Scope of PositionScope of Job:
TheIdentity andAccessManagement (IAM)Engineer servesas the strategic anchor, technical implementer, and cultural champion for Identity and Access Management withintheCybersecurity team. As the cornerstone ofthemodern security program,this roleensuresthat the right individuals have the right access to the right resources at the right timesand for the right reasons.
Thisroleisintegral to the day-to-day management of theIAM infrastructure and identity lifecycle from onboarding to offboarding.The IAM Engineerdefinesthe identity strategy, hands-on architect,implements enterprise-grade toolsets, and buildsthe seamless operational processesrequiredto support them.
In addition todeep technical deployment,this roleactsas the organizationschiefIAMrepresentative-collaborating with cross-functional teams, educating the business on why identity security matters, and breaking down complex security protocols into friction-free user experiences.By bridging the gap between engineering excellence and strategic vision, you will directly mitigate security risks, enable business productivity, support regulatory compliance, and fortify our overall security posture against unauthorized access and data breaches.
Work Mode: Hybrid - San Diego, CA or Remote (U.S. only)
Responsibilities
- IAM Platform Administration & Engineering
- Core Administration: Administersand configures core IAM platforms and technologies, such as (e.g., Clear Skye, Veza, Entra ID Governance, Okta, Ping Identity), or similar enterprise-grade solutions.
- Standard Integration: Engineersand supportsintegrationbetween the IAM platform and target applications using standard protocols like SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM.
- Custom Integration: Developscustom connectors and workflows to integrate non-standard, legacy, or homegrown applications into the centralized IAM framework.
- Directory Services: Managesand securesthe organization's directory services, including Active Directory and LDAP, ensuring data integrity, synchronization, andreplicationhealth.
- Automation: Developsandmaintainsautomation scripts (using PowerShell, Python, etc.) to streamline repetitive IAM tasks, such as user provisioning, report generation, and system health checks.
- Strategy, Architecture & Roadmap
- Strategic Roadmap:Looksahead, andcontributesto the development and refinement of the organization's broader cybersecurity strategy and technology roadmap, specifically within the identity domain.
- Architecture & Deployment: Architects,designs,deploys, andmaintainsthe enterprise-wide Identity and Access Management (IAM) infrastructure, including core platforms for Identity Governance (IGA), Access Management (AM), and Privileged Access Management (PAM).
- Future-Proofing: Evaluatesemerging IAM technologies, trends, and security threats, providing recommendations for strategic improvements and enhancements to the identity program.
- Business Collaboration, Training & Evangelism
- Stakeholder Collaboration: Collaboratesclosely with application owners, infrastructure teams, HR, and business stakeholders to gather access requirements and ensure IAM services meet business needs.
- SME & Training: Providessubject matter expertise and training to IT support teams, application developers, and end-users on IAM policies, tools, and best practices.
- Authentication Security: Spearheadsthe designsand integration of Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions to provide a seamless and secure authentication experience across a diverse portfolio of cloud (SaaS) andon-premiseapplications.
- Operations, Support & Incident Management
- Proactive Monitoring: Proactivelymonitorsthe health, performance, and security of IAM systems,identifiespotential issues, analyzeslogs, and respondsto system-generated alerts.
- Incident Response: Partnerswithstakeholdersto investigateand respond to identity-related security incidents, such as compromised accounts or anomalous access patterns.
- Technical Escalation: Actsas the primary technical point of contact for troubleshooting and resolving complex authentication, authorization, and access-related incidents and service requests from end-users and application teams.
- Technical Documentation: Developsandmaintainscomprehensive technical documentation, including architectural diagrams, configuration guides, operational runbooks, and disaster recovery plans for all IAM systems.
- Identity Governance, Compliance & Audit
- Vitalcyclicaltasks that take upvery littleday-to-day effort to support(e.g., quarterly access reviews or annual audits).
- Lifecycle Management: Managesthe complete identity lifecycle for all users (employees, contractors, vendors, partners), encompassing automated onboarding, access provisioning, attribute changes, andtimelyde-provisioning processes.
- Least Privilege Models: Develops, implements, and enforcesgranular access control policies and Role-Based Access Control (RBAC) models to uphold the principle of least privilege throughout the organization's digital ecosystem.
- Privileged Access: Designsandmanagesrobust Privileged Access Management (PAM) solutions to secure, monitor, and control access to critical infrastructure and sensitive accounts.
- Access Governance: Leadsand executesperiodic access certification campaigns, requiring business owners to review andvalidateuser access rights tomaintaincompliance and reduce access creep.
- Audits& Compliance:Participatesactively in internal and external audit activities by providing evidence, explaining controls, and remediation orfindings related to identity and access management.
- Other duties as assigned
Supervision of Others:
N/A
Working Conditions:
95% of time is spent in the officeenvironmentutilizingcomputers (frequent use of various Microsoft software/programs), phones, and general office equipment.5% of time is spent outside of the office visitingvendorsand/or internal customer sites in addition to attending various conferences and meetings.
Fiscal Responsibilities:
N/A
Qualifications
Education/Experience:
- Bachelors degreerequired,equivalentyears ofexperiencein this specific field may be substituted for a degree.
- Minimum of6 years of experience in IT/Cybersecurity, with at least4-yearsheavily focusedon IAM administration, directory services, and federation protocols (SAML, OIDC, OAuth).
- Certifications such as CISSP, CompTIA Security+, and/or vendor-specific credentials (e.g., Okta Certified Professional, Microsoft Certified: Identity and Access Administrator Associate)preferred.
- Demonstrated experience writing technical documentation, standard operating procedures (SOPs), and runbooks for identity management.
- Hands-on experience managing enterprise directory services, particularly Microsoft Active Directory (AD) and LDAP.
- Experience in integrating IAM solutions with a wide range of applications, including SaaS (e.g., Salesforce, Workday, Office 365) and on-premises systems.
Skills/Knowledge/Abilities:
- Deep expertise in at least one leading IAM platform (e.g., Clear Skye, Veza, Entra ID Governance, Okta, Ping Identity)
- Strongproficiencyin modern authentication and authorization protocols, including SAML, OAuth 2.0, OIDC, and SCIM.
- Ability tomanageenterprise directory services, particularly Microsoft Active Directory (AD) and LDAP.
- Solid scripting and automation skills using languages like PowerShell, Python, or Shell scripting to manage infrastructure and processes.
- In-depth understanding of core IAM concepts such as Identity Lifecycle Management, Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Federation.
- Practical knowledge of Privileged Access Management (PAM) and Identity Governance and Administration (IGA) principles and solutions.
- Ability tointegrateIAM solutions with a wide range of applications, including SaaS (e.g., Salesforce, Workday, Office 365) and on-premisessystems.
- Familiarity with cloud infrastructure identity models, particularly AWS IAM, Azure IAM, and Google Cloud IAM.
- Understanding ofnetworking concepts (TCP/IP, DNS, firewalls, load balancers) as they relate to IAM system connectivity and security.
- Knowledge of security frameworks and compliance regulations such as NIST, ISO 27001, SOX, GDPR, and HIPAA.
- Exceptional analytical and problem-solving abilities, with a knack for deconstructing complex technical issues and developing effective solutions.
- Strong interpersonal and communication skills, capable of explaining complex technical concepts to both technical and non-technical audiences.
- A collaborative mindset with a proven ability to work effectively in cross-functional teams with developers, system administrators, and business stakeholders.
- Meticulous attention to detail, especially when dealing with security configurations, access rights, and policy enforcement.
- A strong senseof ownership and accountability, with the drive to see projects through from conception to completion.
- Ability to manage multiple priorities in a fast-paced environment whilemaintaininga high standard of quality.
- A proactive and continuous learner, dedicated to staying current with the rapidly evolving landscape of identity security.
Physical Requirements:
Ability to lift 50lbstoinstall and manage hardwarecomponents.