Security Engineer III

Security Engineer III (IAM / IGA Security Engineer)

Position Overview

We are seeking a highly skilled IAM / IGA Security Engineer to design implement and operate our enterprise Identity Governance and Administration (IGA) platform. This role plays a critical part in securing access to systems and data while enabling operational efficiency through automation policy-driven governance and scalable identity lifecycle management.

The ideal candidate has strong hands-on experience with IGA platformsespecially MidPoint (preferred)and excels at designing identity solutions that balance security compliance and user experience. You will collaborate closely with Security IT HR and business stakeholders to deliver a modern resilient IAM ecosystem.

Key Responsibilities

IGA Platform Design & Engineering

• Design implement and maintain Identity Governance & Administration (IGA) solutions using MidPoint or equivalent platforms (SailPoint Saviynt Omada)
• Configure and customize IGA capabilities:
  • Identity lifecycle management (Joiner / Mover / Leaver)
  • Access requests and approvals
  • Role management and RBAC
  • Policy enforcement and access certifications
• Build and optimize enterprise-grade identity models to support scale performance and resiliency
• Lead platform upgrades performance tuning and continuous improvements

Identity Lifecycle & Access Governance

• Design and automate end-to-end identity lifecycle workflows
• Implement birthright access models based on role department and business needs
• Build access request workflows that balance security compliance and usability
• Implement and manage periodic access certification campaigns
• Integrate and govern privileged access via PAM systems and elevated access workflows
• Identify and remediate orphaned accounts excessive privileges and access risks

Integration & Automation

• Develop and support integrations with:
  • Authoritative identity sources (HR systems)
  • Directories & IAM providers (Active Directory Azure AD / Entra ID Okta)
  • Cloud platforms (AWS IAM Azure RBAC GCP IAM)
  • SaaS and enterprise applications
• Build custom extensions using:
  • Python PowerShell Groovy or Java
  • REST and SOAP APIs
  • SCIM and event-driven provisioning
• Design data mappings and transformations to reconcile identity data across systems
• Implement monitoring logging and alerting for identity and provisioning events

Security Compliance & Risk Management

• Define and enforce:
  • Least-privilege access
  • Segregation of Duties (SoD)
  • Access policies and governance controls
• Support compliance initiatives including:
  • SOX SOC 2 ISO 27001 HIPAA GDPR
• Generate audit-ready reports on:
  • User access
  • Entitlements
  • Certifications
  • Policy violations
• Maintain IAM documentation architecture diagrams and operational runbooks

Collaboration & Operational Support

• Partner with HR IT Operations Security and application teams
• Serve as a technical advisor on:
  • IAM best practices
  • RBAC and least privilege
  • Zero Trust principles
• Troubleshoot and resolve complex IAM issues
• Support security incidents involving identity compromise or unauthorized access
• Train IT teams and business owners on IAM tools and processes

Continuous Improvement & Strategy

• Stay current with IAM trends and emerging technologies including:
  • Passwordless authentication
  • FIDO2
  • Identity analytics
  • Decentralized identity
• Measure and optimize IAM effectiveness via metrics and feedback
• Evaluate new tools and contribute to the IAM technology roadmap
• Influence enterprise IAM architecture and long-term strategy

Required Qualifications

Experience

• 5 years of hands-on Identity & Access Management experience
• 3 years working with IGA platforms
• Proven experience with at least one major IGA solution:
  • MidPoint (preferred)
  • SailPoint (IdentityIQ / IdentityNow)
  • Saviynt
  • Omada
• Strong experience with:
  • Identity lifecycle management
  • Access certifications
  • RBAC and role engineering

Technical Skills

• IGA Platforms: Deep technical expertise in MidPoint or equivalent
• Directories: Active Directory Azure AD / Entra ID LDAP
• Protocols: SAML OAuth 2.0 OIDC SCIM
• Automation & Scripting: Python PowerShell Groovy Java
• APIs & Integration: REST SOAP integration patterns
• Cloud IAM: AWS IAM Azure RBAC GCP IAM
• Databases: SQL and IAM data modeling
• SSO & MFA: Okta Ping Azure AD MFA technologies

Soft Skills

• Strong communication skills able to explain complex IAM topics to non-technical audiences
• Collaborative mindset with cross-functional teams
• Proven ability to drive IAM initiatives from design through production
• Customer-focused approach to access management
• Comfortable operating in fast-paced evolving environments

Education & Certifications

• Bachelors degree in Computer Science IT Cybersecurity or equivalent experience
• Preferred certifications:
  • CISSP
  • CIAM
  • CompTIA Security
  • Vendor-specific IAM certifications (SailPoint Saviynt Microsoft)

Preferred / Nice-to-Have Qualifications

• Hands-on experience implementing and operating MidPoint
• Experience across multiple IGA platforms
• Privileged Access Management (CyberArk BeyondTrust Delinea)
• Identity analytics and access risk tooling
• Infrastructure as Code (Terraform Ansible)
• DevSecOps / CICD IAM integrations
• Experience in highly regulated industries
• Contributions to open-source IAM projects
• Knowledge of emerging identity technologies (passwordless decentralized identity)

Why This Role Matters

You will help secure the organizations most critical assets by ensuring the right people have the right access at the right timewhile reducing friction through automation and intelligent governance.