Senior IAM Automation Engineer

About The Position

Requirements

• Software development proficiency - 5+ years writing production code (Python, PowerShell, Go, or similar) with strong API and SDK integration experience
• IAM architecture skills - Deep understanding of SSO protocols (SAML, OIDC), provisioning standards (SCIM), directory services (Active Directory, Entra ID), and enterprise IAM platforms (Okta strongly preferred)
• Infrastructure-as-Code mastery - Hands-on experience with Terraform, Ansible, or similar tools, plus CI/CD pipelines for automated deployments
• DevOps/SRE practices - Experience building observable, reliable systems with appropriate monitoring, logging, and incident response capabilities
• Workflow automation platforms - Demonstrated ability to implement and govern low-code/code-first automation tools (Tines, Workato, n8n, or similar)
• Enterprise SSO and IAM (Okta, Entra ID/Azure AD)
• Directory services and management (Active Directory, Adaxes)
• Cloud IAM (AWS IAM, GCP Cloud Identity)
• Workflow automation (Tines preferred, or similar platforms)
• Integrations with HRIS systems (Workday, BambooHR, ADP)
• Problem-solving ability - Experience debugging complex distributed systems, analyzing API integrations, and optimizing automated workflows
• Pragmatic engineering - Balance between perfect and done; build iteratively with continuous improvement
• AI-augmented productivity - Comfortable leveraging AI tools (LLMs, code assistants, AI pair programming) responsibly to accelerate development while maintaining code quality and security
• Forward-thinking security - Interest in emerging IAM challenges like non-human identities, AI agent governance, and machine identity management
• Mentorship and knowledge sharing - Genuine interest in developing junior engineers through code reviews, pairing, and transferring hard-won lessons from production experience
• Technical communication - Document architecture decisions, create operational runbooks, and explain technical concepts to business stakeholders
• Employee experience focus - Understand that internal users are customers; design automation that enables productivity without friction
• 7-10+ years in DevOps, SRE, or software engineering roles with significant IAM/identity automation focus
• Demonstrated experience building automation solutions for enterprise IAM platforms using APIs, scripting, and infrastructure-as-code
• Track record of implementing workflow automation or orchestration platforms in production environments
• Understanding of both technical IAM implementations and business processes (joiner/mover/leaver, access requests, compliance)
• Experience working in hybrid on-premises and cloud environments
• Bachelor’s degree in Computer Science, Software Engineering, or related field; degree requirement may be substituted with equivalent years of technical experience

Nice To Haves

• Experience with Tines or similar low-code automation platforms
• Background bridging Corporate IT and Engineering teams
• HRIS integration experience, especially with Workday
• Familiarity with compliance requirements (SOC1/2, audit trails, access certifications)
• Interest or experience in Non-Human Identity management
• Demonstrated use of AI tools to enhance productivity in automation or infrastructure work
• Active contributions to IAM automation communities or open-source projects

Responsibilities

• Lead Tines platform implementation and governance - Define technical standards, architect RBAC models, and build workflows that automate employee lifecycle management, access requests, and certification campaigns. Partner with cross-functional teams to establish Tines as the firm-wide automation platform for workforce identity use cases.
• Build infrastructure-as-code for identity systems - Develop and maintain Terraform, PowerShell, and Python automation across our hybrid infrastructure (on-prem AD/Adaxes, Entra ID, Okta, AWS IAM, GCP/GCI) to enable repeatable, version-controlled deployments with proper change management.
• Design API-driven automation and integrations - Architect scalable solutions that orchestrate identity workflows across HRIS (Workday), ticketing (ServiceNow), collaboration platforms (Slack, Teams, M365), and enterprise applications, leveraging APIs and SDKs to eliminate manual processes.
• Implement observability and self-healing capabilities - Build monitoring, alerting, and automated remediation for identity systems to reduce operational toil, improve reliability, and enable proactive issue detection across authentication flows and provisioning processes.
• Enable rapid application onboarding - Create automation frameworks and integration patterns that allow the business to onboard new SaaS applications with minimal manual intervention while maintaining security and compliance standards.
• Pioneer non-human identity (NHI) governance - Partner with SecOps to develop policies, controls, and automation for managing AI agents, LLM API keys, service accounts, bot identities, and machine-to-machine authentication as AI adoption accelerates across the organization.
• Mentor and develop junior team members - Share your hard-won experience and technical expertise to elevate the team’s capabilities. Conduct code reviews, pair programming sessions, and knowledge transfer that builds automation skills, IAM expertise, and engineering judgment across the team.
• Drive technical innovation in the identity space - Evaluate emerging tools and practices, establish CI/CD pipelines for IAM deployments, and leverage AI-powered development tools (LLMs, code generation, AI assistants) responsibly to accelerate automation delivery and stay ahead of business needs.

Benefits

• healthcare benefits (medical, dental and vision, EAP)
• competitive PTO
• 401k match
• parental leave
• HSA contribution match
• paid subscription to the Calm app
• generous external learning and tuition reimbursement benefits
• hybrid work schedule for most roles that allows employees to have the flexibility of working from home and one of our primary offices