Basic information

Job Name:

Engineer, IAM & Endpoint Platforms

Location:

Washington, DC

Line of Business:

Global Technology & Solutions

Job Function:

Investor Services

Date:

Wednesday, June 3, 2026

Position Summary

The Carlyle Group is seeking an Experienced Engineer focused on Identity & Access Management (IAM) & Endpoint Platforms to join our Enterprise Productivity Solutions (EPS) team within Global Technology & Solutions (GTS). EPS is responsible for the platforms Carlyle's workforce relies on every day which includes Identity & Access Management, endpoint management (physical and virtual), Windows and macOS, Microsoft 365 and Purview, enterprise AI solutions, and other end-user technology services. This role's primary focus is IAM and endpoint management, with the expectation that the engineer also contributes across other EPS workstreams as priorities evolve as we value versatile engineers who stay engaged across the full end-user platform portfolio.

The Engineer will own the implementation, maintenance, and continuous improvement of IAM platforms (SailPoint, Okta, CyberArk, Entra ID) and endpoint management systems (Intune, Jamf) across Windows, macOS, and iOS, and contribute over time to broader EPS initiatives. You will lead several digital workplace transformation initiatives, drive process and automation improvements, resolve complex technical issues, and collaborate across tech and business teams to shape strategy and solution direction in a global, fast-paced environment.

Carlyle is an AI-forward firm. We equip our employees with leading AI solutions and expect our engineers to apply them every day to work smarter, automate the routine, and focus their time on higher-value problems. In this role, you will be encouraged to experiment with AI to streamline IAM and endpoint operations, accelerate automation, and help shape how the EPS team integrates AI into the end-user technology experience.

Responsibilities

IAM & Endpoint Management

• Serve as a subject matter expert across IGA, PAM, SSO, MFA, and endpoint security; design, automate, and maintain IAM solutions across SailPoint IdentityNow, Okta, Active Directory, Entra ID, and Workday that govern access for internal and external users
• Administer Okta (SSO, MFA, adaptive authentication, Lifecycle Management, Workflows) and enforce Zero Trust controls across IAM and endpoints, including device-compliance-based Conditional Access in Entra ID
• Design and maintain Joiner-Mover-Leaver (JML) workflows and Role-Based Access Control (RBAC) frameworks in SailPoint IdentityNow, including role mining, entitlement mapping, provisioning, access certifications, and automated deprovisioning, to enforce least-privilege access and meet regulatory requirements
• Run day-to-day IAM operations: SSO onboarding, MFA administration, access reviews, entitlement cleanup, HR-driven lifecycle events, and platform upgrades
• Contribute to modernization of identity, endpoint, and access management platforms, driving initiatives that deliver measurable security, efficiency, and compliance value
• Support identity and access workstreams related to mergers, acquisitions, and divestitures

AI & Automation

• Apply AI to streamline IAM and endpoint operations within financial-services compliance guardrails, and govern identities for agentic AI and non-human identities (NHIs), including OAuth grant reviews, least-privilege scoping, and extending JML to machine identities
• Operations & Support
• Serve as an escalation point for executive-level technical issues; interface effectively with senior stakeholders and their administrative teams to diagnose and resolve complex problems
• Own technical solutions end-to-end, from design and implementation through steady-state operations, and build automation (PowerShell, Python) to streamline configuration management and reduce manual effort
• Resolve complex technical incidents, perform root-cause analysis on high-impact disruptions, meet SLOs, and serve as escalation point for the Service Desk on IAM and endpoint issues; maintain runbooks and technical documentation to support operational continuity

Compliance & Governance

• Support IAM and endpoint compliance programs (access recertifications, privileged-account audits, endpoint posture assessments) and partner with Information Security, Legal, and Compliance on SOX, NIST, and ISO 27001 obligations
• Cross-EPS Contribution
• Contribute to other Enterprise Productivity Solutions workstreams as needed, including Microsoft 365 administration, broader Microsoft platform initiatives, virtual desktop solutions, and other end-user technology platforms, staying versatile across the EPS portfolio while keeping IAM and endpoints as primary focus
• Cross-EPS Contribution
• Contribute to other Enterprise Productivity Solutions workstreams as needed, including Microsoft 365 administration, broader Microsoft platform initiatives, virtual desktop solutions, and other end-user technology platforms, staying versatile across the EPS portfolio while keeping IAM and endpoints as primary focus

Qualifications

Education & Certificates

• Bachelor's Degree, or equivalent years of relevant experience, required
• Degree in Information Technology, or similar engineering discipline, strongly preferred
• IAM-focused certifications preferred (e.g., SailPoint IdentityNow Engineer, Okta Certified Professional/Administrator, SC-300: Microsoft Identity and Access Administrator)
• Microsoft endpoint certifications preferred (e.g., MD-102: Microsoft 365 Endpoint Administrator, MS-102: Microsoft 365 Administrator Expert)
• Jamf certifications preferred (e.g., Jamf Certified Associate, Jamf Certified Tech, Jamf Certified Admin)

Professional Experience

• 6+ years of overall relevant technical experience, required
• Experience in IT systems engineering with a focus on IAM, endpoint management, or related disciplines, preferred
• Expert-level IAM skills spanning IGA, PAM, SSO, MFA, and RBAC, including role lifecycle, entitlement reviews, segregation of duties (SoD), and access certifications in SailPoint IdentityNow
• Experience supporting access governance audits and regulatory reviews; able to produce audit-ready evidence for internal and external reviewers
• Experience developing automation scripts for IAM provisioning, endpoint configuration, and operational tasks
• Strong analytical and troubleshooting skills across complex, cross-platform issues, including network connectivity fundamentals
• Clear communicator with technical and executive audiences; committed to white-glove support for executive end users
• Proficient with project and service management tools (Jira, Confluence); able to manage and prioritize multiple concurrent initiatives
• Availability for on-call rotation and willingness to support planned and unplanned maintenance during evenings and weekends as needed

Competencies & Attributes

• Microsoft Platform Stack (Active Directory, GPO, DNS, DHCP, Azure, Microsoft 365 (Exchange, SharePoint, Teams, OneDrive, Power Automate); PowerShell modules including AAD, Exchange, MSOL)
• AI Coding & Automation (e.g., Cursor, Claude Code, Codex)
• Microsoft Intune & Endpoint Management (Windows/iOS enrollment, Autopilot, Co-management, Device Compliance Policies, Configuration Profiles, App Deployment, Conditional Access, Device Health Attestation, LAPS, Endpoint Security policies, Defender for Endpoint integration)
• Identity & Privileged Access Management (Okta, SailPoint IdentityNow, CyberArk Vault/CPM/PSM, SAML, OIDC, RBAC, JIT access)
• Zero Trust Architecture (Conditional Access, device compliance enforcement, Zscaler, identity-driven network segmentation, continuous verification)
• Compliance & Governance (SOX ITGCs, NIST 800-53, ISO 27001, CIS Benchmarks, access recertification, audit evidence collection, endpoint posture assessment)
• Jamf (macOS/iPadOS Management, App Packaging/Deployments)
• Virtual Desktop Platforms (Azure Virtual Desktop, Windows 365)
• Scripting (PowerShell, Python, Bash, Visual Basic, Batch)
• AI & Agentic Security (Microsoft Copilot, AI-assisted identity governance, agentic AI identity lifecycle management, machine identity governance, OAuth grant discovery, non-human identity (NHI) controls, prompt engineering for IT operations, etc.)

Benefits/Compensation

The compensation range for this role is specific to Washington, DC and takes into account a wide range of factors including but not limited to the skill sets required/preferred; prior experience and training; licenses and/or certifications.

The anticipated base salary range for this role is $160,000 to $180,000.

In addition to the base salary, the hired professional will enjoy a comprehensive benefits package spanning retirement benefits, health insurance, life insurance and disability, paid time off, paid holidays, family planning benefits and various wellness programs. Additionally, the hired professional may also be eligible to participate in an annual discretionary incentive program, the award of which will be dependent on various factors, including, without limitation, individual and organizational performance.

Due to the high volume of candidates, please be advised that only candidates selected to interview will be contacted by Carlyle.