Contact us

Senior Identity and Access Management Engineer

  • Remote

Description

We are seeking a highly skilled Senior Identity and Access Management (IAM) Engineer to design, implement, and manage enterprise-wide identity and access management solutions. This role is critical in ensuring secure and efficient access to organizational resources while maintaining compliance with security policies and regulatory requirements. The ideal candidate will have deep technical expertise in IAM platforms, authentication protocols, and access governance, combined with the ability to architect scalable solutions that balance security with user experience.

Core Responsibilities:

IAM Architecture & Platform Management:

  • Design, architect, and implement comprehensive Identity and Access Management solutions that support organizational security objectives and business requirements
  • Deploy, configure, and maintain enterprise IAM platforms including Okta, Ping Identity, SailPoint IdentityIQ, Microsoft Entra ID (Azure AD), Oracle Identity Manager, or similar solutions
  • Establish IAM architecture standards, design patterns, and best practices aligned with zero-trust security principles
  • Evaluate and recommend IAM technologies and solutions to address evolving security needs and business challenges
  • Integrate IAM solutions with cloud platforms (AWS, Azure, GCP), SaaS applications, on-premises systems, and custom applications
  • Ensure high availability, disaster recovery, and business continuity for critical IAM services

Authentication & Single Sign-On (SSO):

  • Implement and manage enterprise Single Sign-On (SSO) solutions across web applications, cloud services, and legacy systems
  • Configure and maintain authentication protocols including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), LDAP, Kerberos, and WS-Federation
  • Design and implement adaptive authentication policies based on risk factors such as location, device, behavior, and access context
  • Integrate applications with centralized authentication services, reducing password sprawl and improving user experience
  • Troubleshoot SSO integration issues and provide technical guidance to application teams
  • Optimize authentication flows for security, performance, and user experience

Multi-Factor Authentication (MFA) & Passwordless Authentication:

  • Deploy and manage Multi-Factor Authentication (MFA) solutions across the organization including push notifications, TOTP, SMS, biometrics, and hardware tokens
  • Implement conditional access policies that enforce MFA based on risk assessment and user context
  • Drive adoption of passwordless authentication methods including FIDO2, WebAuthn, biometrics, and certificate-based authentication
  • Balance security requirements with user convenience to minimize authentication friction
  • Monitor MFA adoption rates and identify opportunities to expand coverage

Privileged Access Management (PAM):

  • Design and implement Privileged Access Management solutions to secure administrative and elevated access rights
  • Deploy PAM tools (CyberArk, BeyondTrust, Delinea, HashiCorp Vault) to manage privileged accounts, credentials, and sessions
  • Implement just-in-time (JIT) access provisioning and privilege elevation workflows
  • Establish session recording and monitoring for privileged access activities
  • Manage secrets, API keys, certificates, and credentials using secure vaults and rotation policies
  • Enforce least privilege principles and time-bound access for administrative accounts

Access Control & Authorization:

  • Design and implement Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Policy-Based Access Control (PBAC) models
  • Develop access control policies and entitlement structures that align with organizational roles, responsibilities, and data classification
  • Create and maintain role hierarchies, permission sets, and access templates to streamline provisioning
  • Implement fine-grained authorization controls for applications and cloud resources
  • Conduct access reviews and recertification campaigns to validate ongoing access appropriateness
  • Design segregation of duties (SoD) rules and detect/prevent toxic access combinations

User Lifecycle Management & Provisioning:

  • Automate user lifecycle processes including onboarding, role changes, transfers, and offboarding across all connected systems
  • Implement birthright provisioning to automatically grant baseline access based on employee attributes (department, role, location)
  • Design and configure identity provisioning and deprovisioning workflows with appropriate approval chains
  • Establish joiner-mover-leaver (JML) processes integrated with HR systems as the authoritative source
  • Implement self-service access request portals enabling users to request access with automated approval routing
  • Manage orphaned accounts, dormant accounts, and access cleanup processes
  • Ensure timely deactivation of access when employees separate or change roles

Directory Services & Identity Synchronization:

  • Manage and maintain Microsoft Active Directory, Azure AD/Entra ID, and LDAP directory services
  • Implement directory synchronization and federation between on-premises and cloud identity sources
  • Configure and maintain Azure AD Connect, Okta Sync, or similar identity synchronization tools
  • Ensure data consistency across multiple identity repositories and applications
  • Manage organizational units (OUs), group policies, and directory schema extensions
  • Implement hybrid identity architectures bridging on-premises and cloud environments

Identity Governance & Administration (IGA):

  • Implement Identity Governance solutions (SailPoint, Saviynt, Omada) to manage access across the organization
  • Conduct periodic access certification and recertification campaigns for users, roles, and entitlements
  • Develop analytics and reporting dashboards for access visibility, compliance, and risk assessment
  • Identify and remediate access anomalies, excessive permissions, and compliance violations
  • Implement access request and approval workflows aligned with business processes
  • Maintain documentation of access policies, role definitions, and governance procedures

Federation & External Identity Management:

  • Implement federated identity management enabling secure access for partners, contractors, and third parties
  • Configure SAML and OIDC federation trusts with external identity providers
  • Design business-to-business (B2B) and business-to-consumer (B2C) identity solutions
  • Implement guest user management and external collaboration controls
  • Ensure appropriate security controls for non-employee access

Security Monitoring & Incident Response:

  • Monitor IAM systems using Security Information and Event Management (SIEM) tools for suspicious activities and security incidents
  • Create detection rules and alerts for IAM-related threats including credential abuse, privilege escalation, and anomalous access patterns
  • Investigate and respond to identity-related security incidents including compromised accounts and unauthorized access
  • Conduct forensic analysis of authentication logs, access events, and identity changes
  • Collaborate with Security Operations Center (SOC) and incident response teams on identity-related investigations
  • Implement User and Entity Behavior Analytics (UEBA) to detect insider threats and compromised credentials
  • Respond to and remediate failed audits, access violations, and policy exceptions

Compliance & Audit Support:

  • Ensure IAM implementations comply with regulatory requirements including NIST 800-53, HIPAA, SOC 2, PCI-DSS, GDPR, and industry-specific regulations
  • Conduct regular security assessments and audits of IAM systems, policies, and access controls
  • Prepare compliance documentation, evidence, and reports for internal and external audits
  • Remediate audit findings and implement corrective action plans
  • Support audit requests by providing access logs, certification records, and policy documentation
  • Maintain IAM compliance baselines and continuously monitor for drift

Automation & Process Improvement:

  • Develop scripts and automation to streamline IAM operations using Python, PowerShell, REST APIs, or workflow engines
  • Automate repetitive tasks including user provisioning, access reviews, and compliance reporting
  • Build integrations between IAM platforms and business systems using APIs and connectors
  • Continuously optimize IAM processes to improve efficiency, reduce manual effort, and minimize errors
  • Implement self-service capabilities reducing helpdesk burden and improving user satisfaction

Collaboration & Stakeholder Management:

  • Partner with IT, security, HR, compliance, and business teams to understand access requirements and implement appropriate controls
  • Provide IAM consultation and technical guidance to application teams integrating with identity services
  • Translate complex IAM technical concepts into business language for non-technical stakeholders
  • Conduct training sessions and create documentation for IAM users, administrators, and developers
  • Serve as subject matter expert on identity and access management topics

Required Qualifications:

Experience:

  • 5+ years of hands-on experience in Identity and Access Management, with focus on designing and implementing enterprise IAM architectures
  • Proven track record of successfully deploying and managing IAM solutions at enterprise scale
  • Demonstrated experience with IAM projects including SSO implementations, directory consolidation, PAM deployment, or IGA implementations
  • Experience working in regulated industries with compliance requirements

Technical Expertise:

IAM Platforms & Solutions:

  • Expert-level proficiency with one or more enterprise IAM platforms:
    • Identity Providers: Okta, Ping Identity (PingFederate, PingOne), Microsoft Entra ID (Azure AD), ForgeRock, Auth0
    • Identity Governance: SailPoint IdentityIQ/IdentityNow, Saviynt, Omada, RSA Identity Governance
    • Privileged Access Management: CyberArk, BeyondTrust, Delinea (Thycotic), HashiCorp Vault, AWS Secrets Manager
    • Directory Services: Oracle Identity Manager, IBM Security Identity Manager
  • Strong understanding of IAM architecture patterns, integration approaches, and deployment models (on-premises, cloud, hybrid)

Authentication Protocols & Standards:

  • Deep expertise in authentication and authorization protocols including:
    • SAML 2.0 for federated SSO
    • OAuth 2.0 and OpenID Connect (OIDC) for modern authentication
    • LDAP and LDAPS for directory access
    • Kerberos for Windows authentication
    • RADIUS for network access authentication
    • WS-Federation for legacy applications
    • SCIM for user provisioning
    • JWT (JSON Web Tokens) for API security
  • Understanding of PKI, certificates, and digital signatures

Access Control Models:

  • Expert knowledge of access control methodologies:
    • Role-Based Access Control (RBAC) – role design, role mining, role lifecycle
    • Attribute-Based Access Control (ABAC) – policy languages, attribute sources, policy decision points
    • Policy-Based Access Control (PBAC) – policy authoring, policy enforcement
    • Least privilege and separation of duties principles
  • Experience designing role hierarchies, entitlement models, and access policies

Directory Services:

  • Extensive experience with directory services including:
    • Microsoft Active Directory – domain services, group policy, forest/domain design
    • Azure AD/Microsoft Entra ID – tenant configuration, conditional access, identity protection
    • LDAP directories (OpenLDAP, Oracle Directory Server, IBM Security Directory Server)
    • Directory synchronization tools (Azure AD Connect, LDAP sync, identity connectors)
    • Directory federation and trust relationships

User Lifecycle Management:

  • Proven experience automating identity lifecycle processes:
    • Automated provisioning and deprovisioning workflows
    • HR system integration (Workday, SAP SuccessFactors, Oracle HCM)
    • Access request and approval workflows
    • Role assignment automation based on user attributes
    • Periodic access certification and recertification campaigns
    • Orphaned account detection and cleanup
  • Proficiency with workflow engines and identity orchestration

Security Monitoring & SIEM:

  • Experience integrating IAM systems with Security Information and Event Management (SIEM) platforms:
    • Splunk, Elastic Security, IBM QRadar, LogRhythm, Microsoft Sentinel
  • Knowledge of IAM-specific security events, indicators of compromise, and detection patterns
  • Experience with User and Entity Behavior Analytics (UEBA) for anomaly detection
  • Familiarity with identity threat detection and response (ITDR) concepts

Cloud & Infrastructure:

  • Working knowledge of cloud security and IAM in major cloud platforms:
    • AWS IAM, AWS SSO (IAM Identity Center), AWS Cognito, AWS Secrets Manager
    • Azure AD/Entra ID, Azure RBAC, Conditional Access, Privileged Identity Management
    • Google Cloud Identity, GCP IAM, Identity-Aware Proxy
  • Understanding of cloud security best practices and shared responsibility model
  • Familiarity with infrastructure security technologies: firewalls, VPNs, endpoint security, network access control (NAC)

Scripting & Automation:

  • Strong scripting skills in languages such as:
    • PowerShell for Windows and Azure automation
    • Python for general IAM automation and API integration
    • Bash for Linux/Unix automation
  • Experience with REST APIs, SOAP web services, and SDK integration
  • Familiarity with configuration management tools (Ansible, Terraform) for IAM infrastructure

Compliance & Standards:

  • Working knowledge of security and compliance frameworks:
    • NIST 800-53 and NIST Cybersecurity Framework
    • HIPAA Security Rule and PHI access controls
    • SOC 2 Type II controls (access management, segregation of duties)
    • PCI-DSS requirements for access control and authentication
    • GDPR requirements for data access and user rights
    • ISO 27001 access control standards
  • Experience conducting IAM security assessments and compliance audits
  • Understanding of audit evidence requirements and documentation standards

Preferred Qualifications:

Certifications:

  • Certified Identity and Access Manager (CIAM)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Systems Auditor (CISA)
  • Platform-specific certifications:
    • Okta Certified Professional or Okta Certified Administrator
    • Microsoft Certified: Identity and Access Administrator Associate
    • SailPoint IdentityIQ Engineer or IdentityNow Engineer
    • CyberArk Certified Delivery Engineer
    • AWS Certified Security – Specialty

Additional Skills:

  • Experience with API gateway security and OAuth/OIDC implementation
  • Knowledge of identity standards development (contributing to IETF, OpenID Foundation, FIDO Alliance)
  • Familiarity with DevSecOps and identity-as-code practices
  • Experience with customer identity and access management (CIAM) platforms
  • Understanding of blockchain-based identity or decentralized identity concepts
  • Background in application development or software engineering
  • Experience with identity governance frameworks (COBIT, ISO 27002)

Key Competencies:

  • Technical Expertise: Deep knowledge of IAM technologies, protocols, and architectural patterns with ability to design sophisticated solutions
  • Problem-Solving: Strong analytical skills to troubleshoot complex identity issues, diagnose integration problems, and optimize IAM systems
  • Communication Skills: Excellent written and verbal communication abilities to explain intricate IAM concepts clearly to technical teams, business stakeholders, and executives
  • Collaboration: Proven ability to work effectively across organizational boundaries with IT, security, HR, legal, compliance, and business units
  • Security Mindset: Strong security awareness with understanding of identity as the security perimeter in modern environments
  • Project Management: Ability to lead IAM projects from requirements gathering through implementation and ongoing support
  • Customer Focus: Commitment to delivering user-friendly IAM solutions that balance security with productivity
  • Attention to Detail: Meticulous approach to access policies, role design, and configuration to prevent security gaps
  • Continuous Learning: Dedication to staying current with evolving IAM technologies, authentication standards, and security threats
  • Process Orientation: Systematic approach to documenting procedures, standardizing processes, and ensuring repeatability

What We Offer:

  • Opportunity to architect and implement enterprise-scale identity solutions protecting critical assets
  • Work with cutting-edge IAM technologies and authentication methods
  • Collaborative environment with security, infrastructure, and development teams
  • Professional development including certifications, training programs, and industry conferences
  • Career advancement opportunities in identity security architecture and leadership
  • Meaningful impact on organizational security posture and user experience

Join our team and play a pivotal role in building secure, scalable identity and access management solutions that enable business innovation while protecting our organization and users.

To apply for this job email your details to mahesht@smacforce.com

Apply for this Job

We are ready to help you gain

Talk to our expert

Follow us on

Linkedin
SMACFORCE LLC
Company
IT & Services
Staff Augmentation
  • Digital Transformation
  • Project Management
  • Digital Crisis Management
  • IT Service Management
  • Platform consulting
  • Enterprise IT consulting
Industries
  • Healthcare
  • Manufacturing
  • Professional Services
  • Banking and Financial Services
  • Insurance Retail
  • Transportation and Logistics
  • Telecommunications
  • Oil & Gas

© 2022 SMAC FORCE, Inc. All Rights Reserved.