead Identity & Access Management for GitHub’s workforce and production systems. Identity is foundational to GitHub’s regulatory commitments, cloud strategy, internal security model, and the trust boundaries that protect access to critical infrastructure. Getting it right is one of the highest-leverage things we can do to secure GitHub at scale.

You will lead the team responsible for GitHub’s IAM platform across identity lifecycle, entitlements, privileged access, identity federation, workforce identity providers, and secured administrative access patterns. These systems sit on the critical path for Hubber productivity and production security, and they must operate with high reliability, strong usability, and clear security guarantees.

This role requires both deep technical judgment and strong organizational leadership. You will partner across Security, Infrastructure, IT, Legal, Compliance, and Engineering teams to define strategy, build paved paths, improve operational maturity, and make least-privilege and just-in-time access the default across GitHub. You will lead engineers, create clarity in ambiguous spaces, and help the team deliver durable systems rather than one-off policy-driven solutions.

This is a unique opportunity to shape the identity foundation that protects GitHub’s internal systems today while preparing the company for a future where access decisions must be increasingly automated, policy-driven, and consumable by both humans and agents.

• Lead the engineering strategy and technical roadmap for GitHub’s Identity & Access Management service area, spanning identity lifecycle, entitlements, privileged access, identity federation, and workforce identity providers.
• Build and support high-performing engineering teams by coaching engineers, managing performance, growing technical leadership, and fostering a culture of ownership, inclusion, operational excellence, and learning.
• Drive multi-quarter IAM platform evolution, including programs such as identity provider migrations, privileged access maturation, least-privilege access models, access automation, and identity platform consolidation.
• Partner with Security, Infrastructure, IT, Compliance, Legal, and product engineering teams to define requirements, resolve dependencies, and ensure IAM systems meet GitHub’s security, regulatory, reliability, and usability needs.
• Make secure access the easiest path by investing in paved paths, automation, APIs, and agent-consumable interfaces rather than relying on manual processes or policy memos.
• Oversee reliability, supportability, and operational maturity for Tier-0 IAM services, including incident response, postmortems, observability, deployment safety, rollback strategies, and systemic reduction of operational toil.
• Guide teams in designing scalable, secure, observable systems that support least privilege, just-in-time access, strong authentication, authorization, auditability, and identity governance at GitHub scale.
• Create clarity across ambiguous security and infrastructure programs, balancing long-term correctness with pragmatic delivery, phased cutovers, parity validation, and safe migration strategies.
• Raise the engineering bar through design reviews, architecture guidance, quality practices, automation, and mentorship across the IAM organization and adjacent engineering teams.

Required Qualifications:

• 11+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
  • OR Associate’s Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 10+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
  • OR Bachelor's Degree in Computer Science or related field AND 9+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
  • OR Master's Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 7+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python.
  • OR PhD Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 5+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python,
  • OR equivalent experience.
• 5+ years people management experience.

Preferred Qualifications:

• Experience leading engineering teams responsible for identity, access management, infrastructure security, internal developer platforms, or other Tier-0 production services.
• Experience with identity directories and providers such as Okta, Entra ID/Azure AD, or similar workforce identity platforms.
• Familiarity with authentication, authorization, federation, provisioning, and access-control patterns, including OAuth, OIDC, SAML, SCIM, and LDAP.
• Experience leading large-scale identity platform migrations or consolidations, including parity validation, device trust, phased cutovers, rollback strategies, and dependent-team coordination.
• Strong understanding of privileged access management, least privilege, just-in-time access, entitlement governance, access reviews, auditability, and operating IAM or security-critical services in Azure, AWS, or GCP.
• Proven track record building and scaling engineering organizations in high-growth, high-ambiguity, or security-sensitive environments while partnering across Security, Infrastructure, IT, Legal, Compliance, and Engineering to deliver durable platform outcomes, including systems and APIs for programmatic or AI-agent consumption.

GitHub values

• Customer-obsessed
• Ship to learn
• Growth mindset
• Own the outcome
• Better together
• Diverse and inclusive

Manager fundamentals

• Model
• Coach
• Care

Leadership principles

• Create clarity
• Generate energy
• Deliver success