Sr IAM Engineer

About The Position

Requirements

• Bachelor's Degree in Computer Science, Information Security, or equivalent professional experience
• 7-10+ years in identity and access management with enterprise-scale implementations
• Minimum 3-5 years hands-on experience administering Okta platform including Universal Directory, SSO, MFA, Lifecycle Management, and API Gateway
• Strong expertise in SAML, OAuth 2.0, OIDC, LDAP, SCIM, and Kerberos authentication protocols
• 5+ years enterprise AD administration including forest design, group policy, domain trust relationships, and certificate services
• Advanced PowerShell scripting for identity automation; experience with Python, REST APIs, and CI/CD pipelines preferred
• Experience with Azure AD/Entra ID, Microsoft 365 identity management, and hybrid identity architectures
• Okta Certified Professional or Okta Certified Administrator strongly preferred; additional certifications (CISSP, CISM, Azure certifications) a plus
• Strategic thinking with ability to translate business requirements into scalable IAM architecture solutions
• Proven track record leading complex identity integration projects from conception through production deployment
• Strong understanding of zero-trust security principles and identity-centric security frameworks
• Exceptional problem-solving skills for complex authentication and authorization scenarios
• Experience with ITIL/ITSM frameworks and incident/change management processes
• Excellent documentation skills with ability to create technical architecture diagrams and process workflows
• Strong communication skills to collaborate with diverse technical and non-technical stakeholders
• Ability to mentor junior team members and provide technical leadership
• Flexibility to support off-hours implementations and participate in on-call rotation for critical IAM services

Nice To Haves

• Experience with identity governance and administration (IGA) platforms a plus

Responsibilities

• Lead enterprise Okta administration and governance across several integrated applications and services, including Universal Directory, lifecycle management, and advanced authentication policies
• Architect and implement identity federation solutions using SAML 2.0, OAuth 2.0, OIDC, and WS-Federation protocols for SaaS, PaaS, and on-premises applications
• Design and manage Active Directory integration strategies, including Okta AD Agent deployment, directory synchronization, and delegated authentication architectures
• Oversee identity provisioning and deprovisioning workflows using Okta Lifecycle Management, SCIM protocols, and API-driven automation for seamless user lifecycle governance
• Lead SSO implementation projects for new application onboarding, including technical discovery, integration design, testing, and production deployment
• Develop and enforce adaptive MFA policies using Okta Verify, contextual access controls, and risk-based authentication frameworks
• Manage Okta tenant architecture across multiple environments (production, DR, development) ensuring high availability and disaster recovery capabilities
• Collaborate with Security and Compliance teams on identity governance initiatives including access reviews, separation of duties, and privileged access management
• Design and implement API-driven automation using PowerShell, Python, and Okta APIs for identity operations, reporting, and integration workflows
• Lead technical troubleshooting of complex SSO, authentication, and authorization issues across heterogeneous enterprise environments
• Partner with application development teams to integrate modern authentication patterns and zero-trust architecture principles
• Maintain and optimize Azure AD/Entra ID integration with Okta for hybrid identity scenarios
• Develop comprehensive IAM documentation including architecture diagrams, integration guides, runbooks, and knowledge transfer materials
• Provide strategic guidance on identity security best practices, threat mitigation, and compliance requirements (SOX, GDPR, SOC2)