Identity & Access Management (IAM) Engineer

We are seeking an experienced Identity & Access Management (IAM) Engineer to join our Information Security team. This is a key technical role focused on the efficient and secure daily operation administration and support of our IAM tools and environment. As an individual contributor you will work closely with the IAM Lead IAM Architect and receive operational support from an offshore Managed Services Provider (MSP). The IAM Engineer will be primarily remote or hybrid near one of our offices in Rancho Cordova CA or Longmont CO.

This position is essential to ensuring the ongoing stability security and improvement of our IAM toolset and operational processes. You will be hands-on with key IAM platforms and scripts contribute to Incident Response and user/entity behavioral analytics (UEBA) and play an active role in modernizing and integrating IAM technologies. If you are passionate about Identity Security and are looking for a challenging role where you can make a difference we encourage you to apply.

Key Responsibilities:

• Perform daily administration maintenance and support of key IAM tools including: two separate Active Directory domains Azure Entra ID SailPoint Identity Secure Cloud Okta Workforce Identity and Okta Privileged Access.
• Implement Single Sign On for business applications 
• Support and maintain the transition from OneIdentity to Okta Privileged Access ensuring successful platform migration and ongoing operations.
• Proactive and forward-thinking in strategies and design using new technologies to create innovative solutions that meet the changing needs of the identity program.
• Monitor troubleshoot and resolve IAM related incidents and requests; act as an escalation point for the MSP operational support team.
• Develop and maintain automation scripts and workflows for IAM processes using PowerShell and other relevant tools.
• Design and implement AI-powered solutions to enhance Identity and Access Management (IAM) capabilities including access provisioning access request handling and other critical IAM functions.
• Configure implement and manage MCP Servers to support Identity and Access Management (IAM) operations ensuring secure and efficient authentication authorization and resource access.
• Integrate AI systems with MCP servers APIs and existing platforms using Python and modern frameworks.
• Utilize Splunk ManageEngine and other UEBA (User and Entity Behavior Analytics) solutions to monitor and analyze user activities for anomalous or risky behavior.
• Collaborate with the IAM Architect MSP and other IT or business teams to enforce IAM policies support onboarding/offboarding and improve IAM service delivery.
• Support execution and enforcement of access control policies such as RBAC ensuring users have appropriate access.
• Participate in periodic audits and compliance activities related to IAM controls assist with remediation of findings and documentation requirements.
• Contribute to operational quality by maintaining up-to-date process documentation following change management and ticketing processes (such as Jira and ServiceNow) and applying ITSM leading practices.
• Collaborate on integrating and maintaining IAM solutions with cloud and on-prem services and assist with application integrations.
• Provide expertise in user provisioning de-provisioning SSO MFA and related IAM operational tasks.
• Support improvement initiatives by suggesting enhancements to IAM workflows automations and tool configurations.
• Assist with the development and execution of IAM Program roadmap and enhancements to mature capabilities and business service delivery

Qualifications :

• Proven experience with day-to-day administration and support of IAM technologies including at least the following:
  • Microsoft Active Directory (on-premises)
  • Microsoft Entra ID (formerly Azure AD)
  • SailPoint Identity Secure Cloud and SailPoint Machine Identity Security SailPoint workflows
  • Okta Workforce Identity Okta Privileged Access (experience migrating from OneIdentity preferred) Okta Lifecycle Management and workflows
  • ManageEngine
• Knowledge of IAM engineering principles and technologies including: Conditional Access Policies Directory Services MFA OAuth RBAC SAML SSO API and non-human identity security.
• Strong proficiency in PowerShell scripting for IAM automation and support.
• Experience with Python and modern AI frameworks. 
• Familiarity with using MCP (model context protocol) to aid in securing agentic AI access control. 
• Experience using Splunk ManageEngine or similar tools to conduct User and Entity Behavior Analytics (UEBA).
• Solid foundation in IAM operational concepts: user provisioning/de-provisioning RBAC SSO MFA identity federation access reviews and audit logging.
• Ability to collaborate effectively with internal IAM Lead Architect MSP teams and business stakeholders; demonstrating strong written and verbal communication skills.
• Understanding of compliance frameworks (ISO 27001 NIST SOX etc.) and ability to support audit activities.
• Hands-on experience with troubleshooting and resolving complex access management or identity lifecycle issues.
• Familiarity with and adherence to ITSM processes and workflows and experience with ticketing systems such as ServiceNow and Jira.
• Experience supporting cloud-based and on-prem IAM environments and integrating with third-party applications/APIs and System for Cross-domain Identity Management (SCIM) is preferred
• Experience with agile methodologies and working across time zones using remote collaboration technology is a plus.
• Knowledge of additional scripting or programming languages (e.g. Python PowerShell scripting).
• Minimum 5 years of experience in Information Security or IAM operations (engineer level).
• Bachelors degree in Information Technology Computer Science or equivalent practical experience.

Additional Information :

Powered by SmartRecruiters - Candidate Privacy Policy

Remote Work :

No

Employment Type :

Full-time