Identity Management Consultant

JOB DESCRIPTION

IAM Security Engineer

5–7 Years Experience • Identity & Access Management • Zero Trust

Job Title

IAM Security Engineer

Location : Pune

We are seeking a highly skilled IAM Security Engineer to lead the design, implementation, and continuous improvement of our Identity and Access Management programme. You will be the go-to expert for all things identity — from governing user lifecycle and privileged access to engineering SSO, MFA, and zero-trust access frameworks. Working cross-functionally with IT, engineering, HR, and compliance teams, you will ensure the right people have the right access to the right resources — and nothing mo

Key Responsibilites

IAM Architecture & Strategy

• Design and own the enterprise IAM architecture, roadmap, and governance framew
• ork.Implement and maintain Identity Governance & Administration (IGA) platforms (e.g. SailPoint, Saviynt, Microsoft Identity Governan
• ce).Architect Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Adaptive Authentication solutions across cloud and on-prem environme
• nts.Lead the design and enforcement of role-based access control (RBAC), attribute-based access control (ABAC), and least-privilege mod
• els.Evaluate and integrate new IAM technologies aligned with zero-trust and cloud-first strat

Privileged Access Management

• (PAM)Deploy and operate PAM solutions (CyberArk, BeyondTrust, Delinea/Thycotic, or equival
• ent).Manage and monitor privileged accounts, service accounts, and machine identi
• ties.Enforce just-in-time (JIT) and just-enough-access (JEA) provisioning for elevated privil
• eges.Conduct regular privileged access reviews and ensure vault-based credential manage
• ment.Develop and maintain break-glass procedures and emergency access processes.

Identity Lifecycle & Provisioning

• Oversee the full joiner-mover-leaver (JML) lifecycle automation using HR-driven provisioning work
• flows.Integrate IAM platforms with HR systems (Workday, SAP SuccessFactors) and directory services (Active Directory, Azure AD / Entra ID, LDAP,
• Okta).Design and maintain automated access certifications and periodic access review campaigns.Build and manage identity connectors and provisioning workflows for SaaS and custom applications

Federation, SSO & Directory Services

• Implement and support federated identity protocols: SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), an
• d SCIM.Administer identity providers (Okta, Azure AD / Entra ID, Ping Identity, ForgeRock, or si
• milar).Manage hybrid Active Directory environments, Group Policy, and synchronization with cloud directories.
• Support B2B and B2C identity federation for partner and customer-facing applications.

• Zero Trust & Cloud
• IAM Drive zero-trust identity strategy across cloud platforms (AWS IAM, Azure AD, GCP IAM) and on-prem
• systems.Implement and manage Cloud Infrastructure Entitlement Management (CIEM) tools to detect over-privileged cloud ide
• ntities.Design workload identity solutions including service accounts, managed identities, and SPIFFE/SPIRE for microservices. Enforce conditional access, device compliance, and continuous authentication policies

• Compliance, Audit & Governance
• Ensure IAM controls meet regulatory and compliance requirements: SOX, HIPAA, PCI-DSS, GDPR, ISO 2700
• 1, SOC 2.Prepare and support IAM evidence collection for internal and externa
• l audits.Maintain IAM policies, standards, procedures, and risk registers in line with NIST SP 800-63 and other frameworks.Define KPIs and metrics for IAM programme health (orphaned accounts, excessive entitlements, access review completion rates

Incident Response & Operations

• Investigate and respond to identity-related security incidents (account takeover, credential stuffing, insider threats).Monitor identity telemetry in SIEM/UEBA platforms for anomalous access patterns and lateral movement .Develop and maintain IAM-specific runbooks, playbooks, and disaster recovery procedures. Participate in on-call rotation for IAM-related security incidents.

Required Qualification

• Experience5–7 years of hands-on experience in IAM engineering, identity security, or a closely related
• discipline.Proven experience designing and operating IGA and PAM solutions in enterprise en
• vironments.Hands-on administration of at least one major IdP: Okta, Azure AD / Entra ID, Ping Identity, or
• ForgeRock.Demonstrable experience with cloud IAM on AWS, Azu
• re, or GCP.Track record of leading access certification campaigns and managing JML processes end to end.

Tech

• Technical SkillsDeep expertise in identity protocols: SAML 2.0, OAuth 2.0, OIDC, SCIM, Kerberos, LDAP, and WS
• -Federation.Proficiency with PAM tooling: CyberArk, BeyondTrust, Delinea (Thycotic), or Hash
• iCorp Vault.Experience with IGA platforms: SailPoint IdentityNow/IIQ, Saviynt, Microsoft Identity Governance, or O
• ne Identity.Scripting and automation skills: PowerShell, Python, or Bash for identity workflow
• automation.Familiarity with directory services: Active Directory, Azure AD / Entra I
• D, OpenLDAP.Knowledge of CIEM tools: Ermetic, Sonrai Security, Wiz CIEM, or cloud-native solutions.
• Knowledge AreasZero-trust principles, least-privilege access models, and micro segmentation.NIST SP 800-63 Digital Identity Guidelines, CIS Controls (v8), and MITRE ATT&CK for Enterprises.Compliance frameworks: SOX ITGC, HIPAA, PCI-DSS, GDPR, ISO 27001, SOC 2 Type II.Identity threat landscape: credential stuffing, pass-the-hash, golden ticket, privilege escalation, and insider threats.MFA methods: TOTP, FIDO2/WebAuthn, hardware tokens, push notifications, and password less authentication