IAM Engineer

About The Position

Requirements

• Bachelor’s degree in computer science, information technology, cybersecurity, or a closely related field, or an equivalent combination of education and directly related experience.
• 5+ years of progressively responsible experience in information technology, cybersecurity, or identity and access management, including areas such as IAM engineering, systems administration, enterprise application integration, directory services, or authentication services.
• 4+ years of hands-on experience implementing, configuring, and supporting enterprise IAM platforms and related services, including single sign-on (SSO), multifactor authentication (MFA), directory integrations, and application onboarding.
• Experience with scripting, APIs, or automation tools used to support integrations, workflow automation, and operational efficiency.
• Hands-on experience with enterprise IAM technologies and protocols such as Okta, SailPoint, Ping Identity, Active Directory, LDAP, SAML, OAuth, OpenID Connect, or similar tools and standards.
• Working knowledge of IAM architecture and core identity services, including single sign-on (SSO), multifactor authentication (MFA), directory services, role-based access, provisioning, and deprovisioning.
• Knowledge of information security principles and access governance practices, including least privilege, role governance, secure authentication, and audit readiness.
• Ability to troubleshoot complex technical issues, evaluate solution options, and implement sustainable improvements in a dynamic environment.
• Ability to communicate technical concepts clearly and effectively with technical teams, support staff, vendors, and business stakeholders.
• Candidates must be currently authorized to work in the United States.
• Successful completion of a background investigation is required for this position.

Nice To Haves

• Master’s degree in computer science, information technology, cybersecurity, or a closely related field.
• Direct hands-on experience with Okta administration, configuration, and application integration is strongly preferred.
• Experience designing and supporting IAM workflows, automation, and identity lifecycle processes in a complex enterprise environment.
• Experience leading or supporting implementation of a new IAM platform, major IAM enhancement, or modernization initiative.
• Experience with access governance, role design, provisioning and deprovisioning, application onboarding, and automated access controls in a complex enterprise environment.
• Relevant industry certifications such as CISSP, CISM, or IAM-related certifications.

Responsibilities

• Design, implement, administer, and continuously improve enterprise IAM services and integrations that protect institutional systems, data, and applications.
• Configure and maintain IAM platforms, authentication services, directory services, and related integrations, including documentation, configuration standards, and operational procedures.
• Lead and support single sign-on (SSO) and multifactor authentication (MFA) integrations for applications at Mines through the university’s enterprise identity platform, Okta, in partnership with vendors and campus stakeholders.
• Troubleshoot and resolve IAM-related issues, implement enhancements, and optimize services to improve reliability, performance, and user experience while minimizing technical debt.
• Create and maintain technical documentation, knowledge base content, and operational guidance, and provide knowledge transfer and training to support staff, system administrators, and other IT partners.
• Collaborate with teams across IT and institutional stakeholders to ensure identity services align with security, infrastructure, application, compliance, and business requirements.
• Plan, design, and enhance IAM solutions, workflows, and automation that support scalable, consistent, and secure service delivery.
• Develop and refine role-based access models, identity lifecycle standards, and access governance practices that support appropriate access and operational efficiency.
• Evaluate current-state services and authentication patterns to identify modernization opportunities, improve usability, and strengthen long-term sustainability.
• Provide guidance and training to support staff and partners to strengthen understanding of IAM services, support processes, and common user issues.
• Communicate planned maintenance, service disruptions, and other service impacts to appropriate stakeholders and support teams.
• Engage with campus partners and the broader professional community to understand identity-related needs, share knowledge, and support service improvement.
• Participate in relevant working groups, communities of practice, and institutional initiatives related to IAM and supporting technologies.

Benefits

• Flexible health and dental care options
• Generous sick/vacation time
• 13 paid holidays per year – including a week-long winter break for entire campus.
• Fully vested retirement plan on first day of employment, with generous employer contribution
• Tuition benefits (6 credits per year for employees, 50 percent discount for dependents)
• Free RTD Ecopass
• Discount programs through the State of Colorado
• Free tickets for Mines Athletics home games
• Access to the state of the art Recreation Center (fitness classes and training, swimming pool and more)
• Equipment rentals through the Outdoor Rec Center
• On campus daycare center