Passionate about precision medicine and advancing the healthcare industry?
Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.
As an Associate IAM Engineer, you will be the frontline defender and administrator of our identity perimeter. You will focus on day-to-day identity operations, single sign-on (SSO) integrations, device assurance, and troubleshooting authentication issues. This role is perfect for someone with a strong foundational understanding of identity protocols (SAML, OIDC) who wants to grow their hands-on skills in enterprise automation, identity governance, and cloud identity management using Okta.
Key Responsibilities
SSO & App Integration: Configure, test, and deploy standard SAML 2.0 and OIDC/OAuth 2.0 integrations for onboarding new SaaS applications.
Operational Support & Troubleshooting: Serve as the Tier 2/3 point of contact for identity-related tickets. Deep-dive into system logs and protocol traces to resolve authentication, MFA, and provisioning failures.
Lifecycle Management (LCM): Monitor and maintain automated user provisioning (Joiner/Mover/Leaver processes) across HRIS, Active Directory, and downstream applications. Help triage Okta Workflow errors.
Device Assurance & Endpoint Security: Assist in configuring and monitoring Okta Device Assurance policies to ensure only secure, compliant devices can access corporate resources.
Identity Governance & Compliance: Support user access reviews and regular entitlement certifications using Okta Identity Governance (OIG) to ensure alignment with SOC2, ISO 27001, and SOX frameworks.
Technical Qualifications
Experience: 1–3 years of experience in an IT, Security, or Systems Administration role, with at least 1 year of dedicated hands-on exposure to Okta administration.
Protocol Fundamentals: A solid conceptual understanding of the "Identity Trinity":
SAML 2.0: Understanding assertions, entity IDs, and ACS URLs.
OpenID Connect: Basic understanding of tokens (ID, Access, Refresh), scopes, and authorization flows.
SCIM: Familiarity with how automated provisioning works.
Directory Services: Comfortable navigating and managing Universal Directory (managing users, groups, and basic OU structures).
RESTful APIs: Foundational understanding of REST API concepts (HTTP methods like GET, POST, PUT, DELETE, and status codes) and comfort using OKTA Workflows.
Security Mindset: Understanding of basic security principles like Multi-Factor Authentication (MFA), Least Privilege, and Zero Trust.
Soft Skills
The "Log Detective": You enjoy digging into event logs and browser developer tools (SAML tracers) to find out exactly why a login failed.
Clear Communicator: Ability to guide non-technical employees (or partners in HR) through password resets, MFA setups, or access requests with patience and clarity.
Hungry to Learn: The identity space moves fast. You are excited to learn advanced tools like Okta Workflows, Terraform, or API management on the job.
Bonus Points
Okta Device Assurance: Prior exposure to configuring Okta Device Assurance policies and a basic understanding of how they interface with MDM tools (e.g., Jamf, Intune) to check device posture.
Identity Governance (IGA): Hands-on exposure to Okta Identity Governance (OIG) for managing access requests, approvals, and access certification campaigns.
Okta Workflows & Automation: Foundational knowledge or exposure to Okta Workflows (or similar low-code automation platforms) used to orchestrate lifecycle management.
Certifications: Okta Certified Professional or Okta Certified Administrator.
#LI-Hybrid
#LI-HR1
CHI - $70,000 - $95,000
The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position.
We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Skills Required
- 1-3 years in IT, Security, or Systems Administration
- At least 1 year hands-on Okta administration
- Conceptual understanding of SAML 2.0 (assertions, entity IDs, ACS URLs)
- Understanding of OpenID Connect (tokens, scopes, flows) and OAuth 2.0
- Familiarity with SCIM and automated user provisioning
- Experience navigating Universal Directory and Active Directory
- Foundational understanding of RESTful APIs and comfort using Okta Workflows
- Understanding of MFA, Least Privilege, and Zero Trust principles
- Ability to investigate logs, protocol traces, and SAML traces to resolve authentication issues
- Clear communication skills to guide non-technical users through MFA/password/access issues
- Experience configuring Okta Device Assurance and interfacing with MDMs (e.g., Jamf, Intune)
- Hands-on exposure to Okta Identity Governance (OIG) for access reviews and certifications
- Foundational knowledge of Okta Workflows or similar low-code automation platforms
- Experience with Terraform or API management
- Okta Certified Professional or Okta Certified Administrator
What the Team is Saying
Tempus AI Compensation & Benefits Highlights
-
Healthcare Strength — Healthcare coverage spans medical, dental, vision, life/AD&D, short‑term disability, mental‑health/EAP, FSAs, and even pet insurance. Feedback suggests this breadth meets core needs for many employees.
-
Wellbeing & Lifestyle Benefits — On‑site cafeteria meals, stocked snacks, an on‑site barista, commuter benefits, gym discounts, ERGs, and regular events enhance daily experience, especially at Chicago HQ. Feedback suggests these amenities add tangible value for those working regularly on‑site.
-
Parental & Family Support — Parental leave and an onsite Mother’s Room are highlighted, alongside hybrid work in many roles. Feedback suggests these supports help work‑life integration for caregivers.
Tempus AI Insights
What We Do
We bring together one of the world’s largest libraries of multimodal clinical and molecular data with a robust suite of AI tools to help physicians personalize care in real time, connect patients with therapies and clinical trials, and enable partners to accelerate discovery and development of new treatments. With ~8 million de-identified research records and 350+ petabytes of data, Tempus partners with more than half of U.S. oncologists and the majority of the top 20 global pharma companies. Our teams are pioneering work across oncology, neurology, psychiatry, cardiology, and beyond—transforming how care is delivered and therapies are developed. At Tempus, every role contributes to our mission: to help each patient benefit from the experiences of those who came before. For more information, visit tempus.com.
Why Work With Us
We’re looking for people who can change the world. People who question the status quo and refuse to shy away from tough problems. For builders who are never done building, and the learners who are never done learning. Passionate individuals with undying curiosity who want to take on one of the greatest challenges humanity has ever faced—head on.
Gallery
Tempus AI Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Most of the team follows a hybrid policy, with some roles allowing for a fully remote arrangement and some roles being onsite only.
