Lead, Identity Engineer

Job Description/Preferred Qualifications

Key Responsibilities

• Implement and administer Privileged Identity Management (PIM) for roles groups and resource access.
• Configure just-in-time (JIT) access approval workflows access reviews and privileged role activation policies.
• Engineer secure lifecycle management for privileged identities across AD and Azure environments.
• Integrate PIM with SaaS on-premise applications and PaaS platforms like AWS GCP and Azure.
• Integrate PIM with hybrid identity components (AD Connect Conditional Access MFA etc.).
• Enforce least privilege segregation of duties and Zero Trust principles.
• Manage privileged roles tiered administration models and Group Policy configurations in Active Directory.
• Develop standards playbooks and governance models for privileged access management.
• Conduct access reviews audits and compliance reporting (SOX ISO 27001 PCI etc.).
• Monitor privileged access activities and collaborate with security teams on incident response.
• Automate identity and PIM workflows using PowerShell APIs or automation platforms.
• Streamline onboarding/offboarding of privileged accounts across cloud and onprem environments.
• Implement continuous improvement to reduce manual processes and strengthen controls.
• Serve as technical SME for privileged identity control design and best practices.
• Partner with cloud IAM security operations and infrastructure teams to support enterprise initiatives.
• Provide documentation knowledge transfer and mentorship for internal teams.

Minimum Qualifications

• 5 years of experience in Privileged Identity Management and IAM.
• Strong hands-on expertise with:
  • PIM products like CyberArc or similar
  • Active Directory / Group Policy
  • Azure AD / Entra ID
• Solid understanding of identity governance Zero Trust RBAC and privileged access models.
• Experience with PowerShell scripting and automation.
• Familiarity with Conditional Access MFA and hybrid identity architectures.
• Microsoft Certified: Identity and Access Administrator (SC-300)
• Azure Administrator (AZ104) or Security Engineer (AZ500) certifications
• Experience with additional privileged access tools (CyberArk BeyondTrust etc.)
• Understanding of cloud security frameworks and IAM for Azure AWS or GCP
• Strong analytical and problem-solving abilities
• Excellent communication and documentation skills
• Ability to work independently and lead identity-focused initiatives
• Collaborative mindset with cross-functional teams

We offer a competitive family friendly total rewards package. We design our programs to reflect our commitment to an inclusive environment while ensuring we provide benefits that meet the diverse needs of our employees.

KLA is proud to be an equal opportunity employer

Be aware of potentially fraudulent job postings or suspicious recruiting activity by persons that are currently posing as KLA employees. KLA never asks for any financial compensation to be considered for an interview to become an employee or for equipment. Further KLA does not work with any recruiters or third parties who charge such fees either directly or on behalf of KLA. Please ensure that you have searched KLAs Careers website for legitimate job postings. KLA follows a recruiting process that involves multiple interviews in person or on video conferencing with our hiring managers. If you are concerned that a communication an interview an offer of employment or that an employee is not legitimate please send an email to to confirm the person you are communicating with is an employee. We take your privacy very seriously and confidentially handle your information.