IAM Engineer
Job Description:
About the Role
Merci Technologies is seeking an IAM Engineer to design, build, and operate identity and access management solutions for one of our enterprise clients. Identity is the new perimeter, and this role owns the controls that decide who can access what, under which conditions, and for how long. You will be responsible for the authentication, provisioning, and access governance capabilities that thousands of users and hundreds of applications depend on every day across a hybrid cloud environment.
This is an engineering role, not a ticket-queue role. You will architect single sign-on and conditional access strategies, automate the joiner, mover, and leaver lifecycle so access stays accurate as people change roles, and integrate applications cleanly with the identity provider. You will also partner closely with the security and compliance teams to support access certifications and audits, and with application teams to onboard new systems without compromising on least privilege. The ideal candidate enjoys eliminating manual access processes through automation and treats every standing privilege as a risk to be justified. This is a fully remote position open to Contract or Full-Time candidates.
Key Responsibilities
- Design, configure, and maintain SSO, MFA, and conditional access policies across Okta and Microsoft Entra ID
- Build and support identity lifecycle automation, including joiner, mover, and leaver workflows
- Implement and refine role-based access control and least-privilege access models
- Integrate applications with identity providers using SAML, OIDC, OAuth, and SCIM
- Support access certification campaigns, periodic reviews, and audit evidence requests
- Develop scripts and automation to reduce manual identity administration
- Troubleshoot authentication, federation, and provisioning issues across systems
- Document identity architecture, integration patterns, and operational procedures
Required Qualifications
- 4 to 7 years of hands-on IAM engineering experience
- Strong production experience with Okta, Microsoft Entra ID, or equivalent identity platforms
- Working knowledge of SAML, OIDC, OAuth, and SCIM provisioning
- Experience with identity governance and administration concepts and tooling
- Scripting ability with PowerShell, Python, or a comparable language
Preferred Qualifications
- Okta Certified Professional, Administrator, or equivalent credential
- Hands-on experience with SailPoint, Saviynt, or other IGA platforms
- Familiarity with privileged access management tools such as CyberArk or BeyondTrust
- Exposure to Zero Trust architecture and policy design
What You Will Bring
You think in terms of identities, entitlements, and lifecycle, and you have a low tolerance for manual access processes that should be automated. You can hold a least-privilege line under pressure from teams that want broad access fast, and you can explain federation to a non-technical stakeholder without losing them. You take pride in an identity environment that is both secure and genuinely easy for users.
Required Skills:
Environment Cloud Access Control Support Access Authentication Powershell Compliance Reviews Campaigns Architecture Automation Integration Pressure Security Administration Design Engineering Python Management