Sr. Identity & Access Management Engineer

BlueCross BlueShield of TennesseeChattanooga, TN
Remote

About The Position

We are hiring a Sr. Identity and Access Management Engineer on our Identity and Access Management team at BCBST! In this role, you will play a critical part in strengthening and scaling our enterprise Identity Governance and Administration (IGA) capabilities, with a strong focus on the Saviynt platform. You’ll support backend IGA operations while driving upgrades, enhancements, and automation across the identity lifecycle. On a day-to-day basis, you’ll design and implement integrations for user provisioning, onboard applications using APIs and connectors, and ensure seamless Joiner-Mover-Leaver (JML) processes. You’ll collaborate across teams to improve access controls, reduce risk, and enhance security posture through automation and emerging AI-driven workflows. This is a highly hands-on role where you’ll work with modern identity technologies, cloud platforms, and complex data sources to deliver scalable and secure identity solutions. To be successful in this role, in addition to the core job requirements, you’ll bring deep hands-on experience with Saviynt and a strong foundation in IAM and IGA principles. You will be a strong candidate if you have expertise in scripting and automation, building API-based integrations for user lifecycle management, and onboarding systems and applications using SCIM, REST APIs, flat files, JDBC, and directory services like Active Directory and LDAP. Experience with identity federation (SAML, OAuth, OIDC), cloud IAM platforms (Entra ID, AWS IAM, Google Cloud IAM), and tools such as Entra, Okta, or Ping is highly valued. Additionally, strong SQL query development skills, working knowledge of JSON/XML, and experience configuring certifications, access controls, and role-based models (RBAC, SoD rule creation, birthright access) will set you apart—especially if you’ve leveraged automation or AI to optimize identity workflows. Note: This is a remote, work-from-home position, but the final round of interviews will take place on-site in our Chattanooga, TN office. On-call rotation is required (1 week every 8 weeks). Occasional onsite presence is expected (approximately once per quarter). Sponsorship is not available for this role.

Requirements

  • Bachelor's Degree in a Computer Sciences or Information Systems related field or equivalent work experience.
  • 5 years - Experience in Information Security and/or IT related experience required.
  • Comprehensive experience configuring and leveraging SSO and step-up authentication to support authorization, including federation services.
  • Demonstrated ability to lead, document, and meet deadlines for projects from milestones to tasks and identify ownership per project with implementation knowledge and expectations.
  • Demonstrated ability to interpret and translate technical and/or or complex concepts into information meaningful to IAM team members and/or business personnel.
  • Proficient in Microsoft Office (Outlook, Word, Excel and PowerPoint).
  • Proven analytical and problem-solving skills and ability to perform non-routine analytical tasks.
  • Proven ability to provide Security integration, automation, and configuration efforts with Security oversight for software in the BCBST environment.
  • Proven ability to determine Technical Security Baselines and ensure the baselines meet BCBST Policy and Standards.
  • Proficient understanding of troubleshooting approaches, including knowledge of underlying security tools, networking, server, application, and cloud environments.
  • Windows scripting and automation methodology (PowerShell, VBScript, Perl, Batch programming).
  • Well-developed understanding of APIs, databases, and file connections for application connections.
  • Proven ability to plan, prioritize, organize, configure, and coordinate across multiple applications and systems.
  • Ability to work independently with minimal supervision or function in a team environment sharing responsibility, roles, and accountability.

Nice To Haves

  • Deep hands-on experience with Saviynt.
  • Strong foundation in IAM and IGA principles.
  • Expertise in scripting and automation.
  • Building API-based integrations for user lifecycle management.
  • Onboarding systems and applications using SCIM, REST APIs, flat files, JDBC, and directory services like Active Directory and LDAP.
  • Experience with identity federation (SAML, OAuth, OIDC).
  • Experience with cloud IAM platforms (Entra ID, AWS IAM, Google Cloud IAM).
  • Experience with tools such as Entra, Okta, or Ping.
  • Strong SQL query development skills.
  • Working knowledge of JSON/XML.
  • Experience configuring certifications, access controls, and role-based models (RBAC, SoD rule creation, birthright access).
  • Leveraged automation or AI to optimize identity workflows.
  • CISSP, CISA, CRISC, or SANS certification.

Responsibilities

  • Engineering and implementation of security technology solutions centric to Identity and Access Management security, participating and/or assisting other team members in a rotating on-call schedule to promptly resolve high-priority issues that surface outside of normal business hours.
  • Implementation, integration, configuration, and monitoring of Identity and Access Management solutions to ensure system health and proper SSO, MFA, provisioning/deprovisioning, and reduction of system related errors, while ensuring compliance with corporate security standards and policies.
  • Provides input into Access Control design and implementation, Application Credentials, ABAC (Attribute-Based Access Control) and RBAC (Role Based Access Control) roles, User Access Policy Management, Privileged Access Management, User Entitlements, Workflow, and Rule centralization, while ensuring documentation is kept accurate with environment changes.
  • Scripting, automation, and orchestration to drive efficiencies within Identity and Access Management, while partnering with security and risk teams to implement and maintain security policies and configurations in accordance with corporate requirements and guidelines.
  • Assist in development/management of the password vault solution, while ensuring accounts are properly identified and setup in the centralized repository, actual application/system, and IAM solution with appropriate ownership across all three application/systems.

Benefits

  • Sponsorship is not available for this role.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service