This position is a mid-level engineering role focused on identity and access management (IAM). It owns the organization's identity platform and provisioning pipeline end to end, and partners closely with the Lead Information Security Engineer on broader security engineering initiatives.
Essential Job Functions:- Administer and architect the organization's Okta identity platform, including SSO, MFA, adaptive authentication policies, and lifecycle management.
- Design, build, and troubleshoot SAML and OIDC integrations for enterprise applications.
- Engineer, monitor, and continuously improve the automated identity provisioning and deprovisioning pipeline, including alerting and error handling to reduce manual remediation.
- Design, implement, and maintain role-based access control (RBAC) models across identity and access systems.
- Partner with Systems, Integrations, and HR teams to identify and resolve upstream data quality issues feeding identity pipelines (e.g., middleware and HRIS sources); escalate persistent cross-team issues with supporting evidence.
- Support IAM audit and compliance activities, including evidence collection for access reviews and regulatory assessments.
- Collaborate with the Lead Information Security Engineer on shared security engineering initiatives (e.g., SIEM, PAM, EDR) as capacity allows.
- Investigate and respond to identity-related security incidents, including compromised accounts and credential misuse, in coordination with the Information Security Analyst team.
- Maintain IAM architecture diagrams, runbooks, and standard operating procedures in accordance with Document Management requirements.
- Contribute to Disaster Recovery and Business Continuity planning for identity systems.
- Provide guidance and informal mentorship to Information Security Analysts on IAM fundamentals and access-related investigations.
- Participate in a rotating on-call schedule with other members of the Information Security department.
- Other duties as assigned.
Requirements:- Bachelor of Science in Computer Science or a related field, or a combination of education and experience.
- Three or more years' work experience in identity and access management engineering, systems engineering, or a related security engineering role.
- Hands-on experience administering and architecting an enterprise identity provider (Okta strongly preferred; comparable platforms such as Azure AD/Entra ID or Ping considered).
- Experience designing, implementing, and troubleshooting SAML and OIDC integrations.
- Experience designing RBAC models and automated provisioning/deprovisioning workflows.
- Experience integrating identity systems with middleware/integration platforms (e.g., Boomi) and HRIS platforms (e.g., ADP) is strongly preferred.
- In-depth knowledge of security frameworks and principles as they apply to identity and access management.
- Strong and effective communication skills with the ability to distill complex access and identity issues into business impact for internal customers.
- A strong desire to learn new technologies and contribute to a fast-growing company.
- Demonstrable teamwork skills and resourcefulness.
- Possess personal ownership, drive, and urgency to keep moving things forward even in the face of ambiguity and imperfect knowledge.
Skills:- Critical thinking skills and ability to solve complex problems.
- Strong time management skills and comfortable working independently.
- Ability to explain, both verbally and in writing, how identity and access controls work to internal and external stakeholders.
- Experience performing scripting tasks using PowerShell, Python, Perl, BASH, or other scripting languages, including automation of identity workflows.
- An understanding of operating systems such as Windows Server, Windows 10/7, Mac OSX, RHEL, and Ubuntu Linux, and the ability to perform basic functions at the CLI.
- An understanding of cybersecurity as it relates to the software development lifecycle.
- An understanding of networking concepts, protocols, and detailed knowledge of how networks function.
- An understanding of network and web-related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, and routing protocols).
- An understanding of Active Directory, Azure AD/Entra ID, DDNS, Group Policy, Microsoft Windows Server, and Desktop operating systems.
- An understanding of AWS, Google Cloud Platform, Azure, or other cloud platforms and related technologies.
- An understanding of systems design and implementation.
- An understanding of common network, system, and application vulnerabilities.
- An understanding of security fundamentals (cryptography, least privilege, segregation of duties).
- Preferred: Okta Certified Professional/Administrator or equivalent IAM vendor certification.
Please note that we are currently unable to offer visa sponsorship for this position. Candidates must have authorization to work in the U.S. without the need for sponsorship now or in the future.