IAM Engineer

iManageChicago, IL
$90,000 - $115,000Hybrid

About The Position

Being an IAM Engineer at iManage Means… You are iManage’s identity authority. You own the infrastructure that governs how every employee and service authenticates and accesses systems across a global, Microsoft-centric environment. Your core focus is Entra ID, SSO integrations for SaaS applications, and IAM automation - with secondary coverage for network infrastructure to support a distributed Infrastructure team. This is an individual contributor role based in London, working closely with colleagues in Belfast, Chicago, and Bangalore.

Requirements

  • 5+ years of experience in infrastructure or systems engineering with a primary focus on identity and access management.
  • Deep hands-on expertise with Microsoft Entra ID including conditional access, PIM, Identity Protection, entitlement management, and access reviews.
  • Demonstrated experience designing and maintaining SSO integrations for SaaS applications using SAML 2.0, OAuth 2.0, OIDC, and SCIM.
  • Strong scripting capability for IAM automation using PowerShell and Microsoft Graph API; Python or Bash a plus.
  • Working knowledge of PAM concepts and tooling; experience with CyberArk preferred.
  • Familiarity with Microsoft 365 E5 security tooling: Microsoft Defender for Identity, Microsoft Sentinel, and Purview.
  • Foundational networking knowledge (TCP/IP, DNS, DHCP, VPN, firewall basics) sufficient to provide secondary coverage; Palo Alto familiarity a plus.
  • Strong communication skills with the ability to convey technical detail clearly to both engineering peers and non-technical stakeholders.

Nice To Haves

  • Python or Bash scripting
  • CyberArk experience
  • Palo Alto familiarity

Responsibilities

  • Owning IAM infrastructure across the iManage environment: identity federation, SSO, directory services, and PAM via CyberArk.
  • Designing and maintaining SSO integrations for SaaS applications using SAML 2.0, OAuth 2.0, OIDC, and SCIM.
  • Administering Entra ID as the primary identity provider: user lifecycle, group management, app registrations, and conditional access.
  • Configuring and maintaining Entra ID PIM, Identity Protection, entitlement management, and access reviews.
  • Automating user lifecycle management (provisioning, deprovisioning, access reviews) via PowerShell, Graph API, and Entra ID Governance.
  • Enforcing zero-trust principles, least-privilege access, and RBAC policies across the environment.
  • Monitoring sign-in activity, risky users, and identity alerts; remediating in line with internal SLAs.
  • Managing MFA policies including Conditional Access controls, authentication methods, and exception handling.
  • Governing service account lifecycle: creation standards, CyberArk vaulting, credential rotation, and decommissioning.
  • Maintaining documentation for IAM configurations, access policies, runbooks, and SOPs.
  • Leading IAM incident response, performing root cause analysis, and implementing preventive controls.
  • Owning stale account detection and remediation, drawing on Dayforce and Active Directory lifecycle signals.
  • Supporting JML automation in partnership with Dayforce to ensure timely access changes across the employee lifecycle.
  • Managing break-glass accounts including regular review, audit logging, and alerting.
  • Providing on-call coverage for identity incidents and participating in scheduled IAM maintenance windows.

Benefits

  • Flexible working policy
  • Unlimited access to LinkedIn Learning courses
  • Unlimited access to interactive Microsoft courses & training
  • Health/Vision/Dental/Life Insurance
  • 401k Retirement Savings Plan with a company match up to 4%
  • Enhanced leave for expecting parents (20 weeks 100% paid for primary leave, and 10 weeks 100% paid for secondary leave)
  • Flexible time off policy
  • Multiple company wellness days each year
  • Access to RethinkCare, a global behavioral health platform
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service