Job Description - IAM Engineer

Role Overview

The IAM Engineer is responsible for implementing, supporting, and operating enterprise Identity and Access Management (IAM) solutions across onprem and cloud environments. This role focuses on engineering, integration, and operational support of IAM platforms, ensuring secure, compliant, and scalable access control services.

Key Responsibilities

• Engineer, support, and maintain IAM platforms including Active Directory, Microsoft Entra ID (Azure AD), and BeyondTrust PAM/EPM.
• Support Joiner-Mover-Leaver (JML) processes and identity lifecycle management.
• Provide L2/L3 support for IAM-related incidents, service requests, and access issues.
• Implement and support privileged access controls using BeyondTrust.
• Manage Active Directory objects, GPOs, authentication, and hybrid identity integrations.
• Support Entra ID features such as Conditional Access, MFA, and application integrations.
• Automate IAM tasks using PowerShell and REST APIs.
• Create and maintain technical documentation, SOPs, and runbooks.
• Collaborate with application, infrastructure, and security teams to onboard applications securely.
• Support audits, access reviews, and compliance activities.

Required Skills & Experience

• 3-5 years of experience in IAM engineering or identity security roles.
• Strong hands-on experience with Active Directory and Microsoft Entra ID (Azure AD).
• Hands-on knowledge of BeyondTrust PAM / EPM solutions.
• Understanding of IAM protocols: SAML, OAuth 2.0, OpenID Connect, SCIM.
• Experience with identity lifecycle workflows and access provisioning.
• Scripting experience using PowerShell.
• Familiarity with ITSM processes (incident, change, request).

Preferred Qualifications

• Exposure to IGA platforms such as SailPoint or Saviynt.
• Experience in regulated environments such as healthcare or financial services.
• Knowledge of Zero Trust and least-privilege security models.
• IAM or cloud security certifications (preferred but not mandatory).