Job Requirements
Job Description
Phenom is seeking a full-time
Identity & Access Management (IAM) Engineer II responsible for designing, implementing, and governing identity and access frameworks across our enterprise systems, SaaS Solutions, and multi-cloud environments. You will own the lifecycle of human and non-human identities, lead efforts in identity threat detection, and ensure alignment with regulatory and compliance requirements.
What You'll Do
- Lead the development and execution of our enterprise-wide IAM strategy, ensuring strong identity security practices across all environments.
- Operate and optimize identity-related platforms (Google AD, OneLogin, KeyCloak, CyberArk, HashiCorp Vault, etc.).
- Deploy and manage IAM and Privileged Access Management (PAM) controls across various user types, including workforce, B2B, cloud workloads, and service accounts.
- Drive MFA and passwordless adoption, manage identity federation, and implement just-in-time access and secrets management.
- Monitor for identity-based threats, define detection rules, and collaborate with the Incident Response team during incidents.
- Ensure access controls meet compliance requirements (e.g., GDPR, ISO 27001, NIS2), and support evidence generation for audits.
- Guide access governance, run quarterly access audits, and maintain transparent reporting on IAM health and risks.
- Educate engineering and business stakeholders on secure identity practices and policies.
- Drive continuous improvements in IAM KPIs, including deprovisioning time, dormant account age, and privileged access usage.
Must Have
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or equivalent work experience.
- 58 years of experience in cybersecurity with a minimum of 1 year in IAM/PAM roles.
Specialized Knowledge
- Strong knowledge of IAM frameworks and technologies (Azure AD/Entra, OneLogin, CyberArk, AWS IAM, etc.).
- Experience with IAG (Identity Governance and Administration) tools and running access governance campaigns
- Familiarity with identity-related compliance standards and frameworks (ISO 27001 A.5, NIST 800-63, GDPR Art. 32).
- Experience implementing IAM controls in cloud-native environments (AWS IAM, Azure RBAC).
- Proficiency in access federation (SAML, OIDC), SCIM provisioning, and conditional access.
- Demonstrated ability to automate identity processes (Python, Terraform preferred).
- CISSP, CISM, or vendor-specific identity certifications are highly desirable.
