IAM Engineer

Must Have Technical/Functional Skills * Strong understanding of IAM concepts: RBAC, ABAC, PBAC, SoD, governance workflows. * Hands on experience with at least one major platform: * IGA: SailPoint / Saviynt / OIG * SSO/AM: Okta / Azure AD / Ping / ForgeRock * PAM: CyberArk / Delinea / BeyondTrust * Proficiency in scripting: PowerShell (mandatory), Python preferred. * Deep understanding of SAML, OAuth 2.0, OIDC, SCIM, JWT. * Experience with Active Directory, Entra ID, and directory synchronization tools. * Familiarity with cloud IAM across AWS / Azure / GCP. Roles & Responsibilities 1. Identity Governance & Administration (IGA) * Implement and maintain IGA platforms (e.g., SailPoint, Saviynt, Oracle Identity). * Manage user lifecycle processes (Joiner-Mover-Leaver). * Execute role engineering, access certifications, entitlement governance, and SoD controls. * Develop identity workflows, provisioning connectors, and automated approval processes. 2. Access Management / SSO / Federation * Configure and support SSO integrations using SAML, OAuth 2.0, and OIDC. * Implement MFA, conditional access, adaptive authentication, and passwordless solutions. * Manage and troubleshoot identity federation with cloud and on prem applications. * Support both workforce and B2B/B2C identity requirements. 3. Privileged Access Management (PAM) * Administer PAM tools (CyberArk, BeyondTrust, Delinea, HashiCorp Vault). * Onboard privileged accounts, manage vaulting, session control, and credential rotation. * Implement least privilege models and privileged identity workflows. 4. Directory Services & Identity Infrastructure * Manage Active Directory / Entra ID objects, GPO policies, domain trust, and conditional access. * Support LDAP, Kerberos, RADIUS, and identity protocols for infrastructure authentication. * Troubleshoot identity replication, authentication failures, and directory issues. 5. Cloud IAM * Implement IAM controls for AWS, Azure, and/or GCP (RBAC, service accounts, policies). * Manage enterprise cloud identity integrations, workload identities, and cloud SSO. * Support identity posture management and cloud access reviews. 6. Automation, Scripting & DevOps * Develop automation using PowerShell, Python, Bash, REST APIs. * Build integration scripts, provisioning connectors, and identity workflows. * Use Terraform, CI/CD pipel ines, or automation frameworks for IAM deployments. 7. Security, Compliance & Governance * Support audits (SOX, PCI DSS, ISO 27001, FFIEC, HIPAA if applicable). * Implement identity controls aligned with Zero Trust Architecture. * Perform risk assessments, access reviews, and provide remediation support. * Document IAM processes, standards, runbooks, and architectural diagrams. Salary Range: $100,000 to $120,000 per year

Created: 2026-04-02