ID.me
Product Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About ID.me
ID.me is a secure digital identity network and wallet that allows individuals to verify their identity once and use it across various sectors, including government agencies, healthcare organizations, and consumer brands. Founded in 2010 by Blake Hall, the company has evolved from its origins as TroopSwap into a trusted identity provider, rebranding to ID.me in 2013. It aims to create a portable identity wallet for all Americans, emphasizing user control, privacy, and accessibility. The core offering of ID.me is its digital identity wallet, which is free for consumers and has over 139 million users. The company provides identity proofing and verification through self-service, video chat, or in-person methods that meet federal standards. It also offers secure authentication and login solutions that are phishing-resistant and portable across different sites. ID.me serves a wide range of clients, including 20 federal agencies and over 600 consumer brands, helping to streamline access to services and prevent fraud.
Security at ID.me
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“ID.me's AppSec philosophy is centered on making the world a more trusted place, supported by a dedicated and experienced security team. Their risk philosophy is structured by the NIST Risk Management Framework, including Kantara Initiative Identity management controls. They acknowledge an 'audacious mission'. However, information regarding developer enablement versus gatekeeping, and specific risk-scoring or SLA-based vulnerability remediation commitments, is not publicly available.”
Security Team
The AppSec team's organizational structure and reporting line are not publicly available. Key public-facing leaders include Blake Hall, Founder & CEO, and Robert Phan, Chief Information Security Officer. A representative quote from ID.me is 'ID.me is the next-generation digital identity wallet'. The team size, active AppSec job postings, and common skill/tool patterns are not publicly available. There are no public org-chart, reporting-line, or AppSec headcount found, and no authoritative, current list of open AppSec roles with tool lists was found.
Key Initiatives
- ID.me does not have publicly available information regarding a Security Champions Program, specific 'Shift Left' practices (like IDE, pre-commit, or CI/CD security actions), or detailed vulnerability management processes including intake sources, SLAs, MTTR, or ticket ownership.
- However, they are 'responsible for integrating security throughout the product lifecycle'.
- A recent initiative includes bringing 'secure access and improved user experience to Medicare.gov in early 2026!'.
- Public evidence focuses on identity assurance, compliance, and federal certifications rather than developer-facing AppSec workflows.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.