Identity & Access Management Engineer

As a Remote Identity & Access Management (IAM) Engineer, you will be responsible for the design, implementation, and maintenance of secure and scalable IAM solutions that protect user access to systems, applications, and data across the enterprise. You will ensure that users have the appropriate levels of access based on their roles while enforcing robust authentication, authorization, and provisioning controls.

You'll work closely with cybersecurity, infrastructure, HR, and application teams to automate access workflows, integrate identity providers (IdPs), and monitor IAM systems for security, compliance, and performance. This role requires a deep understanding of identity governance, privileged access management (PAM), federated authentication, and the Zero Trust security model.

You will lead efforts to manage identity lifecycles, support audits, define policies for access requests and entitlements, and continuously improve identity posture by implementing best practices and modern IAM tooling.

Key Responsibilities:

Design, develop, and maintain IAM systems, including provisioning, deprovisioning, role-based access control (RBAC), and single sign-on (SSO)

Integrate identity solutions with cloud and on-prem applications using SAML, OAuth, OIDC, and LDAP

Implement and manage identity providers such as Azure AD, Okta, Ping Identity, ForgeRock, or similar

Build and manage automation scripts/workflows for access requests, reviews, and approvals

Support access certification campaigns and provide evidence for security audits and compliance requirements (SOX, HIPAA, PCI, etc.)

Manage privileged access controls using tools such as CyberArk, BeyondTrust, or HashiCorp Vault

Monitor and troubleshoot IAM systems for reliability, latency, and anomalies

Enforce policies aligned with Zero Trust and least privilege access models

Provide technical expertise on IAM architecture and security engineering best practices

Collaborate with cross-functional teams to onboard applications and enforce secure access protocols

Required Qualifications:

Bachelors degree in Information Security, Computer Science, or related field (or equivalent experience)

2 years of hands-on IAM engineering experience in enterprise environments

Proficiency with IAM protocols (SAML, OAuth2, OIDC), directory services (LDAP, AD), and federation concepts

Experience with at least one leading IAM platform (e.g., Okta, Ping, Azure AD, ForgeRock)

Familiarity with scripting languages (e.g., PowerShell, Python, or Bash) for automation

Strong understanding of identity lifecycle, entitlement management, RBAC/ABAC models, and MFA

Ability to support incident response and IAM-related vulnerability remediation

Excellent communication and documentation skills in a remote work environment.