Security Engineer, IAM

Responsibilities

• Implement authentication and authorization controls across SaaS platforms, cloud infrastructure, and internal applications
• Configure and maintain SSO, MFA, conditional access policies, and federation integrations
• Assist with the evolution of single sign-on (SSO), multi-factor authentication (MFA), conditional access, and zero trust access models
• Assist in design and enforce role-based and attribute-based access control models (RBAC/ABAC) across cloud and SaaS systems
• Validate identity provider integrations, including application onboarding and SCIM provisioning
• Partner with Engineering to secure application authentication flows, API access, service-to-service authentication, and token management
• Harden and optimize identity provider configurations, including lifecycle management, federation, and SCIM provisioning
• Support AWS IAM security, including policy implementation, role configuration, cross-account access management, and identity federation
• Implement privileged access and identity lifecycle controls, including provisioning, deprovisioning, access reviews, entitlement governance, least privilege enforcement, and just-in-time access mechanisms
• Secure APIs, service accounts, and non-human identities used in automation and CI/CD workflows
• Implement and improve identity monitoring and detection capabilities, including anomaly detection, session risk analysis, and identity threat response
• Partner with GRC to support identity-related audits, evidence collection, and control validation across frameworks such as ISO 27001, SOC 2, PCI DSS, and GDPR
• Contribute to incident response efforts involving identity compromise, credential abuse, or unauthorized access events

Qualifications

• 3+ years of experience in IAM engineering or identity architecture
• Hands-on experience with enterprise identity providers such as Okta, Azure AD, or similar enterprise IAM platforms
• Strong understanding of modern authentication and authorization protocols, including SAML, OAuth 2.0, OIDC, SCIM, and JWT
• Experience designing and implementing RBAC and/or ABAC models in cloud-native environments
• Strong knowledge of AWS IAM, cross-account access models, and cloud identity federation
• Experience securing APIs, service accounts, machine identities, and CI/CD authentication workflows
• Experience with privileged access management concepts and least privilege enforcement
• Experience automating IAM tasks using scripting or infrastructure-as-code tools (i.e., Python, Terraform, or similar infrastructure-as-code tooling)
• Familiarity with identity threat detection and response methodologies
• Bachelor’s degree in Computer Science, Cybersecurity, or related field; relevant certifications (i.e., CISSP, CISM, GIAC, AWS Security Specialty, Okta Certified Professional) or equivalent practical experience will also be considered