Salary Range:

This pay range represents the minimum and maximum compensation that the position offers, and final compensation can vary within the range depending on work location, job experience, skills, and relevant educational attainment and/or training.

Job Title: IDAM Engineer

Location: Philadelphia, PA/ Lake Forest, CA

Employment Type :Full time

The job

AVEVA is looking for an Identity & Access Management (IAM) Engineer with a strong automation mindset to join our global IT team. This role focuses on engineering scalable, automated IAM services for workforce identities, using SailPoint as the enterprise Identity Governance (IGA) platform.

The successful candidate will be expected to reduce manual IAM operations, automate identity lifecycle processes, and build repeatable, codedriven solutions for access management in a complex hybrid environment.

You will work closely with Security, Infrastructure, HR, and Service Management teams to deliver reliable, efficient, and secure identity services.

Key Responsibilities

• Engineer and operate automated IAM solutionsfor workforce identities

• Support and enhance SailPointwith a focus on automation, scalability, and governance

• Design, implement, and optimise automated JoinerMoverLeaver (JML)processes

• Automate IAM access request fulfilment via ServiceNow.

• Develop codedriven workflows and integrationsto eliminate manual IAM tasks

• Support and maintain Active Directory and Entra ID (Azure AD)environments

• Manage authentication, authorisation, roles, and entitlements

• Automate access certifications, reviews, and compliance reporting

• Respond to IAMrelated incidents with a focus on root cause fixes through automation

• Produce and maintain documentation, diagrams, and operational runbooks

• Collaborate with Security teams to strengthen identity controls

• Leverage scripting and AIassisted toolsto improve efficiency and reporting

Essential Skills and Experience

• Handson experience in Identity & Access Management engineering

• Handson SailPoint experience is required(IdentityIQ, IdentityNow, or similar)

• Strong experience engineering automated identity lifecycle processes

• Experience automating IAM workflows using PowerShell, APIs, or orchestration tools

• Solid understanding of SSO and authentication protocols (SAML, OAuth2, OpenID Connect, Kerberos, LDAP)

• Experience supporting Active Directory and Entra IDin hybrid environments

• Experience producing automated reports for audit and compliance

• Strong analytical, problemsolving, and communication skills

Desirable Skills and Experience

• Experience working with ServiceNow and/or Jirafor workflow automation or integrations

• Exposure to broader information security or identity security domains

• Familiarity with DevOps or CI/CD environments, including identity controls

• Bachelors degree in Computer Science,Engineering, Mathematics, or related field, or equivalent experience

• Relevant IAM orsecurity certifications (e.g. SailPoint, Microsoft Identity)

• Strong written and verbalcommunication skills

• Customerfocused mindset, delivering secure and userfriendly IAM services

• Growth mindset, passionate aboutlearning new tools and technologies

• Ability to work independently while contributing to a global team

Digital Security at AVEVA

Our Digital Security team is responsible for protecting AVEVAs digital assets and keeping the companys data and IP secure. Were also playing a critical role in AVEVAs move to the cloud.

As cyber threats grow and more and more data moves into the cloud, the importance of our role is only going to grow. If youre a collaborative problem solver thats passionate about cybersecurity, youll find fulfilment and opportunity in our team.

Find out more:

USA Benefits include:

Flex work hours, 20 days PTO rising to 25 with service, three paid volunteering days, primary and secondary parental leave, well-being support, medical, dental, vision, and 401K.

Its possible were hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.

Find out more: aveva.com/en/about/careers/benefits/

Hybrid working

By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.

Hiring process

Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.

Find out more: aveva.com/en/about/careers/hiring-process