EDF Renewable Energy

Identity and Access Management Engineer [Hybrid or Remote]

EDF Renewable Energy$107K — $178K *
US-Anywhere
+ 2 other locationsRemote
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor’s degree or equivalent experience in IT/Cybersecurity.
  • 6+ years in IT/Cybersecurity with 4+ years focused on IAM administration.
  • Certifications like CISSP or vendor-specific (e.g., Okta, Microsoft).
  • Experience in writing technical documentation for identity management.
  • Hands-on experience with enterprise directory services like Active Directory and LDAP.

Responsibilities

  • Administer and configure IAM platforms such as Okta and Active Directory.
  • Engineer integrations between IAM and applications using SAML, OAuth, and OpenID Connect.
  • Develop custom connectors for legacy or homegrown applications within IAM.
  • Manage and secure directory services for data integrity and health.
  • Develop automation scripts to streamline IAM tasks and reporting.

Benefits

  • Hybrid work mode - San Diego, CA or Remote (U.S. only).
  • Collaborative environment within a cross-functional team.
  • Access to professional development and training opportunities.
Full Job Description
Scope of Position

Scope of Job

TheIdentity andAccessManagement (IAM)Engineer servesas the strategic anchor, technical implementer, and cultural champion for Identity and Access Management withintheCybersecurity team. As the cornerstone ofthemodern security program,this roleensuresthat the right individuals have the right access to the right resources at the right timesand for the right reasons.

Thisroleisintegral to the day-to-day management of theIAM infrastructure and identity lifecycle from onboarding to offboarding.The IAM Engineerdefinesthe identity strategy, hands-on architect,implements enterprise-grade toolsets, and buildsthe seamless operational processesrequiredto support them.

In addition todeep technical deployment,this roleactsas the organizationschiefIAMrepresentative-collaborating with cross-functional teams, educating the business on why identity security matters, and breaking down complex security protocols into friction-free user experiences.By bridging the gap between engineering excellence and strategic vision, you will directly mitigate security risks, enable business productivity, support regulatory compliance, and fortify our overall security posture against unauthorized access and data breaches.

Work Mode:   Hybrid - San Diego, CA or Remote (U.S. only)

Responsibilities
  • IAM Platform Administration & Engineering
    • Core Administration: Administersand configures core IAM platforms and technologies, such as (e.g., Clear Skye, Veza, Entra ID Governance, Okta, Ping Identity), or similar enterprise-grade solutions.
    • Standard Integration: Engineersand supportsintegrationbetween the IAM platform and target applications using standard protocols like SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM.
    • Custom Integration: Developscustom connectors and workflows to integrate non-standard, legacy, or homegrown applications into the centralized IAM framework.
    • Directory Services: Managesand securesthe organization's directory services, including Active Directory and LDAP, ensuring data integrity, synchronization, andreplicationhealth.
    • Automation: Developsandmaintainsautomation scripts (using PowerShell, Python, etc.) to streamline repetitive IAM tasks, such as user provisioning, report generation, and system health checks.
  • Strategy, Architecture & Roadmap
    • Strategic Roadmap:Looksahead, andcontributesto the development and refinement of the organization's broader cybersecurity strategy and technology roadmap, specifically within the identity domain.
    • Architecture & Deployment: Architects,designs,deploys, andmaintainsthe enterprise-wide Identity and Access Management (IAM) infrastructure, including core platforms for Identity Governance (IGA), Access Management (AM), and Privileged Access Management (PAM).
    • Future-Proofing: Evaluatesemerging IAM technologies, trends, and security threats, providing recommendations for strategic improvements and enhancements to the identity program.
  • Business Collaboration, Training & Evangelism
    • Stakeholder Collaboration: Collaboratesclosely with application owners, infrastructure teams, HR, and business stakeholders to gather access requirements and ensure IAM services meet business needs.
    • SME & Training: Providessubject matter expertise and training to IT support teams, application developers, and end-users on IAM policies, tools, and best practices.
    • Authentication Security: Spearheadsthe designsand integration of Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions to provide a seamless and secure authentication experience across a diverse portfolio of cloud (SaaS) andon-premiseapplications.
  • Operations, Support & Incident Management
    • Proactive Monitoring: Proactivelymonitorsthe health, performance, and security of IAM systems,identifiespotential issues, analyzeslogs, and respondsto system-generated alerts.
    • Incident Response: Partnerswithstakeholdersto investigateand respond to identity-related security incidents, such as compromised accounts or anomalous access patterns.
    • Technical Escalation: Actsas the primary technical point of contact for troubleshooting and resolving complex authentication, authorization, and access-related incidents and service requests from end-users and application teams.
    • Technical Documentation: Developsandmaintainscomprehensive technical documentation, including architectural diagrams, configuration guides, operational runbooks, and disaster recovery plans for all IAM systems.
  • Identity Governance, Compliance & Audit
    • Vitalcyclicaltasks that take upvery littleday-to-day effort to support(e.g., quarterly access reviews or annual audits).
    • Lifecycle Management: Managesthe complete identity lifecycle for all users (employees, contractors, vendors, partners), encompassing automated onboarding, access provisioning, attribute changes, andtimelyde-provisioning processes.
    • Least Privilege Models: Develops, implements, and enforcesgranular access control policies and Role-Based Access Control (RBAC) models to uphold the principle of least privilege throughout the organization's digital ecosystem.
    • Privileged Access: Designsandmanagesrobust Privileged Access Management (PAM) solutions to secure, monitor, and control access to critical infrastructure and sensitive accounts.
    • Access Governance: Leadsand executesperiodic access certification campaigns, requiring business owners to review andvalidateuser access rights tomaintaincompliance and reduce access creep.
    • Audits& Compliance:Participatesactively in internal and external audit activities by providing evidence, explaining controls, and remediation orfindings related to identity and access management.
  • Other duties as assigned

Supervision of Others:

N/A

Working Conditions: 

95% of time is spent in the officeenvironmentutilizingcomputers (frequent use of various Microsoft software/programs), phones, and general office equipment.5% of time is spent outside of the office visitingvendorsand/or internal customer sites in addition to attending various conferences and meetings. 

Fiscal Responsibilities:

N/A

Qualifications

Education/Experience:

  • Bachelors degreerequired,equivalentyears ofexperiencein this specific field may be substituted for a degree. 
  • Minimum of6 years of experience in IT/Cybersecurity, with at least4-yearsheavily focusedon IAM administration, directory services, and federation protocols (SAML, OIDC, OAuth).
  • Certifications such as CISSP, CompTIA Security+, and/or vendor-specific credentials (e.g., Okta Certified Professional, Microsoft Certified: Identity and Access Administrator Associate)preferred. 
  • Demonstrated experience writing technical documentation, standard operating procedures (SOPs), and runbooks for identity management.
  • Hands-on experience managing enterprise directory services, particularly Microsoft Active Directory (AD) and LDAP.
  • Experience in integrating IAM solutions with a wide range of applications, including SaaS (e.g., Salesforce, Workday, Office 365) and on-premises systems.

Skills/Knowledge/Abilities:

  • Deep expertise in at least one leading IAM platform (e.g., Clear Skye, Veza, Entra ID Governance, Okta, Ping Identity)
  • Strongproficiencyin modern authentication and authorization protocols, including SAML, OAuth 2.0, OIDC, and SCIM.
  • Ability tomanageenterprise directory services, particularly Microsoft Active Directory (AD) and LDAP.
  • Solid scripting and automation skills using languages like PowerShell, Python, or Shell scripting to manage infrastructure and processes.
  • In-depth understanding of core IAM concepts such as Identity Lifecycle Management, Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Federation.
  • Practical knowledge of Privileged Access Management (PAM) and Identity Governance and Administration (IGA) principles and solutions.
  • Ability tointegrateIAM solutions with a wide range of applications, including SaaS (e.g., Salesforce, Workday, Office 365) and on-premisessystems.
  • Familiarity with cloud infrastructure identity models, particularly AWS IAM, Azure IAM, and Google Cloud IAM.
  • Understanding ofnetworking concepts (TCP/IP, DNS, firewalls, load balancers) as they relate to IAM system connectivity and security.
  • Knowledge of security frameworks and compliance regulations such as NIST, ISO 27001, SOX, GDPR, and HIPAA.
  • Exceptional analytical and problem-solving abilities, with a knack for deconstructing complex technical issues and developing effective solutions.
  • Strong interpersonal and communication skills, capable of explaining complex technical concepts to both technical and non-technical audiences.
  • A collaborative mindset with a proven ability to work effectively in cross-functional teams with developers, system administrators, and business stakeholders.
  • Meticulous attention to detail, especially when dealing with security configurations, access rights, and policy enforcement.
  • A strong senseof ownership and accountability, with the drive to see projects through from conception to completion.
  • Ability to manage multiple priorities in a fast-paced environment whilemaintaininga high standard of quality.
  • A proactive and continuous learner, dedicated to staying current with the rapidly evolving landscape of identity security.

Physical Requirements: 

Ability to lift 50lbstoinstall and manage hardwarecomponents.

About EDF Renewable Energy

EDF Renewable Energy is a leading North American independent power producer specializing in renewable energy. The company develops, constructs, owns, and operates renewable energy projects throughout the United States, Canada, and Mexico. EDF Renewable Energy has a portfolio of more than 9 GW of developed projects and more than 4.5 GW under service contracts. The company is a subsidiary of EDF Energies Nouvelles, a global renewable energy company headquartered in France.
Learn more about EDF Renewable Energy
Size
1,196 employees
Market Cap
$3.1 billion
Industry
Net Income
$122.8 million
Founded
1987
5 Year Trend
+9.7%
Revenue
$2.1 billion
NASDAQ

Similar Jobs

More Jobs at EDF Renewable Energy

More Information Technology Jobs

Find similar Identity and Access Management Engineer [Hybrid or Remote] jobs: