Senior IAM Engineer

POSITION DESCRIPTION:

Holiday Inn Club Vacations seeking a Senior Identity and Access Management (IAM) Engineer is a technical leader responsible for architecting, implementing, and supporting secure identity services across the enterprise and customer-facing environments. This role focuses on both workforce IAM and Customer IAM (CIAM), ensuring secure and seamless access to internal systems and guest-facing platforms. The engineer will also support Public Key Infrastructure (PKI), API access controls, and contribute to the broader identity governance and zero trust strategy of the organization. This position is ideal for individuals passionate about cybersecurity, and ready to contribute to protecting the digital infrastructure of a timeshare organization that serves thousands of vacation owners and guests.

KEY RESPONSIBILITIES

• Design, build, and maintain IAM solutions across Okta, SailPoint, and Microsoft Entra ID, with a focus on scalability and automation.
• Develop and maintain custom scripts, connectors, and integrations using languages such as Python, PowerShell, or JavaScript.
• Engineer and automate identity lifecycle management (joiner/mover/leaver) workflows across enterprise systems.
• Build and support API-driven integrations between IAM platforms and enterprise applications using REST APIs, SCIM, and event-based architectures.
• Implement and optimize SSO, MFA, RBAC/ABAC, and conditional access policies across workforce environments.
• Configure and extend SailPoint (IdentityNow) for governance, provisioning, and certification campaigns.
• Develop and maintain Okta workflows, inline hooks, and custom policies to support advanced authentication and identity orchestration.
• Troubleshoot and resolve complex IAM issues by analyzing logs, APIs, and system behavior across multiple platforms.
• Contribute to IAM architecture and engineering standards, emphasizing reusable, modular, and automated solutions.
• Collaborate with DevOps and application teams to embed identity into CI/CD pipelines and application development lifecycles.
• Support access reviews, audit requirements, and compliance initiatives through automation and reporting.
• Document technical designs, integrations, and operational procedures.
• Mentor junior IAM engineers and analysts on emerging technologies and secure design principles.

TECHNICAL SKILLS

• Proficiency in one or more scripting / programming languages: Python, PowerShell, JavaScript (Node.js preferred)
• Strong experience with: Rest APIs and API Authentication, JSON, Webhooks, and event-driven integrations
• Experience with identity governance and administration concepts.
• Familiarity with CI/CD pipelines, Git, and DevOps practices is a strong plus.
• Experience integration IAM with SaaS applications, Cloud platforms (Entra / AWS), HR Systems, etc.

QUALIFICATIONS:

Education & Experience:

• Bachelor's degree in Cybersecurity, Computer Science, or a related field; or equivalent professional experience.
• 5+ years of hands-on experience in IAM, with a focus on enterprise and CIAM environments.
• Strong expertise in IAM tools and services such as Azure AD, Okta, SailPoint, Ping Identity, or ForgeRock.
• Experience with customer identity platforms (e.g., Okta CIAM, Auth0, ForgeRock Identity Cloud, or similar).
• Strong knowledge of identity protocols: OAuth2, OIDC, SAML, LDAP, SCIM, and modern API authentication standards.
• Hands-on experience with PKI and certificate lifecycle management in enterprise settings.
• Proficiency in scripting languages (e.g., PowerShell, Python) for automation and integration tasks.
• Familiarity with API management and securing APIs through gateways and token-based controls.
• Experience supporting regulatory compliance and audits related to IAM.

Certifications (preferred but not required):

• Certified Identity and Access Manager (CIAM),
• AWS Certified Security Specialty.
• Microsoft SC-300
• Certified Information Security Manager (CISM)
• GIAC (GSEC, GCIA, GCSA)
• CISSP or equivalent

KEY COMPENTENCIES

• Builder mindset – not just configuring tools, but engineering solutions
• Strong problem-solving skills with ability to debug complex identity flows
• Deep understanding of IAM fundamentals: Least Privilege, Zero Trust, Identity Lifecycle management
• Ability to translate business requirements into technical IAM solutions and code
• Strong collaboration skills across engineering, security, and application teams
• High attention to detail with a focus on secure design.
• Ability to lead technical initiatives and cross-functional project teams.
• Detail-oriented with a strong documentation and process improvement mindset.
• Ability to adapt to emerging technologies and evolving threat landscapes.
• Technical aptitude and strong troubleshooting skills.
• Strong communication skills for working with cross-functional teams.
• Ability to manage multiple tasks in a dynamic and fast-paced environment.
• Familiarity with regulatory frameworks (e.g., NIST CSF, PCI-DSS, GLBA, GDPR) as they relate to IAM.

SUPERVISORY RESPONSIBILITIES

• This position does not have direct supervisory responsibilities.
• May provide guidance or mentoring to junior team members or support staff on IAM-related tasks or tools.
• May lead IAM project workstreams and coordinate with cross-functional teams and external vendors.