Identity and Access Management Engineer

About The Position

Requirements

• 5 plus years of experience in Identity and Access Management or related roles, with a minimum of 2 years in a senior or architect-level capacity.
• Hands-on design and implementation experience with enterprise Identity Providers such as Okta, Azure AD (Active Directory), or Ping Identity.
• Deep technical understanding of authentication protocols and standards, including OIDC, SAML, OAuth 2.0, and LDAP.
• Extensive experience designing and operating Privileged Access Management (PAM) solutions, preferably Delinea, including credential vaulting, session recording, and approval workflows.
• Working knowledge of RBAC (Role-Based Access Control) design and implementation, with the ability to map complex organizational hierarchies to access policies.
• Experience implementing and managing Multi-Factor Authentication (MFA) technologies such as FIDO2, Okta Verify, Duo Security, YubiKey, and PKI-based authentication.
• Strong understanding of NIST SP 800-171 and CMMC Level 2 requirements, specifically as they relate to access control, audit logging, and identity governance.
• Proficiency in scripting and automation using PowerShell, Python, or Bash to automate identity workflows, audit processes, and integrations.
• Excellent communication skills to translate complex identity architecture and compliance requirements to both technical teams and executive leadership.

Nice To Haves

• Hands-on experience architecting and implementing Zero Trust Architecture (ZTA) across enterprise networks.
• Experience with Identity Governance and Administration (IGA) platforms such as SailPoint or Okta Identity Governance.
• Knowledge of SCIM (System for Cross-Domain Identity Management) and REST APIs for automating user provisioning and de-provisioning across SaaS applications and HR systems.
• Familiarity with aerospace, defense, or federal contractor environments, including experience with ITAR, CMMC enforcement, or DoD contract requirements.
• Experience conducting or participating in CMMC Level 2 assessments or NIST 800-171 compliance audits.
• Relevant security certifications such as CISSP, CISM, and Okta Certified Administrator, or Azure Administrator (AZ-104).
• Experience with insider threat detection, behavioral analytics, and anomalous access pattern identification.
• Knowledge of Single Sign-On (SSO) attacks, credential stuffing, phishing-resistant MFA, and modern attack techniques against identity systems.
• Direct experience with compliance frameworks, ISO 27001, PCI, HIPAA, ITAR/ EAR, NIST 800-171, CMMC, CUI, and DO-326A.
• Advanced degrees in Computer Science, Cybersecurity, or Engineering.

Responsibilities

• Design and implement Zero Trust Architecture (ZTA) across Archer's enterprise network, eliminating implicit trust and enforcing continuous verification of user identity and device posture before granting access.
• Architect and maintain Okta as the authoritative Identity Provider (IdP) for Archer, managing Single Sign-On (SSO), Multi-Factor Authentication (MFA), and user lifecycle management across all enterprise applications and SaaS platforms.
• Design and implement Privileged Access Management (PAM) using Delinea, including credential vaulting, privileged session management, and automated credential rotation for administrative and service accounts.
• Implement Identity Governance and Administration (IGA) controls to enforce role-based access control (RBAC), segregation of duties, periodic access reviews, and just-in-time (JIT) access provisioning.
• Build and maintain federated identity standards (OIDC, SAML, SCIM) to enable secure integration between Archer's identity platform and third-party applications, cloud providers, and vendor systems.
• Conduct access control audits and design remediation strategies to ensure compliance with NIST SP 800-171 Access Control (AC) requirements, CMMC Level 2 practices, and SOX ITGC expectations for financial systems.
• Implement automated audit logging and session recording for all authentication and privileged access events, ensuring that individual users' actions can be uniquely traced for compliance investigations and forensic analysis.
• Secure third-party and contractor access by implementing time-limited, role-restricted access provisioning and automated de-provisioning upon project completion or relationship termination.
• Stay current with emerging identity threats, attack vectors, and security best practices, including insider threats, account takeover (ATO), and lateral movement techniques.
• Provide technical guidance and training to IT, application, and security teams on identity best practices and policy enforcement.