IAM Engineer

This role will design implement and maintain Identity and Access Management solutions that protect enterprise resources and ensure the right users have the right access at the right time. The ideal candidate brings hands-on experience with modern IAM platforms directory services and federation protocols and is comfortable operating in a collaborative fast-paced security organization.

Responsibilities: 

• Govern directory services (Active Directory Azure AD/Entra ID LDAP) including user provisioning de-provisioning group management and policy enforcement
• Implement and manage role-based access control (RBAC) and attribute-based access control (ABAC) frameworks across enterprise applications
• Govern federation protocols (SAML 2.0 OAuth 2.0 OIDC) for both cloud and on-premises integrations
• Support Privileged Access Management (PAM) operations including onboarding privileged accounts session recording and credential vaulting
• Collaborate with application owners and IT teams to onboard new applications into the IAM ecosystem and ensure consistent access governance
• Monitor IAM systems for anomalies investigate access-related incidents and support forensic analysis when required
• Assist in developing and maintaining automation scripts for identity lifecycle workflows access provisioning and reporting
• Conduct periodic access reviews and work with the Risk and Governance team to ensure access certifications are completed on time
• Contribute to IAM policies standards and procedures in alignment with security frameworks (NIST CIS ISO 27001)
• Evaluate emerging IAM technologies and provide recommendations to improve the security posture
• Provide Tier 2/3 support for IAM-related incidents and service requests 

Qualifications :

Qualifications: 

• 35 years of hands-on experience in an IAM Engineer Identity Engineer or similar role
• Proficiency with IAM/IGA platforms such as SailPoint IdentityNow Saviynt Okta Microsoft Entra ID (Azure AD) or Ping Identity
• Strong knowledge of directory services: Active Directory LDAP and Azure AD
• Experience implementing SSO MFA and federation using SAML 2.0 OAuth 2.0 and OpenID Connect
• Familiarity with Privileged Access Management (PAM) tools such as CyberArk BeyondTrust or Delinea
• Understanding of RBAC SoD (Segregation of Duties) and least-privilege access principles
• Scripting and automation skills using PowerShell Python or similar languages for IAM workflows
• Experience with cloud identity platforms (AWS IAM Azure AD GCP IAM) and hybrid environments
• Knowledge of security frameworks such as NIST SP 800-53 ISO 27001 or CIS Controls as they relate to identity management
• Experience with ticketing and ITSM platforms (ServiceNow Jira) for incident and change management
• Strong analytical and troubleshooting skills with ability to diagnose complex access and authentication issues
• Excellent communication skills to collaborate with cross-functional teams including IT compliance and business stakeholders
• Bachelors degree in computer science Information Technology Cybersecurity or a related field
• Certifications such as Microsoft Certified: Identity and Access Administrator Associate SailPoint IdentityNow Engineer or CompTIA Security preferred
• Experience in regulated industries (financial services healthcare publicly traded companies) is a plus

Additional Information :

All your information will be kept confidential according to EEO guidelines.

Remote Work :

No

Employment Type :

Full-time