Senior Security Engineer (Identity & Access Management)

About The Position

Requirements

• 7+ years of experience in information security, with a strong focus on Identity & Access Management.
• Hands-on experience implementing and scaling IGA platforms (e.g., SailPoint IdentityNow or equivalent).
• Strong working knowledge of Microsoft Entra ID and hybrid identity environments.
• Strong working knowledge of authentication and federation protocols (SAML, OAuth, OpenID Connect).
• Strong working knowledge of Conditional Access, MFA, and identity security controls.
• Experience designing and deploying RBAC/ABAC access models at an enterprise scale.
• Proficiency in scripting or automation (e.g., PowerShell, Python).
• Experience integrating systems using APIs, JSON, and modern automation patterns.
• Ability to independently drive complex IAM initiatives end-to-end, from design through implementation.
• Ability to take ownership of systems and outcomes.
• Ability to design, build, and improve, not just administer.
• Comfortable operating in a lean team with broad responsibility.
• Clear communication skills with both technical and non-technical stakeholders.
• U.S. work authorization.

Responsibilities

• Lead the design and evolution of SWIB’s IAM architecture across SaaS, cloud (Azure & AWS), and on-prem environments.
• Own and enhance identity lifecycle processes (Joiner, Mover, Leaver) integrated with HR systems.
• Design and implement scalable access models leveraging RBAC and ABAC principles.
• Build and maintain secure identity integrations using SAML, OAuth, OpenID Connect, and modern API-based patterns.
• Own the evolution and scaling of SWIB’s IGA platform (e.g., SailPoint IdentityNow) as part of a broader identity architecture.
• Lead access provisioning, deprovisioning, and certification processes with a focus on automation and risk reduction.
• Partner with business stakeholders to define and enforce access governance policies.
• Continuously improve identity workflows to enhance efficiency and reduce manual intervention.
• Extend identity governance to unstructured data by leading data access reviews, activity monitoring, and data classification initiatives.
• Design and enforce controls for privileged access management (PAM) and endpoint privilege management (EPM).
• Reduce standing privileges and support implementation of just-in-time (JIT) access models.
• Identify and mitigate privilege escalation paths and excessive access risks.
• Support the advancement of SWIB’s Zero Trust strategy, with identity as the primary control plane.
• Design and implement Conditional Access policies and strong authentication mechanisms.
• Support incident investigations involving identity and access.
• Develop metrics and reporting to provide data-driven insights into identity risk posture.
• Develop and maintain automation using PowerShell, Python, or similar scripting languages.
• Integrate IAM capabilities with enterprise systems using REST APIs and JSON-based workflows.
• Drive automation-first IAM design, minimizing manual processes and operational overhead.
• Partner with application owners, infrastructure team, HR, and business stakeholders to align access controls with business needs.
• Prioritize and sequence IAM initiatives based on risk, impact, and organizational capacity.

Benefits

• Competitive total cash compensation, based on AON (formerly McLagan) industry benchmarks
• Comprehensive benefits package
• Educational and training opportunities
• Tuition reimbursement
• Hybrid work environment
• Relocation reimbursement to the Dane County area