Identity and Access Management (IAM) Engineer

The OpportunityThe Enterprise Technology Experience organization seeks an experienced and detail-oriented Identity and Access Engineer who can assist with designing and developing the Identity and Access Management environment (IAM). This is an opportunity for you to work in a fast paced, innovative, and collaborative environment on exciting technology directives, directly impacting the way security is integrated into daily business processes. Ideally, you will have a deep understanding of identity lifecycle management, directory services, authentication protocols, and modern IAM platforms.The TeamThis role is a part of the IAM Engineering Team, which is a strategic arm of our Security Platform Engineering organization, and is crucial for maintaining strong security, compliance to security controls, and assisting with operational efficiency. This group is responsible for building and maintaining the core identity platforms for MassMutual, as well as designing and deploying strategic solutions that will enable access controls to be embedded into strategic business processes.The ImpactAs an IAM Engineer, you will be responsible for leading project delivery work, partnering with enterprise and solution architects to design and deploy secure solutions, assisting IAM operational support teams as needed for troubleshooting. You will partner with vendors to solve strategic challenges that align with enterprise roadmaps and will have an opportunity to utilize your experience and expertise to improve existing processes, patterns, and infrastructure.This position can be located in our Springfield, MA, Boston, MA, or NYC office.The Minimum Qualifications8+ years experience in the following areasweb infrastructure and web infrastructure design conceptsworking with Federation services and Certificate managementworking with protocols such as SAML and OIDCworking with Linux and Windows operating systemssupporting Directory Services (such as Ping, AD, Okta, Entra, etc.)with documentation and demonstrated ability in operational hand offworking on Security and Operation Incident objectivesin audit remediation and mitigationssupporting complex environmentsdesigning, implementing, deploying, and maintaining IGA solutions such as SailPoint, Saviynt, Oktawith Identity Lifecycle Management, Access Reviews, Intelligence (Analytics), Roles and Rules management, and Segregation of DutiesMust be authorized to work in the United States without sponsorship both now and in the futureThe Ideal QualificationsBachelor of Science in Computer Science or Information Management7-10 years of experience in a complex web infrastructure environmentUnderstanding of web security concepts and security in-depthAbility to collaborate across lines of business to consult and guide projects as neededAbility to grasp large scale, enterprise class deploymentsSoftware system integrationTroubleshooting and triage of complex production issues, with technical support to operations and supporting teamsUnderstanding of the Atlassian productivity suite (JIRA, Confluence, Bitbucket, etc)Excellent Organizational SkillsExcellent written and verbal communication skills. Will be communicating technical information to non-technical end usersExperience maintaining various web proxies using Security Access ManagerAbility to look at the big picture and recommend designs based on industry best practiceDeep understanding SSO solutions using Okta, SAM Federations and Auth0 technologies Experience integrating third party applications with on-prem/AWS deployed solutionsExperience with many of the following: Akamai, NGINX, AWS, F5, IHS/Apache, Python, NodeJS, netmon/wireshark, Auth0, Okta, LDAP, Active Directory, IBM ISAM, F5Understanding of MFA including RSA adaptive authentication and SecureIDIdentity tokenization and underlying standards (SAML, OAuth, Kerberos, etc)Familiarity with IAM concepts like privileged access, zero trust, and access governanceFamiliarity with PKIFamiliarity with security frameworks and regulations (e.g., NIST, GDPR, HIPAA) that impact identity and access managementComfortable challenging status quoAbility to support and maintain various LDAP repositories using Security Directory Server and associated utilitiesAbility to think critically under pressure and deliver on timeAbility to work independently with minimal supervisionSalary Range: $134,400.00-$176,400.00Why Join UsWe’ve been around since 1851. During our history, we’ve learned a few things about making sure our customers are our top priority. In order to meet and exceed their expectations, we must have the best people providing the best thinking, products and services. To accomplish this, we celebrate an inclusive, vibrant and diverse culture that encourages growth, openness and opportunities for everyone. A career with MassMutual means you will be part of a strong, stable and ethical business with industry leading pay and benefits. And your voice will always be heard.We help people secure their future and protect the ones they love. As a company owned by our policyowners, we are defined by mutuality and our vision to put customers first. It’s more than our company structure – it’s our way of life. We are a company of people protecting people. Our company exists because people are willing to share risk and resources, and rely on each other when it counts. At MassMutual, we Live Mutual.MassMutual is an Equal Employment Opportunity employer. We welcome all persons to apply.If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.At MassMutual, we focus on ensuring fair, equitable pay by providing competitive salaries, along with incentive and bonus opportunities for all employees. Your total compensation package includes either a bonus target or in a sales-focused role a Variable Incentive Compensation component. For more information about our extensive benefits offerings please check out our Total Rewards at a Glance. #J-18808-Ljbffr

Created: 2025-09-22