Senior IAM Engineer

KestraAustin, TX
2d
Match Resume

About The Position

Kestra Holdings offers industry-leading wealth management platforms for independent wealth management professionals nationwide. Kestra is dedicated to empowering independent financial professionals—including traditional and hybrid RIAs—to grow their businesses and deliver exceptional client service. We combine advanced business management technology with personalized consulting to provide unmatched scale, efficiency, and support. Our advisor-focused culture is built on innovation and advocacy, enabling advisors to offer comprehensive securities and investment advisory solutions to their clients. Lead with Purpose. Partner with Impact. We are seeking a Sr. IAM Engineer with deep experience assessing current state, designing target-state architectures, and implementing/maturing Role-Based (RBAC) and Attribute-Based (ABAC) access models at enterprise scale. This leader will serve as the SailPoint technical expert, engineering policy, integration, and governance processes that meet financial-services compliance expectations. The role partners with enterprise architects, risk/compliance, platform teams, and app owners to operationalize identity as a control across SaaS, on-prem, and cloud.

Requirements

  • 8+ years in IAM with 5+ years leading RBAC/ABAC design and enterprise deployment; demonstrable delivery of role mining/engineering and attribute-driven authorization.
  • Hands-on SailPoint expertise (IdentityIQ or Identity Security Cloud/IdentityNow) across connectors, lifecycle automation, certifications, SoD, policy, and analytics; Okta SSO/MFA and federation patterns.
  • Strong command of federated identity protocols and provisioning standards (SAML 2.0, OIDC, OAuth 2.0, SCIM).
  • Working knowledge of directory services (AD/LDAP), identity data modeling, and integration architectures; familiarity with crypto & tokenization fundamentals for identity.
  • Experience establishing access governance processes (access reviews, recertifications, SoD, exception management) consistent with industry best practices.
  • Proficiency in at least one scripting language (e.g., Beanshell/Java for IIQ, Python/PowerShell for automation), and SQL for identity analytics.

Responsibilities

  • Define RBAC/ABAC standards, pattern libraries, and guardrails; author architecture decision records (ADRs).
  • Drive role engineering (role discovery, consolidation, birthright access, SoD matrices) and ABAC policy design (attribute inventory, policy enforcement integration).
  • Maintain the IGA reference architecture spanning SailPoint, Okta, directories (AD/LDAP), HR/ERP, and cloud providers.
  • Partner with AppSec and platform teams to externalize authorization using federation and standardized protocols (SAML 2.0, OIDC, OAuth 2.0; SCIM for provisioning).
  • Configure sources/authorities, connectors, aggregation & correlation rules, identity profiles, entitlement catalogs, lifecycle policies, workflows, access request, and certification campaigns in SailPoint; implement Okta connector patterns.
  • Build monitoring/health checks, metrics, and dashboards for access governance KPIs; automate evidence collection.
  • Define policies/standards for access control, attribute quality, identity proofing, certification cadence, and exception handling; ensure alignment with enterprise risk appetite.
  • Support audits and regulatory examinations with defensible evidence, including certification results, SoD analyses, and access recertification trails.
  • Mentor engineers and analysts; partner with business/application owners to onboard apps at scale under governance; establish repeatable app-onboarding playbooks (federation + provisioning + role modeling).
  • SailPoint (IdentityIQ Engineer/Architect or Identity Security Cloud) and/or Okta certifications; experience integrating SailPoint with Okta via connectors/APIs.
  • Cloud IAM concepts (Azure AD/Entra ID, AWS IAM), and experience mapping ABAC to cloud entitlements/metadata.
  • Financial-services experience with audit/regulatory expectations (e.g., access certification cadence, evidence, SoD rigor).

Benefits

  • Competitive pay and benefits with a large employer (over 1600 employees nationwide)
  • 401(k), health insurance, and a competitive benefits package
  • Work in a supportive, collaborative environment committed to professional excellence
  • Help clients navigate meaningful financial decisions with confidence
  • Opportunities for training, development, and long-term growth within the firm
  • Tuition reimbursement for qualified expenses

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

No Education Listed

Number of Employees

1,001-5,000 employees

Job Search Resources

Similar Senior IAM Engineer job opportunities

Senior IAM Engineer
Bright Horizons Children's Centers
Bright Horizons Children's Centers • Newton, NE7d • $110,000 - $150,000 • Remote
Senior IAM Engineer
Kestra
Kestra • Austin, TX2d
Senior IAM Engineer
Blue Cross Blue Shield of Minnesota
Blue Cross Blue Shield of Minnesota • Eagan, MN13d • $100,000 - $170,000 • Hybrid
Senior IAM Engineer
Bright Horizons Family Solutions
Bright Horizons Family Solutions • Newton, MA8d • $110,000 - $150,000 • Remote
Senior IAM Engineer
Bright Horizons
Bright Horizons • Newton, MA8d • $110,000 - $150,000 • Remote
Senior Customer IAM Platform Engineer
Ford
Ford • Dearborn, MI2d • $138,486 - $174,473 • Remote
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service