IAM Engineer II

Identity Access Management Opportunity in Financial Services

IAM Engineer II

Location(s):

Atlanta: 2300 Windy Ridge Pkwy SE, Suite750, Atlanta, GA 30339

La Vista:12325 Port Grace Blvd, La Vista, NE 68128

Oakdale: 7755 3rd St. N, Oakdale, MN 55128

Scottsdale: 18700 N Hayden Rd, Suite 255, Scottsdale, AZ 85255

St. Petersburg: 877 Executive Center Dr. W, Suite 300, St. Petersburg, FL 33702

Osaic has returned to the office on a hybrid schedule requiring a minimum of 4 days weekly in the office. Applicants should be located at one of our hubs listed above and must be willing to work this schedule.

Role Type:        Full-time, Non-Exempt

Salary: $120,000 - $156,000 per year + annual performance-based bonus

Actual compensation offered will be determined individually, based on a number of job-related factors, including location, skills, licensure, experience, and education.

Our competitive compensation is just one component of Osaic’s total compensation package. Additional benefits include health, vision, dental insurance, 401k, paid time away, volunteer days and much more. To view more details of what you can look forward to, visit our careers page: Osaic Benefits.

Summary:

The IAM Engineer II is responsible for executing daily identity and access management operations across the identity management platforms. This role supports user onboarding/offboarding, Single Sign On (SSO) integrations, access requests, entitlement administration, and basic privileged access functions. The IAM Engineer II ensures that identity controls are applied consistently and securely, enabling reliable access for users while reducing risk to the organization. This position will report to the Head of IAM and Network Security Eng & Ops.

Education Requirements:

Bachelor’s degree preferred, high school diploma (or equivalent) in combination with significant experience will be considered in lieu of degree. Minimum of high school diploma or equivalent is required.

Responsibilities:

• Automate Joiner/Mover/Leaver (JML) processes, including provisioning, de-provisioning, access requests, and access reviews.
• Ensure group based and role-based access is assigned accurately and timely.
• Troubleshoot identity issues such as failed provisioning tasks, directory sync, and entitlement assignments.
• Process access requests and approvals; maintain entitlement catalogs and birthright access definitions.
• Assist in quarterly and ad hoc access certification campaigns.
• Onboard applications to identity platforms using REST APIs and JSON field mapping.
• Onboard applications for SSO using standard SAML/OIDC templates.
• Ensure adherence to least privilege and separation of duties (SoD) requirements.
• Collect and maintain evidence for audits and identity reviews.
• Follow established change management, documentation, and incident management processes.
• Use PowerShell or basic REST API calls for simple identity queries or repeatable tasks.
• Maintain runbooks, knowledge base articles, and user facing guides.
• Participate in identity related incident handling and troubleshooting.
• All other duties as assigned.

Basic Requirements:

• 1–3 years of experience in IT, security operations, or identity administration.
• Hands-on experience with user and group management.
• Familiarity with SAML, OIDC, and basic authentication/authorization principles.
• Understanding of IAM concepts such as MFA, RBAC, provisioning, and JML workflows.
• Basic scripting experience (PowerShell, Python, or similar).
• Strong analytical and troubleshooting skills; attention to detail.
• Ability to follow documented procedures and maintain accurate records.

Preferred Requirements:

• Experience with an IAM platform (provisioning, access requests, access reviews, connectors).
• Experience with onboarding applications for SSO.
• Exposure to PAM (Privileged Access Management) tools and workflows.
• Understanding of security frameworks and controls (least privilege, SoD, zero trust).
• Ability to read logs and debug authentication or provisioning errors.
• CompTIA Security +, Microsoft SC-900, Microsoft SC-300, (ISC)² CC or SSCP