Identity and Access Management and Privileged Access Management Engineer

About InvoiceCloud:

InvoiceCloud is a fast-growing fintech leader recognized with 20 major awards in 2025 including USA TODAY and Boston Globe Top Workplaces multiple SaaS Awards wins for Best Solution for Finance and FinTech and national customer service honors from Stevie and the Business Intelligence Group. Judges also highlighted our mission to reduce digital exclusion and restore simplicity and dignity to how people pay for essential services as well as our leadership in AI maturity and responsible innovation. Its an award-winning purpose-driven environment where top talent thrives. To learn more .

IAM/PAM Engineer

InvoiceCloud is a fast-growing fintech leader recognized with 20 major awards in 2025 including USA TODAY and Boston Globe Top Workplaces multiple SaaS Awards wins for Best Solution for Finance and FinTech and national customer service honors from Stevie and the Business Intelligence Group. Judges also highlighted our mission to reduce digital exclusion and restore simplicity and dignity to how people pay for essential services as well as our leadership in AI maturity and responsible innovation. Its an award-winning purpose-driven environment where top talent thrives. To learn more .

Job Details:

We are seeking a highly skilled and security-focused IAM/PAM Engineer to support the Cybersecurity and Enterprise Technology organizations. This role is responsible for safeguarding access to InvoiceClouds systems applications and cloud environments by designing implementing and operating scalable Identity and Access Management (IAM) and Privileged Access Management (PAM) controls.

This role builds and maintains the guardrails that ensure the right people and services have the right access to the right resources at the right time. The IAM/PAM Engineer partners closely with Security Compliance Infrastructure/Cloud Operations HR and application owners to enforce least privilege strengthen authentication controls automate identity governance workflows and produce audit-ready access evidence.

Success in this role means reducing identity-related risk improving access hygiene strengthening zero-trust alignment and enhancing both security and usability across workforce and administrative access environments.

Success Profile:

This role is anchored in our companys core competencies. These competencies reflect the mindsets and behaviors that define success in this role. We outline how each competency translates into real-world actions and outcomes specific to this role.

Results Driven

• Leads Identity Architecture & Access Control Design by designing and administering identity management solutions across hybrid cloud environments ensuring scalable secure authentication and authorization patterns.
• Implements and strengthens SSO & Strong Authentication Controls (MFA conditional access device posture checks) for workforce and administrative systems driving measurable improvements in MFA coverage and reduced authentication risk.
• Advances Privileged Access Management (PAM) Controls including credential vaulting just-in-time (JIT) access least privilege enforcement and privileged session monitoring to reduce standing administrative risk.
• Delivers documentedand 210-day outcomes including improved MFA coverage reduced privileged-account sprawl automated de-provisioning and audit-ready reporting demonstrating improved access hygiene.

Takes Ownership

• Develops and maintains Identity Governance & Joiner/Mover/Leaver (JML) Automation workflows integrated with HR and ticketing systems to ensure timely provisioning and de-provisioning of user and service accounts.
• Conducts structured Entitlement Reviews & Access Drift Remediation investigating anomalies resolving privilege creep and maintaining zero-trust and least-privilege standards across all identities.
• Partners with Security Compliance and application owners to define access standards role models and evidence requirements that align to regulatory and audit expectations.
• Supports Identity-Related Incident Response by investigating suspicious logins credential compromise and privilege misuse events integrating IAM/PAM telemetry into monitoring and response processes.

Drives Efficiency

• Integrates IAM/PAM Telemetry & Monitoring with security tooling to improve visibility into authentication patterns privileged activity and anomalous access behaviors.
• Standardizes IAM/PAM documentation including runbooks operational procedures escalation paths and control evidence to ensure repeatable audit-ready operations.
• Automates provisioning access reviews and reporting workflows using scripting and APIs (e.g. PowerShell Python Graph APIs) reducing manual effort and improving timeliness of access management processes.
• Embeds zero-trust and least-privilege principles into architecture reviews and change-management routines ensuring identity considerations are consistently incorporated into system design decisions.

Innovative

• Applies forward-looking identity security practices to evolve zero-trust alignment improve user experience and reduce friction while maintaining strong control enforcement.
• Leverages AI and automation to enhance anomaly detection in authentication patterns streamline entitlement analysis and generate actionable insights from identity telemetry.
• Continuously evaluates emerging IAM/PAM technologies authentication protocols (SAML OIDC/OAuth2 SCIM) and industry best practices translating them into scalable adaptive access-control improvements.

Requirements

• Bachelors degree in IT Security Computer Science or a related field (or equivalent experience).
• 5 years of experience in IAM PAM or identity-focused security/IT engineering roles.
• Experience implementing and operating identity providers such as Azure AD (Entra ID) Okta or similar platforms.
• Strong understanding of authentication and federation protocols including SAML OIDC/OAuth2 and SCIM.
• Experience implementing privileged access controls such as vaulting just-in-time access and least privilege models.
• Hands-on experience automating workflows and integrations using scripting and APIs (e.g. PowerShell Python Graph APIs).
• Experience conducting entitlement reviews and managing joiner/mover/leaver processes.
• Familiarity with zero-trust architecture principles and identity governance best practices.
• Relevant certifications such as Azure Security Engineer Okta Professional or similar credentials preferred.
• High integrity and sound judgment when handling sensitive and confidential information.

InvoiceCloud is committed to providing equal employment opportunities to all employees and applicants. We do not tolerate discrimination or harassment of any kind based on race color religion age sex nationality disability genetic information veteran or military status sexual orientation gender identity or expression or any other characteristic protected under applicable laws.

This commitment applies to all aspects of employment including recruitment hiring placement promotion termination layoff recall transfer leave compensation and training.

If you require a disability-related or religious accommodation during the application or recruitment process and wish to discuss possible adjustments please contact .

Click here to review InvoiceClouds Job Applicant Privacy Policy.

For recruitment agencies: InvoiceCloud does not accept unsolicited resumes from agencies. Please do not forward resumes to our job aliases employees or any other company location. InvoiceCloud is not responsible for any fees associated with unsolicited submissions.