Key Responsibilities
Identity Architecture & Engineering
- Design, build, and maintain IAM solutions including account provisioning/deprovisioning, authentication, authorization, and access governance.
- Implement and support identity lifecycle processes leveraging IGA platforms (e.g., SailPoint, Saviynt, Azure Identity Governance).
- Engineer and integrate SSO and MFA using identity platforms such as Okta, Ping, Azure AD/Entra ID, or ADFS.
- Develop and maintain IAM automation scripts, workflows, and APIs to improve accuracy and operational efficiency.
- Support directory services (Active Directory, Entra ID, LDAP) and identity federation protocols (SAML, OAuth, OIDC).
Access Management
- Design and implement role-based access control (RBAC), attribute-based access control (ABAC), and leastprivilege models.
- Engineer solutions for secure application onboarding to IAM platforms.
- Partner with app owners to integrate modern authentication standards into internal and cloud applications.
- Support access reviews, certification campaigns, entitlement modeling, and identity controls for compliance.
Privileged Access Management (PAM)
- Implement and manage PAM solutions such as BeyondTrust.
- Deploy secure vaulting, session monitoring, credential rotation, and privileged session management.
- Automate onboarding of privileged accounts and enforce leastprivilege access.
Operations & Troubleshooting
- Provide Tier3 engineering support for IAM issues across authentication, SSO, access provisioning, and directory services.
- Monitor IAM platform performance, reliability, and SLAs.
- Maintain documentation including architecture diagrams, runbooks, and integration guides.
- Support incident response related to identity compromise, unauthorized access, or authentication failures.
Security & Compliance
- Ensure IAM solutions meet compliance requirements (SOX, HIPAA, GDPR, PCI, etc.).
- Collaborate with Cybersecurity to maintain secure configurations and identity-related controls.
- Participate in audits, remediation activities, and security reviews.
Qualifications
Required
- Bachelor's degree in information security, Computer Science, or related fieldor equivalent experience.
- 7+ years of experience in IAM, cybersecurity, or systems engineering.
- Hands-on experience with IAM platforms such as Okta, Azure AD/Entra, SailPoint, Saviynt, Ping Identity, CyberArk, etc.
- Proficiency with federation and authentication technologies: SAML, OAuth2.0, OIDC, Kerberos, SCIM, LDAP.
- Strong scripting or automation experience (PowerShell, Python, Bash, or APIs).
- Solid understanding of AD, Entra ID, group policies, identity stores, and directory synchronization.
- Experience integrating applications with IAM solutions.
Preferred
- Experience with Zero Trust architecture and modern identity patterns.
- Experience building RBAC/ABAC models or access governance controls.
- Certifications such as: Azure AD/Entra, Okta Certified Professional, CyberArk Sentry, SailPoint Engineer, CISSP, or Security+.
- Knowledge of cloud platforms: Azure, AWS, GCP.
Core Competencies
- Strong analytical and troubleshooting skills
- Ability to explain technical concepts to nontechnical stakeholders
- Understanding of modern cybersecurity principles
- Strong documentation and process discipline
- Collaboration across crossfunctional IT and cybersecurity teams
- Adaptability and continuous learning mindset
