Are you excited to build and secure the identity services that power a modern enterprise? Do you enjoy solving complex authentication, access, and identity governance challenges at scale? Join CFA Institute as an IAM Engineer and design, implement, and optimize critical capabilities including SSO, MFA, identity governance, and access lifecycle management across a global technology ecosystem.
The Identity and Access Management (IAM) Engineer is responsible for designing, implementing, and continuously improving IAM systems, services, and controls. This role emphasizes deep technical contribution, solution engineering, and optimization of IAM platforms. The IAM Engineer translates IAM strategy into engineered solutions, develops and enhances identity services (SSO, MFA, identity governance, and access lifecycle), and ensures secure, scalable, and well-integrated IAM capabilities. The IAM Engineer works independently to solve complex technical problems, contributes to architecture and design decisions, and provides technical guidance across IAM initiatives.
The position may be based in approved jurisdictions in the Unites States and reports to the Director Identity and Access Management. It is eligible for flexible work arrangements.
What You'll DoIAM Engineering & Solution Development- Design, build, configure, and enhance IAM solutions, including SSO, MFA, conditional access, identity lifecycle management, and access governance for both workforce and customer IAM.
- Contribute to engineering design, prototyping, and feasibility testing of IAM solutions, ensuring scalability, reliability, and security.
- Develop and maintain integrations between IAM platforms and enterprise applications, infrastructure, and cloud services.
- Implement authentication protocols and access control mechanisms (e.g., SAML, OAuth, OIDC).
Programming, Troubleshooting & Technical Delivery- Diagnose and resolve complex IAM system issues, leading root-cause analysis and implementing sustainable fixes.
- Participate in and lead technical troubleshooting efforts across identity systems and integrations.
- Develop scripts, automation, and tooling to improve provisioning, monitoring, and access governance processes.
- Support testing, validation, and deployment of IAM solutions, ensuring alignment with technical requirements.
Data, Process & Architecture Analysis- Analyze current-state IAM processes (joiner/mover/leaver, access reviews) and define optimized future-state workflows.
- Collect and analyze IAM operational data to identify trends, inefficiencies, and improvement opportunities.
- Contribute to IAM data architecture, including identity data models, role design, and entitlement structures.
Security & Risk Management Execution- Implement and monitor IAM security controls, identifying vulnerabilities and recommending remediation actions.
- Support cybersecurity risk management activities within IAM domains, ensuring alignment with enterprise standards.
- Contribute to audit readiness through evidence collection, control validation, and documentation.
Continuous Improvement & Innovation- Identify and recommend technical enhancements to improve IAM platform performance, usability, and security posture.
- Evaluate emerging IAM technologies and contribute to innovation initiatives and roadmap inputs.
- Optimize workflows through automation, standardization, and engineering best practices.
What We're Looking For- Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
- 5-8 years of experience in IAM, cybersecurity, or related engineering roles.
- Demonstrated hands-on experience implementing IAM technologies (SSO, MFA, identity governance, access lifecycle).
- Strong proficiency in Microsoft Entra ID and Azure B2C and identity lifecycle management.
- Experience with authentication protocols (SAML, OAuth, OIDC) and directory services.
- Working knowledge of scripting/programming (e.g., PowerShell, Python) for automation and application support.
- Experience with system integration, API-based connectivity, and cloud identity architectures.
- Understanding of IAM data structures, role modeling, and access control frameworks.
- Ability to manage complexity by analyzing multi-system IAM environments and resolving issues.
- Optimizes work processes through automation, metrics, and continuous improvement.
- Ensures accountability for technical deliverables and system performance.
- Demonstrates strong technical problem-solving and analytical thinking.
We are not able to provide sponsorship at this time. No agencies, please.
At CFA Institute, we are committed to transparency and equity in our hiring process. In compliance with wage transparency laws in many of the jurisdictions in which we recruit, we provide the following information regarding compensation for this position: Expected salary range: $80,400 - $115,000 per year. All salary ranges are subject to adjustment based on experience, education, and other factors relevant to the position including location. Additional benefits include eligibility for an annual incentive bonus, a
12% employer contribution to a 401(k)or pension plan, and a comprehensive medical benefits package.#LI-TB1
Our application is not compatible with Internet Explorer (IE). We recommend using Chrome. 
