Software Engineer Onboarding Checklist

Pull the countersigned offer from the ATS (Greenhouse, Lever, or Ashby) and confirm the start date matches the calendar invite People Ops sent. Confirm work authorization status — H-1B transfers, OPT, and STEM extensions all have different I-9 timelines and the People Ops lead needs lead time.

The engineer's discipline drives access provisioning downstream — DevOps/SRE engineers need cloud admin and PagerDuty from day 1; product engineers usually do not. Capture the role here so later steps can branch.

Default loadout: 16" MacBook Pro for product engineers, Linux laptop on request for platform/SRE. Confirm shipping address — remote hires need 5+ business days lead time. Include monitor, dock, keyboard, and YubiKey if SSO requires hardware MFA.

I-9 Section 2 must be completed within 3 business days of start; remote hires use an authorized representative. People Ops handles the forms via Rippling/Gusto/Justworks — engineering manager just confirms the engineer received the email and finished the workflow.

Required for SOC 2 evidence — the auditor will sample new-hire packets and look for both signatures. Acceptable-use covers the BYOD policy (if any), production-data handling, and the no-personal-cloud rule for code.

Confirm the device shows up in Jamf or Kandji with disk encryption (FileVault), screen lock, and OS up to date. Unenrolled laptops are the #1 SOC 2 finding for engineering teams. Install 1Password or the team password manager before any other software.

SCIM-provision downstream apps (GitHub, AWS, Datadog, Jira, Linear) from Okta groups rather than creating accounts directly — keeps offboarding clean and prevents the dangling-account problem auditors flag every cycle.

Add to the engineer's product team in the GitHub org so CODEOWNERS routes reviews correctly. Default to least-privilege — read on archived/legacy repos, write on the team's active repos. Admin on any repo is reserved for tech leads.

Add to the appropriate AWS SSO permission set (developer-readonly for product engineers, developer-write on staging only by default). Production write access is break-glass and goes through a separate approval — do not provision it at onboarding.

Add to the team's PagerDuty schedule as shadow only for the first 30 days — paged but not primary. Confirm the engineer has installed the mobile app and tested an alert. Share the runbook repo and on-call expectations doc before any shadow rotation begins.

Cover branch protection rules, the PR template, required status checks, and CODEOWNERS. Point out the architectural decision records (ADRs) folder so the engineer knows where the team's design history lives.

Buddy pairs through the README — Docker Compose stack up, seed data loaded, test suite green, IDE configured with the team's linter and formatter. Track time-to-first-green-test as a leading indicator of onboarding friction; anything over 4 hours is a docs bug.

Goal is to exercise the full pipeline — clone, branch, commit signed, push, open PR, get review, pass CI, merge, see deploy. Pick a docs typo, a test improvement, or a small refactor. The point is the round trip, not the line count.

Weekly 30-min 1:1 with the manager, biweekly 30-min with the tech lead for the first quarter. Share the team's 1:1 doc template so the engineer knows the format. Skip-level with the director is scheduled for week 4, not week 1.

Cover what's working, what's blocking, and whether the buddy assignment is productive. Common 30-day blockers: missing access to a downstream system, unclear team priorities, or a local dev environment that still doesn't work end-to-end.

Triggered when the 30-day check-in flagged concerns. Document specific blockers, owner, and target resolution date in the engineer's 1:1 doc. Loop in skip-level if the blocker is structural (team scope, role mismatch, missing access that IT can't resolve).

Triggered for engineers hired into on-call-eligible roles. Confirm shadow rotation is complete, runbooks have been exercised in at least one real or game-day incident, and the engineer is comfortable being paged primary. Add to the rotation only after this gate.