Senior Identity Security Engineer

About The Position

Requirements

• 5+ years of hands-on IAM or security engineering experience with an Enterprise-level Identity Management platform such as Okta Identity Lifecycle Management, Okta Workflows, and AWS IAM automation in production environments.
• Proficiency in at least one scripting or programming language (Python, PowerShell, or JavaScript) for API integration, Okta Workflows extension, and Lambda-based automation.
• Demonstrated experience designing and implementing SAML/OIDC/OAuth federation patterns with Okta as IdP, including JIT provisioning and lifecycle event management.
• Proven track record of automating manual identity operations: JML workflows, access review processes, provisioning pipelines, or compliance evidence collection.
• Hands-on AWS IAM experience including cross-account roles, permission boundaries, SCPs, and least-privilege design across multi-account environments.
• Working knowledge of HRIS integration patterns (SCIM, REST API) as authoritative sources of truth for identity lifecycle events.
• Familiarity with SOC 2 and HIPAA identity governance requirements, including access review, evidence retention, and segregation of duties obligations.
• Genuine curiosity and an early-adopter instinct for AI-assisted development tools; demonstrated habit of applying these tools to accelerate engineering delivery and reduce manual workflows.
• Self-directed working style with the ability to scope, prioritize, and execute automation initiatives from design through production without close direction.

Nice To Haves

• Experience with PAM tooling and just-in-time access patterns in an enterprise environment.
• Non-human identity governance experience: service account lifecycle management, API key inventory and rotation, secrets management across cloud and CI/CD environments.
• Okta certifications (Okta Certified Professional, Administrator, Consultant, or Developer).
• Infrastructure as Code experience (Terraform or CloudFormation) for IAM and identity resource management.
• Audit and compliance exposure in a regulated environment, preferably healthcare, insurance, or financial services.
• Hands-on experience with AI-assisted development tools applied to identity engineering or security automation workflows.
• Relevant security certifications: GIAC (GCIA, GCIH, GCED), CISSP, or equivalent.

Responsibilities

• Identity Lifecycle Management & Automation Design, implement, and maintain joiner/mover/leaver automations using Okta Identity Lifecycle Management, Okta Workflows, and HRIS integrations; target zero manual intervention for standard lifecycle events.
• Build API-driven provisioning and deprovisioning pipelines that eliminate manual access ticketing; engineer birthright access entitlements aligned to department, role, and location attributes.
• Engineer contractor lifecycle controls including time-bound entitlement grants, auto-expiry enforcement, and multi-system deprovisioning triggered on contract end-date without manual coordination.
• Systematically identify existing manual identity operations across the environment and own the backlog of automation opportunities through to production delivery.
• Instrument lifecycle workflows leveraging preemptive alerting to detect failures, delays, or partial completions before they become security or compliance findings.
• Federation & Application Integration Architect and implement SAML/OIDC/OAuth federations with Okta as IdP, including JIT provisioning, group-push, and lifecycle event automation for onboarded applications.
• Build and maintain SCIM connectors and REST API integrations for SaaS applications; engineer custom provisioning logic for non-SCIM-native systems using Okta Workflows and Lambda.
• Partner with application owners to define application role models, complete federation onboarding from technical design through production rollout, and ensure consistent MFA enforcement across all integrated applications.
• Maintain a federated application inventory with documented integration patterns, lifecycle coverage, and gap analysis for applications not yet under centralized identity control.
• Non-Human Identity (NHI) Governance Inventory and govern service accounts, API keys, OAuth tokens, and automation credentials across AWS, Okta, SaaS platforms, and CI/CD pipelines; enforce ownership, scoped permissions, and rotation policies.
• Leverage Okta ISPM, AWS Lambda, and scripted tooling to surface orphaned, over-privileged, or stale machine identities; automate detection and remediation where possible.
• • Establish governance patterns for AI agent identities as agentic workloads expand in the environment; enforce least-privilege and auditability controls consistent with human identity standards.
• Integrate NHI lifecycle into the broader JML process: when a developer leaves or an application is decommissioned, associated machine identities are automatically flagged for review and revocation.
• Privileged Access & Secrets Management Design and implement PAM protections for high-priority resources and privileged user accounts; collaborate with application owners to identify and protect sensitive administrative surfaces.
• Engineer secrets management for cloud workloads, CI/CD pipelines, and SaaS integrations using AWS Secrets Manager or equivalent; eliminate hardcoded credentials and unrotated static secrets.
• Drive adoption of just-in-time access patterns; reduce standing privilege exposure by converting persistent admin grants to time-limited, approval-gated elevation workflows.
• Develop and maintain least-privilege IAM architectures for AWS workloads, including permission boundaries, service control policies, and cross-account role patterns.
• Compliance, Attestation & Access Governance Engineer automated quarterly entitlement recertification, and segregation of duties reviews; reduce manual reviewer burden through pre-computed access analytics and targeted exception-only workflows.
• Build evidence collection pipelines for SOC 2 and HIPAA audits using identity platform telemetry and audit logs, replacing manual evidence exports with durable, repeatable reporting.
• Design and produce IGA reports covering entitlement distribution, least-privilege compliance, SoD violations, and access age; establish a mechanism to make these reports available on-demand.
• Maintain auditable access request and approval workflows with defined expiry, automated closure, and integration into ITSM or governance tooling.
• AI-Assisted Development & Automation-First Engineering Use AI-assisted development tools to accelerate Okta Workflow development, Lambda scripting, Python automation, and API integrations; reduce time-to-production for automation initiatives.
• Approach every recurring manual identity operation as a candidate for full automation; document automation coverage gaps, prioritize by risk and volume, and deliver against the backlog.
• Proactively evaluate emerging identity tooling, IGA platform capabilities, and agentic workflow patterns; bring validated approaches to the team before they become industry standard practice.

Benefits

• Competitive Salary & Target Bonus Program
• Retirement Savings – 401(k) with a company match
• Comprehensive Medical insurance through BlueCross BlueShield of Texas.
• Company-paid dental, vision, short-term & long-term disability, and life insurance.
• Work-Life Balance – This role offers 20+ days of PTO, 10 paid holidays, and paid volunteer time off.
• Flexible Work Options & Perks – Hybrid opportunity, wellness programs, and weekly paid lunch for onsite staff.
• Health Savings Accounts (HSA) & Flexible Spending Accounts (FSAs) – Includes a company match for HSAs.