Principal IAM Engineer

OverviewExecutive Office of Technology Services and Security (EOTSS) is seeking a Principal Identity and Access Management (IAM) Engineer to join the IAM Team. This is a contract-based opportunity with a pay range described pensationBase pay range: $80.00/hr - $90.00/hrThis is a contract-based employment opportunity. The actual pay will be based on skills and experience — talk with your recruiter to learn more.About EOTSSThe Executive Office of Technology Services and Security (EOTSS) is the lead enterprise technology organization for the Commonwealth of Massachusetts. EOTSS aligns business and technology across the Commonwealth’s Executive Branch and oversees enterprise technology, digital infrastructure and services, the Commonwealth Security Operations Center, and an enterprise Standard Operating Environment with an information security and risk management framework for over 125 state agencies and over 43,000 state employees. EOTSS serves constituents by providing digital services and tools to make interactions with government easier, faster, and more secure.Mission: We provide technology leadership to enhance public service and foster positive community outcomes.About Mass DigitalThe Massachusetts Digital Service (Mass Digital), within EOTSS, partners with organizations across state government to transform how residents, visitors, businesses and government agencies interact with the Commonwealth. Mass Digital helps partners use technology, design, and data to improve government interactions.Mass Digital aims to create statewide digital experiences that are accessible, simple, and secure. The roadmap includes creating a single identity for Commonwealth services, expanding channels of communication, and improving the integrated experience across state services. We will develop new products and services, establish standards, and build capacity within agencies.To realize this vision, we are expanding our engineering team to dedicate technical staff to product initiatives.About the RoleAre you a technical leader who wants to work on meaningful public-service software? Are you an engineer experienced with large, complex systems looking for a leadership role? Read on — this role may be for you.We are looking for a Principal Identity and Access Management (IAM) Engineer to join our established IAM Team. The IAM team is responsible for creating and managing the infrastructure that provides people with a single account and password to sign in to all participating Massachusetts state services and applications.Your ResponsibilitiesAs Principal IAM Engineer you will lead the review and design of new IAM B2C application integrations and deployments using Azure B2C to support the success of MyMassGov.MyMassGov is the state’s constituent single-sign-on product, designed to simplify access to state services using a single set of credentials. The site has over 550K active monthly users and is being rolled out to major digital experiences.The Principal IAM Engineer focuses on B2C application integrations serving thousands to millions of users. You will help ideate engineering and architecture solutions focusing on productizing deliverables, including optimizing deployments, automation, reference stack homogenization, and enhancing security of SSO to cloud apps.Responsibilities include prioritizing and defining engineering requirements, setting up Azure DevOps, and providing operational support with next-generation IAM and PAM solutions. You will collaborate with IAM team members, architecture, application development and agency engineering teams, service owners, and stakeholders to deliver scalable, adaptable enterprise IAM and PAM solutions.We value innovation and continuous improvement; you will have opportunities to identify improvements and lead efforts to implement them across the organization.Your First MonthYou will spend the first weeks paired with a Mass Digital senior technical leader to learn practices and standards, integrate with your product engineering team, and receive guidance to help you succeed.Where You’ll WorkThe primary work location is 1 Ashburton Place, Boston, MA 02108. Work schedule: Monday – Friday, 9:00 AM to 5:00 PM EST. Hybrid work model with in-office and remote days as needed; reasonable requests for location can be accommodated. After-hours work may be required.Duties and ResponsibilitiesDesign, deploy, support, and monitor IAM solutions using Azure Active Directory or similar tools.Design, deploy, support, and monitor PAM solutions using Azure DevOps, GitHub, or similar tools.Lead meetings to gather and document business requirements for IT Cyber Security and Compliance projects involving IAM, integration with Active Directory, MFA, and PAM.Collaborate with business partners and application teams to align access and identity requirements with enterprise standards.Manage day-to-day issues, incidents, escalation, and process adherence.Review and design new IAM and PAM solutions to ensure appropriate controls and operationalization.Act as a subject matter expert on IAM and PAM concepts including authentication and authorization.Lead IAM projects with cross-functional teams to deliver scalable, adaptable enterprise IAM solutions.Preferred Knowledge, Skills, & AbilitiesEight (8) years of IAM experience with engineering and operations of large-scale infrastructure.Eight (8) years deploying IAM solutions (e.g., Entra ID/Azure AD, SailPoint, Okta, Radiant Logic, CyberArk, Ping) at enterprise level.Deep understanding of IAM principles, access control, authentication, authorization, provisioning, approvals, and workflows.Hands-on project delivery across full development lifecycle for IAM solutions.Strong C# programming experience and best practices.Knowledge of IAM concepts: Least Privilege, Privileged Access, RBAC, SOD, roles, data governance.Familiarity with modern authentication methods and protocols (SAML, OAuth, OpenID, Kerberos, LDAP, FIDO2, PIM, PIV).Experience with Azure AD, federated identities, MFA, and related identity technologies.Experience capturing IAM use cases and defining requirements and processes.Experience managing IAM infrastructure, app onboarding, monitoring, policy/password management, certifications, workflows, and access reviews.Experience developing IAM governance documentation and standards.Knowledge of security frameworks and standards such as ISO 27001, NIST, Zero Trust.Ability to model current and future business processes and workflows using standard tools.Strong communication skills to work with business owners and technical stakeholders.Ability to translate business problems and processes into service and product requirements.Strong problem-solving and troubleshooting skills.CertificationsCertified Identity & Access Manager (CIAM) or Certified Information Systems Security Professional (CISSP) – a plus but not required.Seniorities and Employment TypeSeniority level: Mid-Senior levelEmployment type: ContractJob Function & IndustriesJob function: Information TechnologyIndustries: Information Technology & Services and Government AdministrationReferrals increase your chances of interviewing at EOTSS. Sign in to set job alerts for similar roles. #J-18808-Ljbffr

Created: 2025-09-25