Senior Identity Management Engineer

We are seeking a hands-on IAM Engineer to support the technical execution of our modern identity ecosystem. You will be the primary "labor" engine responsible for implementing our newly licensed tools (Conductor One and Ping Directory). You will be working closely with the IAM Architect in this role.

We’ve moved past the basics; our stack is built on Zero Trust principles, featuring SPIRE, Open Policy Agent (OPA), and a custom-built group management engine. You will own the full IAM lifecycle, evolving our existing infrastructure into a scalable, modern ecosystem that serves as a competitive advantage for our operations.

In this role you will

• Platform Implementation: Complete baseline environment configuration for Ping Directory and Conductor One across Dev and Prod tiers.

• Workforce Automation: Integrate HRIS (Workday) with the IGA platform to automate Joiner-Mover-Leaver (JML) processes.
• Technical Connectivity: Build and validate production-ready connectors for the core ecosystem, including Okta, AWS, Google, Slack, and Squad.
• Compliance Hardening: Deploy "Justify or Revoke" workflows and automated reporting to support SOX/ISO privileged access reviews.
• Identity Isolation: Execute the migration of Workforce and Service identities to Ping Directory.
• Operational Readiness: Define technical test plans, draft formal procedural documentation for audits, and create system runbooks for the permanent operations team.

Your primary focus will be the build, deployment, and configuration of the core IAM platform.

Required qualifications

• Experience: 4+ years in Information Security, with at least 2 years specifically focused on implementing IAM solutions in large enterprise environments.
• Identity Expertise: Expert-level knowledge of at least one major Cloud Identity Provider (AWS IAM, Azure) and core protocols including SAML, OAuth 2.0, OIDC, SCIM, and LDAP.
• Modern Principles: Deep understanding of Zero Trust principles and access models such as RBAC, ABAC, and PBAC.
• Education: Bachelor’s or Master’s degree in Computer Science, IT, or equivalent practical experience.
• Ability to develop code in either Python or Go.

Desirable qualifications

• Identity Providers: Experience with integration patterns with IdPs such as Okta, Auth0 or Microsoft Entra ID.
• IGA/PAM: Experience with Conductor One, SailPoint, Saviynt or similar platforms.
• Directory Services: Hands-on experience with Ping Directory or similar LDAP solutions. Including monitoring for performance and fine-tuning CPU, Memory and Storage.
• Cloud Infrastructure: Understanding of AWS cloud infrastructure and security concepts. Comfortable with Kubernetes and Infrastructure-as-Code (IaC) such as Terraform and Helm and CI/CD platforms such as ArgoCD.
• API Security: Experience protecting APIs using OAuth scopes and claims.
• Troubleshoot and resolve complex integration and performance issues across the IAM stack.

The base salary range for this position is  $146,000 - $211,500 per Year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.