Senior IAM Engineer

About The Position

Requirements

• 5+ years of experience in Identity and Access Management engineering, including multi-cloud and hybrid enterprise environments.
• Strong knowledge of Azure AD / Entra ID, AWS IAM, and SAML / OIDC / OAuth2 / SCIM protocols.
• Proficiency with identity automation using PowerShell, Python, Terraform, or APIs.
• Experience with PAM platforms (CyberArk, BeyondTrust, or Azure PIM) and IGA tools (SailPoint, Saviynt, or Okta).
• Familiarity with conditional access, MFA enforcement, and passwordless authentication in large-scale environments.
• Understanding of zero trust architecture, least privilege design, and role-based access control (RBAC)principles.
• Proven ability to interpret business access needs and translate them into secure, scalable IAM solutions.

Nice To Haves

• Exposure to NIST 800-63, CIS Controls, Zero Trust Maturity Model, and NIST CSF.
• Experience integrating IAM data with SIEM (e.g. Sentinel) and SOAR workflows.
• Relevant certifications such as CISSP, CISM, Azure Security Engineer Associate, AWS Security – Specialty, or Okta Certified Professional.

Responsibilities

• Architect and Automate Identity Foundations Design and maintain secure-by-default IAM architectures across Azure AD / Entra ID, AWS IAM, and hybrid enterprise systems.
• Develop paved road templates for access control patterns (e.g., federated access, role assumption, service accounts, workload identity).
• Automate provisioning and deprovisioning pipelines using identity APIs, SCIM, and workflow orchestration tools (e.g., SailPoint, Okta Workflows, Azure Automation, or Terraform).
• Implement policy-as-code for IAM guardrails (e.g., least-privilege enforcement, conditional access, MFA requirements, privilege expiration).
• Access Control, Federation, and Governance Engineer federated identity solutions for users, applications, and partners using SAML, OIDC, and OAuth2.
• Manage conditional access policies, adaptive authentication, and passwordless strategies to balance security with user experience.
• Define and enforce least privilege for human and machine identities across AWS, Azure, and SaaS platforms.
• Integrate IAM governance with enterprise GRC systems to ensure traceability and audit readiness.
• Partner with AppSec and Cloud teams to secure authn/z boundaries across applications, APIs, and services.
• Privileged Access Management (PAM) Implement and maintain privileged access vaulting and session control using platforms like CyberArk, BeyondTrust, Delinea, or Azure PIM.
• Automate just-in-time elevation for administrative roles and enforce time-bound access approvals.
• Continuously monitor and remediate excessive privileges across cloud and on-prem accounts.
• Integrate PAM telemetry with SIEM/SOAR for threat detection and behavioral analytics.
• Lifecycle and Risk Management Automate joiner/mover/leaver processes and identity lifecycle events through API-driven workflows and HR system integrations.
• Conduct periodic access reviews and certifications; deliver evidence for SOC2, PCI, and ISO audits.
• Develop and maintain dashboards for leading indicators (automated provisioning rate, MFA coverage, stale accounts) and lagging indicators (MTTR for access removal, orphaned identities, failed recertifications).
• Prioritize remediation through risk scoring (criticality × exposure × privilege depth) and ensure compliance with internal SLAs.
• Detection and Response Integration Collaborate with Security Operations to define identity-related detections (impossible travel, lateral movement, privilege abuse).
• Correlate identity events with endpoint and cloud telemetry to identify compromised accounts.
• Assist in incident response for identity-based breaches, credential theft, and access abuse.

Benefits

• Comprehensive medical insurance, dental insurance, and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time.
• Generous paid time off and holidays; Employee Assistance Program (EAP); and a complimentary Calm app subscription.
• Immediate vesting in a 401(k) plan; Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs.
• Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage.