Identity and Access Management Consultant

Collective InsightsAtlanta, GA
8d

About The Position

As an Identity and Access Management Consultant, you will build and integrate identity solutions across Identity & Access Management, Identity Governance & Administration, Privileged Access Management and machine identity/secrets. You will configure platforms, engineer policies and connectors, automate deployments (IaC/CI‑CD), and validate end‑to‑end flows with high quality and documentation. Primary platforms include Microsoft Entra ID & Entra ID Governance (primary), Okta, Ping, SiteMinder/OAM, SailPoint/Saviynt, CyberArk/BeyondTrust/Delinea EPM, and Azure Key Vault / Entra workload identity federation.

Requirements

  • Experience: 2–5+ years implementing IAM across at least two areas (SSO/MFA, IGA, PAM/EPM, machine identity), including scripting and CI/CD.
  • Education: Bachelor’s in Computer Science, Information Security, or related field—or equivalent practical experience.
  • Technical Expertise: Hands‑on with Entra ID (Conditional Access, PIM, B2B/B2C/External ID), Okta/Ping; SailPoint or Saviynt; CyberArk/BeyondTrust/Delinea EPM; Azure Key Vault, managed identity, AKS federation; APIs/Graph; Terraform/Bicep; PowerShell/Python; CI/CD with Azure DevOps/GitHub Actions; observability (KQL/Log Analytics). Development of scripts using tools like powershell/python/javascript/Logic Apps/Power Automate/Flow/Automation Accounts utilizing APIs including Graph API/Rest/SOAP/XML.
  • Solution Design and Implementation Experience: Ability to translate architecture into secure, testable designs with clear acceptance criteria and rollback plans. Track record of integrating HRIS/AD/LDAP/SaaS, migrating legacy WAM, and delivering high‑quality builds with automated testing and code review discipline.
  • Problem-Solving & Communication: Strong debugging, performance tuning, and root‑cause analysis; bias for automation and simplification. Concise documentation and status reporting; ability to explain technical decisions to mixed audiences.
  • Industry Knowledge: Appreciation of regulated‑industry expectations and common audit asks for identity controls and evidence.
  • Client-Facing Skills: Comfortable leading working sessions, Knowledge Transfer, and UAT support; proactive in surfacing risks/assumptions.
  • Demonstrated Passion: Contributions to scripts/modules, community forums, or knowledge sharing; stays current on passkeys, tenant isolation, and identity threat defenses.
  • Additional Requirements: Availability for periodic client travel and professional engagements. Commitment to continuous learning and keeping pace with evolving identity platforms, patterns, and threats.

Nice To Haves

  • Certifications (highly desirable): Microsoft SC‑300, AZ‑500; Okta, Ping, SailPoint, Saviynt; CyberArk Defender/Sentry; BeyondTrust/Delinea; HashiCorp Terraform Associate; AZ‑104.

Responsibilities

  • Solution Design: Configure OIDC/SAML apps, Conditional Access, device trust, FIDO2/Passkeys, step‑up auth; implement lifecycle workflows (joiner/mover/leaver), access packages, access reviews, SCIM connectors; onboard privileged accounts/secrets, session recording, JIT elevation, endpoint privilege controls; implement Key Vault/managed identity, AKS federation, certificate enrollment/renewal, and secret rotation automation.
  • Client Engagement: Translate architecture into build tasks and acceptance criteria; communicate trade‑offs and impacts in clear, actionable terms.
  • Implementation: Automate with Terraform/Bicep, PowerShell/Python, and CI/CD (Azure DevOps/GitHub Actions); enforce policy‑as‑code, testing (unit/integration), linting, and code reviews; execute cutovers, blue‑green/rollback, and performance tuning.
  • Compliance & Risk Management: Implement controls that satisfy regulatory and security requirements (e.g., NIST 800‑63, ISO 27001, HIPAA/HITRUST, PCI‑DSS, SOX, FedRAMP, NYDFS 500). Ensure privileged access, secrets, and logs meet auditability and SoD expectations.
  • Technical Leadership: Demonstrate technical depth, mentor other resources, and contribute scripts, modules, and how‑tos; participate in design and threat‑model reviews.
  • Documentation & Reporting: Maintain as‑built docs, config baselines, runbooks, and knowledge transfer materials; provide status, risk/issue tracking, and metrics (e.g., MFA coverage, JML SLAs, privileged onboarding).
  • Continuous Improvement: Instrument monitoring/alerting (Log Analytics/KQL), validate DR/backups, and tune policies for usability and security; contribute accelerators that reduce delivery time/cost.
  • Practice Development: Support demonstrations, POCs, and SoW inputs (effort estimates, assumptions, dependencies).
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service