Remote - Lead IAM Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related technical field, or equivalent practical experience.
• 7+ years of experience in cybersecurity or IT, with at least 5 years focused on Identity and Access Management.
• Demonstrated hands on experience with PingID, Auth0, Duo, and Microsoft Entra ID.
• Proven experience designing and operating IAM programs, including governance, lifecycle management, and offshore operating models.
• Experience managing both human and non-human identities including service accounts, API identities, and application identities.
• Strong understanding of authentication and authorization protocols including SAML, OAuth 2.0, OIDC, LDAP, and Kerberos.
• Experience implementing identity lifecycle automation and provisioning frameworks.
• Experience with privileged access management concepts and technologies.
• Experience supporting hybrid environments integrating on premises Active Directory with Entra ID.
• Deep expertise in identity security, zero trust architecture, and access governance frameworks.
• Strong understanding of AWS IAM concepts including roles, policies, trust relationships, and cross-account access.
• Knowledge of cloud identity patterns including federated access and workload identity in AWS.
• Strong knowledge of modern authentication and access controls, including MFA, passwordless, API security, and service-to-service authentication.
• Ability to design scalable IAM architectures and operating models supporting both human and non-human identities across distributed environments.
• Strong analytical, problem-solving, and process design skills, with the ability to translate complex requirements into standardized procedures and runbooks.
• Effective communication, documentation, and stakeholder management skills, with the ability to drive accountability and consistency across teams.

Nice To Haves

• Industry certifications such as CISSP, CISM, Microsoft Identity and Access Administrator, or relevant IAM certifications.
• Experience with identity governance and administration platforms.
• Experience in regulated environments aligned to SOX, HIPAA, PCI DSS, or NIST frameworks.
• Experience with secrets management and vault technologies.
• Experience with scripting or automation using PowerShell, Python, or similar tools.

Responsibilities

• Design, implement, and maintain IAM solutions across PingID, Auth0, Duo, Microsoft Entra ID, and AWS IAM environments.
• Serve as the technical lead for IAM, defining architecture, standards, and the overall operating model.
• Develop and enforce IAM processes and governance frameworks, including oversight of offshore operations, SLAs, and quality controls.
• Own identity lifecycle management (joiner, mover, leaver), including automation of provisioning and deprovisioning.
• Lead identity governance efforts, including access reviews, RBAC/ABAC models, and compliance with regulatory requirements.
• Manage authentication and access controls, including SSO, MFA, conditional access, privileged access, and non-human identities (APIs, service accounts).
• Design, implement, and govern AWS IAM including roles, policies, permission boundaries, and identity federation.
• Manage AWS IAM roles for human and non-human identities, including service roles, cross-account access, and workload identities.
• Implement and enforce least privilege access within AWS through policy design and role scoping.
• Integrate AWS IAM with enterprise identity providers (Entra ID, Auth0) for federated access and SSO.
• Govern access to AWS resources including management of access keys, role assumption, and temporary credentials.
• Define and enforce controls for AWS service identities, including Lambda, EC2, and container-based workloads.
• Align AWS IAM roles and temporary credential usage with token lifecycle and secrets management strategies.
• Partner cross-functionally to integrate modern authentication protocols (SAML, OAuth, OIDC, SCIM), drive automation, support audits, and mentor IAM team members.