IAM Engineer

Must Have Technical/Functional Skills

• Strong understanding of IAM concepts: RBAC, ABAC, PBAC, SoD, governance workflows.
• Hands on experience with at least one major platform:

IGA:

SailPoint / Saviynt / OIG

SSO/AM:

Okta / Azure AD / Ping / ForgeRock

PAM:

CyberArk / Delinea / BeyondTrust

• Proficiency in scripting: PowerShell (mandatory), Python preferred.
• Deep understanding of SAML, OAuth 2.0, OIDC, SCIM, JWT.
• Experience with Active Directory, Entra ID, and directory synchronization tools.
• Familiarity with cloud IAM across AWS / Azure / GCP. Roles & Responsibilities 1. Identity Governance & Administration (IGA)
• Implement and maintain IGA platforms (e.g., SailPoint, Saviynt, Oracle Identity).
• Manage user lifecycle processes (Joiner-Mover-Leaver).
• Execute role engineering, access certifications, entitlement governance, and SoD controls.
• Develop identity workflows, provisioning connectors, and automated approval processes. 2. Access Management / SSO / Federation
• Configure and support SSO integrations using SAML, OAuth 2.0, and OIDC.
• Implement MFA, conditional access, adaptive authentication, and passwordless solutions.
• Manage and troubleshoot identity federation with cloud and on prem applications.
• Support both workforce and B2B/B2C identity requirements. 3. Privileged Access Management (PAM)
• Administer PAM tools (CyberArk, BeyondTrust, Delinea, HashiCorp Vault).
• Onboard privileged accounts, manage vaulting, session control, and credential rotation.
• Implement least privilege models and privileged identity workflows. 4. Directory Services & Identity Infrastructure
• Manage Active Directory / Entra ID objects, GPO policies, domain trust, and conditional access.
• Support LDAP, Kerberos, RADIUS, and identity protocols for infrastructure authentication.
• Troubleshoot identity replication, authentication failures, and directory issues. 5. Cloud IAM
• Implement IAM controls for AWS, Azure, and/or GCP (RBAC, service accounts, policies).
• Manage enterprise cloud identity integrations, workload identities, and cloud SSO.
• Support identity posture management and cloud access reviews. 6. Automation, Scripting & DevOps
• Develop automation using PowerShell, Python, Bash, REST APIs.
• Build integration scripts, provisioning connectors, and identity workflows.
• Use Terraform, CI/CD pipel ines, or automation frameworks for IAM deployments. 7. Security, Compliance & Governance
• Support audits (SOX, PCI

DSS, ISO 27001, FFIEC, HIPAA

if applicable).

• Implement identity controls aligned with Zero Trust Architecture.
• Perform risk assessments, access reviews, and provide remediation support.
• Document IAM processes, standards, runbooks, and architectural diagrams.

Salary Range:

$80,000 to $105,000 per year