Senior IAM Security Engineer
Ardent Mills•Denver, CO
1d•$140,000 - $200,000•Remote
About The Position
Senior IAM Security Engineer Position Summary: As a Senior IAM Security Engineer, you will design and operate identity lifecycle, authentication, authorization, and privileged access controls. You will enable secure workforce and application identities across cloud and on-prem, enforcing least privilege and strong assurance. Bring design and architecture expertise to continue maturity and technology innovation across the IAM space. This role partners closely with Infrastructure and Application teams to ensure consistent identity controls across the enterprise.
Requirements
- Bachelor’s degree in Information Security/Computer Science or equivalent experience.
- 7–10 years in IAM engineering/architecture with enterprise platforms (Entra ID/Azure AD, Okta, Ping, SailPoint).
- Strong understanding of authentication/authorization protocols (SAML, OIDC/OAuth2, Kerberos, LDAP, SCIM).
- Experience with PAM, certificate/secrets management, and identity analytics.
- Certifications: Microsoft Certified: Identity and Access Administrator (SC-300), Okta Certified Administrator/Professional, CISSP or CIAM.
Nice To Haves
- Experience with just-in-time access, just-enough-access, attribute-based access control, and modern device trust models.
- Experience working in a co-managed environment with SOC/MDR providers.
- Certifications: CCSP, Certified in Governance, Risk and Compliance (as relevant), SailPoint Certified.
Responsibilities
- Design and maintain IAM security architecture: directory services, federation, SSO (SAML/OIDC), MFA, conditional access, device trust.
- Implement identity lifecycle automation (joiner/mover/leaver), birthright roles, and SCIM-based provisioning/deprovisioning.
- Define RBAC/ABAC models; perform access reviews, role mining, and segregation-of-duties analyses.
- Integrate identity governance platforms (where applicable) with HRIS/ERP and downstream applications.
- Engineer privileged access management (PAM) solutions (Examples: CyberArk/BeyondTrust) including JIT elevation and session recording.
- Secure service and machine identities, secrets, and certificates; enforce rotation and attestation.
- Develop identity security monitoring and anomaly detection (e.g., Identity Protection, risk-based access); integrate with SIEM/XDR for response.
- Support Zero Trust identity strategy, including strong authentication, device trust, and continuous access evaluation.
- Support compliance audits (where applicable) with access certification evidence and control narratives.
- Troubleshoot complex federation and authorization issues; provide tier-3 support and root-cause analysis.
- Document standards, patterns, and runbooks; advise application teams on secure integration.
- May participate in on-call rotations for critical identity incidents.
Benefits
- Medical, Dental and Vision Coverage
- Health and Dependent Savings Accounts
- Life and Disability Programs
- Voluntary Benefit Programs
- Company Sponsored Wellness Programs
- Retirement Savings with Company Match
- Team Member and Family Assistance Program (EAP)
- Paid Time Off and Paid Holidays
- Employee Recognition Program with Rewards (RAVE)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
