Sr. Identity and Access Management Engineer

Information Security Responsibilities

• Promote and enforce awareness of key information security practices, including acceptable use of information assets, malware protection, and password security protocols
• Identify, assess, and report security risks, focusing on how these risks impact the confidentiality, integrity, and availability of information assets
• Understand and evaluate how data is stored, processed, or transmitted, ensuring compliance with data privacy and protection standards (GDPR, CCPA, etc.)
• Ensure data protection measures are integrated throughout the information lifecycle to safeguard sensitive information

Specific responsibilities:

• Design and architect IAM frameworks to support secure access across hybrid environments.
• Automate IAM processes to improve operational efficiency and reduce manual intervention.
• Lead the integration of IAM solutions with existing systems, ensuring compatibility and compliance with security standards.
• Implement role-based access control (RBAC), Least-Privilege, and Zero-Trust principles.
• Contribute to the development and maintenance of IAM solutions – PingOne SSO, Saviynt Enterprise Identity Cloud, Entra ID
• Monitor and enhance IAM security posture through continuous improvement and threat mitigation.
• Implement and support Identity Threat Detection and Response solutions and practices.
• Evaluate vendor IAM solutions and document their applicability and value.
• Create and maintain comprehensive documentation for IAM processes and ensure compliance with regulatory requirements.
• Research, design, and advocate for relevant IAM architectures and solutions supporting security requirements of the enterprise, its customers, business partners and vendors.
• Maintain familiarity with IT security vulnerabilities, threats, exploits and mitigations.

Preferred Qualifications:

• Hands-on experience delivering enterprise-level IAM solutions and controls.
• Strong conceptual thinking and communication skills - the ability to translate complex business and technical requirements into effective and comprehensible solutions.
• Expertise in authentication and authorization standards, including FIDO2, SAML, OAuth, and LDAP.
• Extensive hands-on experience implementing and supporting one or more Single Sign On solutions (e.g., PingOne, Entra ID)
• Extensive hands-on experience implementing and supporting one or more Identity Governance and Administration solutions (e.g., Saviynt, SailPoint).
• Experience implementing and managing Privileged Access Management (PAM)
• Experience in migrating legacy authentication standards to modern ones
• Experience with Active Directory, scripting / programming languages (e.g., Python, Ruby, PowerShell)
• Familiarity with SAP IAM, certificate management and PKI services
• Strong problem-solving skills and the ability to communicate effectively with technical and non-technical stakeholders.
• Extensive familiarity with NIST and ISO security practice frameworks, data privacy regulations
• The following are not essential, but are highly valued:
• Familiarity with architecture methodologies (e.g., SABSA, TOGAF, Zachman Framework)
• Demonstrable experience creating, securing, and managing Cloud infrastructures (e.g., AWS, Azure, Open stack)
• Professional experience in application or infrastructure penetration testing.
• Bachelor’s or master’s degree in computer science, information systems or other related field, or equivalent work experience.
• Professional security certifications, such as a ISC(2) Certified Information Systems Security Professional (CISSP), IMI Certified Identity Management Professional (CIMP), Certified Identity and Access Manager (CIAM) or similar.