Principal Identity and Access Management Engineer | IAM

The ServiceNow Security Organization (SSO)  

The ServiceNow Security Organization (SSO) delivers world-class innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact 

The ServiceNow IAM team is seeking a Principal Identity and Access Management Engineer to lead the design implementation and governance of enterprise-wide IAM solutions. This role is critical to ensuring secure scalable and efficient identity services across users applications and infrastructure. The ideal candidate is a hands-on technologist and thought leader who can define IAM strategy drive large-scale implementations and mentor engineering teams while aligning solutions with business compliance and security needs. 

Key Responsibilities:

• Strategy & Architecture:
  • Define and evolve enterprise IAM architecture and roadmap aligned to security compliance and business priorities. 
  • Lead design of identity lifecycle management authentication authorization and privileged access controls. 
  • Partner with security architects cloud engineers and business stakeholders to integrate IAM with enterprise systems. 
• Engineering & Implementation: 
  • Architect and deploy IAM solutions including SSO MFA federation PKI Passwordless technologies adaptive authentication and identity governance. 
  • Drive integration of SaaS cloud (AWS Azure GCP) and on-prem applications with IAM platforms. 
  • Lead IAM modernization initiatives such as migration to passwordless Zero Trust frameworks Privileged Access Management and Secrets Management. 
  • Ensure compliance with standards such as NIST SP 800-63B SOX GDPR and ISO 27001. 
• Governance & Operations: 
  • Establish policies standards and patterns for IAM services. 
  • Define onboarding criteria and risk-based prioritization for applications into IGA/PAM/SSO platforms. 
  • Oversee access certification campaigns RBAC/ABAC design and least privilege enforcement. 
  • Collaborate with audit risk and compliance teams on IAM controls and reporting. 
• Leadership & Mentorship: 
  • Act as SME and trusted advisor on IAM across the enterprise. 
  • Mentor and guide IAM engineers and analysts. 
  • Represent IAM in executive and architecture forums. 

Qualifications :

Required Qualifications:

• Experience in leveraging or critically thinking about how to integrate AI into work processes decision-making or problem-solving. This may include using AI-powered tools automating workflows analyzing AI-driven insights or exploring AIs potential impact on the function or industry. 
• 15 years of experience in Identity & Access Management Security Engineering or related fields with at least 3 years in a lead or principal role or equivalent experience and education 
• Strong hands-on expertise with IAM platforms such as ForgeRock SailPoint Okta CyberArk BeyondTrust Entra ID or similar. 

Deep understanding of: 

• Authentication/Authorization standards (SAML OIDC OAuth2 SCIM). 
• Directory services (Active Directory LDAP). 
• Federation SSO and MFA. 
• Privileged Access Management (PAM). 
• Cloud IAM (AWS IAM Entra ID GCP IAM). 
• Graph Database (Neo4j) 
• Proven experience implementing RBAC ABAC least privilege and Zero Trust access models. 
• Knowledge of compliance frameworks (SOX PCI-DSS HIPAA GDPR NIST). 
• Proficiency in scripting/automation (Python Linux shell PowerShell Java or equivalent). 
• Strong analytical troubleshooting and communication skills. 

Preferred Qualifications:

• Experience with non-human identity governance and identity security posture management (ISPM). 
• Background in PKI/Certificate Services and cryptography practices. 
• Familiarity with DevSecOps practices CI/CD pipelines and infrastructure as code (Ansible Terraform). 
• Good understanding of the ServiceNow platform particularly in integrating IAM processes with ITSM/ITOM modules (e.g. access requests approvals workflows) 
• Prior experience in large-scale enterprise IAM transformations. 
• Certifications: CISSP CCSP ForgeRock Certified SailPoint Certified Okta Certified or equivalent. 

#SecurityJobs 

Additional Information :

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible remote or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color creed religion sex sexual orientation national origin or nationality ancestry age disability gender identity or expression marital status veteran status or any other category protected by addition all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process or are unable to use this online application and need an alternative method to apply please contact for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations including the U.S. Export Administration Regulations (EAR) ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. 2025 Fortune Media IP Limited. All rights reserved. Used under license. 

Remote Work :

Yes

Employment Type :

Full-time