🚀 Whatnot

Whatnot is a livestream shopping platform and marketplace backed by Andreessen Horowitz, Y Combinator, and CapitalG. We’re building the future of ecommerce, bringing together community, shopping and entertainment. We are committed to our values, and as a remote-first team, we operate out of hubs within the US, Canada, UK, Ireland, and Germany today.

We’re innovating in the fast-paced world of live auctions in categories including sports, fashion, video games, and streetwear. The platform couples rigorous seller vetting with a focus on community to create a welcoming space for buyers and sellers to share their passions with others.

And, we’re growing. Whatnot has been the fastest growing marketplace in the US over the past two years and we’re hiring forward-thinking problem solvers across all functional areas.

💻 Role

The Customer Identity Access Management architect role (CIAM) is responsible for building solutions that enable Whatnot customers to securely authenticate, organize and manage their identities and profile data from one centralized place. Advance our customers' access to our applications and services by offering seamless access control mechanisms, advanced authentication methods, progressive profiling, and a consolidated identity.

  • Gather, share, and coach industry best practices for implementing customer identity and access in both front-end and back-end implementations.
  • Work closely with the Security team to identify broader security controls to reduce risk for the enterprise.
  • Collaborate in the design, development, deployment, and maintenance of applications that involve customer Identity and Access Management (CIAM) systems and solutions.
  • Engage with engineers across the entire organization to leverage our authorization and authentication strategy and implementation.
  • Take ownership of features from start to finish, facilitating review and discussion with peers and partners to ensure features meet product requirements.
  • Work in close partnership with your engineering leaders to build out and execute everything from project design to engineering and security standards.

👋 You

Curious about who thrives at Whatnot? We’ve found that low ego, a growth mindset, and leaning into action and high impact goes a long way here.

As our IAM Architect, you should have a minimum of 7+ years of relevant experience in security, preferably in a large enterprise environment, plus:

  • Bachelor’s degree in Computer Science, Computer Engineering, Cybersecurity, a related field, or equivalent work experience.
  • 7+ years of implementing identity and access systems in various coding languages.
  • Enthusiasm for scalable, reproducible security management.
  • Self-motivated and creative problem-solver able to work independently with minimal guidance.
  • Strong ability to work collaboratively across teams during high-stress situations.
  • Ability to manage multiple competing priorities and use good judgment to establish an order of priorities on the fly.
  • Understanding of IAM protocols and concepts such as SAML, OIDC, OAuth, and PAM.
  • Software development skills in languages such as Python.
  • Experience with Authorization frameworks for applications.
  • Experience in Security or building authentication and authorization products.


Whatnot is proud to be an Equal Opportunity Employer. We value diversity, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, parental status, disability status, or any other status protected by local law. We believe that our work is better and our company culture is improved when we encourage, support, and respect the different skills and experiences represented within our workforce.

Apply for this Job

* Required
resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)

Enter the verification code sent to to confirm you are not a robot, then submit your application.

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.