Onboarding Engineer (Remote – U.S.)

📍 Location: Remote (U.S. only)
💼 Type: Full-time
💰 Compensation: $95,000 - $150,000 (subject to qualifications and experience) + equity + premium benefits

At Files.com, the Onboarding Engineer is the architect of first value. You’ll take Fortune 500s, global brands, and fast-scaling enterprises from “contract signed” to “production-grade, mission-critical deployment” — designing secure file workflows, standing up identity, hardening networks, integrating APIs, and proving ROI fast.

This is not “walk them through a checklist.” It’s deep, hands-on engineering with customers’ IT teams. You’ll wire up SAML/OIDC/SCIM with Okta or Azure AD, script automations with our API and webhooks, and unblock gnarly firewall and proxy issues — all while teaching best practices that stick.

And you do it with real engineering backing. Bugs don’t languish here; fixes ship in days, not quarters. Your feedback lands directly with Product & R&D — which means you implement with confidence, not caveats.

Who We Are

We’re Files.com, a profitable, founder-led SaaS company powering secure file transfer and automation for 4,000+ brands you know: Marc Jacobs, GrubHub, Michelin, Hot Topic, Stamps.com, Planet Fitness, KFC, and more.

We’ve built a $35M+ business with just 70 people by hiring smart, clear-thinking communicators who act fast and own outcomes. Backed by $46.5M from Riverwood Capital, we’re scaling intentionally—and this role is a core part of that growth.

Why This Role Is Different

• Onboarding as an engineering discipline: You’ll design production architectures: SSO, RBAC, data flows, automation triggers, IP allowlists, encryption at rest/in transit, audit pipelines — the works.
• Enterprise surface area, real technical depth: SFTP/FTPS/HTTPS, PGP, REST APIs, webhooks; IdPs (Okta, Azure AD, AD FS, LDAP), key management, least-privilege RBAC; hybrid networks, reverse proxies, TLS, DNS, NAT, egress controls; storage integrations (S3/Blob), SharePoint/OneDrive connectors — you’ll touch them all.
• Prevent, don’t just resolve: Support fixes after the fact. Onboarding eliminates friction up front: migration plans, throughput testing, cutover playbooks, rollback strategies, observability from day one.
• A product you’re proud to implement: Files.com powers mission-critical workflows at global scale. You’ll implement a platform that’s fast, reliable, and secure — not build workarounds for “known issues.”

What You’ll Actually Do

Design production-ready deployments

• Map requirements into robust architectures: identity, access, encryption, automation, retention, and auditability.
• Author cutover plans with throughput targets, back-pressure handling, retry logic, and verification (checksums, manifests).

Implement identity & access correctly

• Stand up SAML/OIDC SSO with Okta/Azure AD; configure SCIM for lifecycle provisioning.
• Model least-privilege RBAC, groups/roles, device/IP policies, and MFA posture.

Integrate and automate

• Connect storage backends (e.g., S3/Blob), enterprise systems, and endpoints.
• Use our REST API and webhooks to build event-driven automations; script glue in Python/PowerShell/Bash when needed.

Harden the network path

• Work through real-world constraints: egress proxies, TLS versions/cipher suites, DPI/IDS appliances, MTU/path issues, DNS/CAA/CAA misconfigurations, and IP allowlists.
• Validate performance end-to-end: parallelism, window sizes, chunking, and timeouts.

Teach, document, and scale

• Run admin training and technical handoffs; produce crisp diagrams, runbooks, and KB articles.
• Feed patterns back to Product & Engineering; turn one-off fixes into repeatable playbooks.

The Kinds of Problems You’ll Tackle Every Week

• SAML assertion bugs (NameID/ACS mismatch, clock skew) and OIDC scope/claim mapping.
• SCIM drift detection, deprovisioning safety, and group-driven role assignment.
• SFTP/FTPS tuning across high-latency links; negotiating ciphers/MACs; passive mode firewall pinholes.
• Proxy/TLS handshake failures (SNI, intermediate certs, mTLS); rotating keys/certs without downtime.
• Event-driven pipelines with webhooks, retries, idempotency keys, and dead-letter strategies.
• Bulk migrations: parallel workers, rate limiting, checksum validation, and resumable transfers.
• Building observability from day one: audit streams, SIEM forwarding, and success SLOs.

What Success Looks Like

• Production deployments shipped on schedule with zero “failed launches.”
• Adoption curves that climb in the first 30–90 days: usage, automations, departments onboarded.
• Security posture locked: SSO/SCIM live, RBAC least-privilege, audit forwarding enabled.
• Throughput targets met or exceeded with documented performance baselines and runbooks.
• Expansion signals identified early via consultative discovery (more sites, features, or storage).
• Playbooks created that the next Onboarding Engineer (or customer admin) can reuse verbatim.

Who Thrives in This Role

• ✅ You think like an engineer and a consultant: deep systems knowledge + crisp customer communication.
• ✅ You’re fluent in at least several of: SAML/OIDC/SCIM, SFTP/FTPS/HTTPS, TLS & PKI, REST/webhooks, Python/PowerShell/Bash, IP networking, proxies/firewalls.
• ✅ You enjoy live debugging over Zoom as much as writing a clean, reusable runbook after.
• ✅ You anticipate failure modes and design guardrails so they never reach production.
• ✅ You’re remote-savvy: strong async notes, tight agendas, excellent ownership.

Where This Role Can Take You

• Onboarding → Product / Platform (shape the roadmap with customer patterns)
• Onboarding → Customer Success / Strategic Accounts (own long-term outcomes)
• Onboarding → Team Lead / Manager (scale the craft across the org)

Your trajectory is limited only by your clarity, discipline, and output.

Perks & Benefits

🩺 100% Paid Health, Dental & Vision (75% for family)
💸 401(k) with 4% Company Match
📈 Equity Grants for Every Employee
🍼 Paid Parental Leave
🌴 20 PTO Days + 11 Holidays + Full Company Winter Break
💰 $1,000 Signing Bonus + Modern Apple Laptop + Anniversary Gifts
✈️ Team Travel to NYC, Austin, Nashville, Miami, and more

Bottom Line: If you want a remote role where you’ll do real engineering with enterprise IT — designing identity, securing networks, integrating APIs, and launching mission-critical workflows — this is your seat. Onboarding at Files.com is where technical craft meets customer impact.