The Role
Lead and mentor an IAM engineering team to design, build, and operate enterprise identity solutions across Okta and Microsoft Entra ID. Define technical standards, automate JML processes with Okta Workflows, implement SSO/MFA/identity governance, integrate apps via SAML/OAuth/OIDC/SCIM, manage hybrid AD/Entra environments, develop PowerShell automation, ensure platform security/resilience, and collaborate with Security, Cloud, and Application teams.
Summary Generated by Built In
The Role:
The Lead Platform Engineer working in the IAM team is responsible for enterprise-wide identity and access management across both Microsoft and Okta platforms. This highly visible role partners closely with teams across the organization, requiring a proactive, innovative mindset and a willingness to think beyond conventional approaches. Operating within an Agile environment, the team moves at pace to adapt to evolving business needs. Our technologists bring a diverse range of expertise and share a commitment to treating technology as a craft, with a strong focus on delivering high-quality, customer-centric outcomes. The team underpins critical business services, enabling key functions across the organization to deliver seamless and exceptional user experiences.
Responsibilities
Requirements
Desirable:
Base Salary Compensation Range
GBP 59.400,00-82.866,66
Bonus Target:
12,5% Annual
We expect the compensation and target bonus for this role to fall within the stated range. The specific compensation offered will depend on the candidate's qualifications, experience, and other job-related factors.
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
001_MstarInc Morningstar Inc. Legal Entity
The Lead Platform Engineer working in the IAM team is responsible for enterprise-wide identity and access management across both Microsoft and Okta platforms. This highly visible role partners closely with teams across the organization, requiring a proactive, innovative mindset and a willingness to think beyond conventional approaches. Operating within an Agile environment, the team moves at pace to adapt to evolving business needs. Our technologists bring a diverse range of expertise and share a commitment to treating technology as a craft, with a strong focus on delivering high-quality, customer-centric outcomes. The team underpins critical business services, enabling key functions across the organization to deliver seamless and exceptional user experiences.
Responsibilities
- Lead, mentor, and develop a team of IAM Engineers, fostering a culture of technical excellence, collaboration, and continuous improvement.
- Define engineering standards, best practices, and technical direction across the IAM platform.
- Provide technical leadership through architecture reviews, design discussions, and coaching.
- Drive project planning, prioritisation, and team capacity planning to ensure successful delivery.
- Contribute to the long-term IAM strategy and technology roadmap.
- Design, build, and evolve enterprise Identity and Access Management solutions using Okta and Microsoft Entra ID.
- Engineer and automate Joiner, Mover, Leaver (JML) lifecycle processes using Okta Workflows.
- Design and implement secure Single Sign-On (SSO), Multi-Factor Authentication (MFA), and identity governance solutions.
- Integrate enterprise applications using SAML, OAuth, OpenID Connect (OIDC), SCIM, and other modern authentication standards.
- Engineer and maintain hybrid identity services across Active Directory and Microsoft Entra ID.
- Develop PowerShell automation to improve provisioning, administration, and operational efficiency.
- Own the health, scalability, resilience, and security of the enterprise identity platform.
- Lead the planning, design, and implementation of IAM projects and platform enhancements.
- Produce and maintain technical documentation, architecture diagrams, runbooks, and engineering standards.
- Provide technical guidance during major incidents and act as the escalation point for complex identity-related issues.
- Collaborate with Security, Infrastructure, Cloud, and Application teams to deliver secure identity solutions.
- Evaluate emerging identity technologies and recommend improvements that enhance security, automation, and user experience.
Requirements
- Bachelor's degree in Computer Science, Information Technology, or a related discipline (or equivalent practical experience).
- Experience leading or mentoring engineering teams in an enterprise technology environment.
- Strong hands-on experience engineering enterprise Identity and Access Management solutions.
- 3+ years' experience with Okta Single Sign-On (SSO) and Lifecycle Management.
- 3+ years' experience with Okta Identity Governance (OIG).
- 3+ years' experience designing and building solutions using Okta Workflows.
- 5+ years' experience working with Active Directory in complex enterprise environments.
- Strong knowledge of Active Directory Group Policy and hybrid identity architectures.
- Experience with Microsoft Entra ID (Azure Active Directory).
- Experience with Azure Application Proxy or similar application proxy technologies.
- Strong PowerShell scripting skills with a focus on automation.
- Experience with Microsoft Certificate Services.
- Excellent troubleshooting, analytical, and problem-solving skills.
- Ability to lead technical initiatives while remaining hands-on with engineering work.
- Excellent communication and stakeholder management skills. Self-motivated with the ability to work autonomously in a fast-moving environment.
Desirable:
- ServiceNow
- Splunk
- Basic knowledge of System for Cross-domain Identity Management
Base Salary Compensation Range
GBP 59.400,00-82.866,66
Bonus Target:
12,5% Annual
We expect the compensation and target bonus for this role to fall within the stated range. The specific compensation offered will depend on the candidate's qualifications, experience, and other job-related factors.
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
001_MstarInc Morningstar Inc. Legal Entity
Skills Required
- Bachelor's degree in Computer Science, Information Technology, or related discipline (or equivalent practical experience)
- Experience leading or mentoring engineering teams in an enterprise technology environment
- Strong hands-on experience engineering enterprise Identity and Access Management solutions
- 3+ years' experience with Okta Single Sign-On (SSO) and Lifecycle Management
- 3+ years' experience with Okta Identity Governance (OIG)
- 3+ years' experience designing and building solutions using Okta Workflows
- 5+ years' experience working with Active Directory in complex enterprise environments
- Strong knowledge of Active Directory Group Policy and hybrid identity architectures
- Experience with Microsoft Entra ID (Azure Active Directory)
- Experience with Azure Application Proxy or similar application proxy technologies
- Strong PowerShell scripting skills with a focus on automation
- Experience with Microsoft Certificate Services
- Excellent troubleshooting, analytical, and problem-solving skills
- Ability to lead technical initiatives while remaining hands-on with engineering work
- Excellent communication and stakeholder management skills; self-motivated and able to work autonomously
- Produce and maintain technical documentation, architecture diagrams, runbooks, and engineering standards
- Integrate enterprise applications using SAML, OAuth, OpenID Connect (OIDC), and SCIM
What the Team is Saying
Anna
Team Lead of Software Engineering
Upasna
Software Engineer, Data Collections - AI R&D
Saurabh
Senior Software Engineer
Wendell
Head of Sales, Institutional Equity Research
Raaghavendar
Associate Software Engineer
Jeff
Head of Technology and Product
Morningstar Compensation & Benefits Highlights
-
Leave & Time Off Breadth — A recurring paid sabbatical combined with flexible time off in North America and regionally set PTO provides substantial time-away flexibility. Paid volunteer days further broaden the time-off offering.
-
Parental & Family Support — A global minimum of paid parental leave for primary and secondary caregivers, along with paid caregiving leave, signals strong family support. Adoption-assistance reimbursement adds another layer of care for growing families.
-
Retirement Support — Retirement programs include employer matching or fixed contributions and free access to Morningstar retirement-planning tools. These elements support long-term savings alongside the broader total-rewards package.
Morningstar Insights
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
At Morningstar, we believe in building great products in-house in a highly collaborative, agile environment where we focus on technical excellence, the user experience, and continuous improvement. Our technologists represent a range of skills and experience levels, but they all view their work as a craft and push technology’s boundaries.
Why Work With Us
Imagining big things is in our blood -- it's transformed us from a company with just a few employees in 1984 to a leading independent investment research company with a worldwide presence today. As of April 2020, we acquired Sustainalytics to drive long-term meaningful outcomes for investors in the ESG space. Join us on this exciting journey!
Gallery
Morningstar Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Typical time on-site:
3 days a week
