Sr. Cloud IAM Engineer (SSO)

Cloud Identity & Access Management (IAM) Systems Engineer
Experience Level: 7+ years in Information Security / IAM
Position Summary
The Cloud IAM Systems Engineer supports the design, development, integration, and operationalization of enterprise identity and authentication services across on-premises and multi-cloud environments (AWS, Azure, Google Cloud Platform). The engineer participates in systems engineering activities including authentication, identity provisioning, federation, SSO/MFA, and application onboarding.
This role contributes to the end-to-end engineering lifecycle - from requirements refinement to deployment and operational support- while ensuring adherence to security, compliance, and architectural standards. This engineer acts as a seasoned technical contributor who collaborates across cloud, application, infrastructure, and cybersecurity teams to deliver secure, scalable IAM solutions. The role has no direct reports but requires influencing cross-functional technical teams through expertise and leadership.
Key Responsibilities
Identity Engineering & Cloud Integration

• Design, implement, and maintain Cloud IAM solutions across AWS IAM, Azure/Entra ID, and Google Cloud Platform IAM.
• Integrate and support SSO, MFA, identity federation, and authentication flows for enterprise and cloud-native applications.
• Implement identity synchronization and automated provisioning workflows between cloud and on-prem directory platforms.
• Build and configure authentication and federation using OAuth 2.0, OpenID Connect (OIDC), SAML 2.0, SCIM, FIDO, and related standards.

Systems Engineering, Deployment & Automation

• Participate in story refinement, requirement gathering, and architectural discussions for IAM services.
• Build and optimize CI/CD pipelines supporting IAM deployments, policy updates, and configuration changes.
• Utilize understanding of networking, virtualization, and data center technologies to support scalable identity systems.
• Create and enhance processes for system transformation, dependency mapping, workload management, and environment standardization.

Testing, Troubleshooting & Operations

• Execute existing test suites (integration, regression, performance), analyze results, identify issues, and drive root-cause resolution.
• Support the onboarding of cloud, internal, and third-party applications into the organization's IAM ecosystem.
• Monitor and improve identity performance, authentication reliability, and service availability.

Governance, Documentation & Cross-Functional
Collaboration

• Document system designs, integration workflows, deployment steps, and operational runbooks.
• Identify gaps in IAM standards or misconfigurations; collaborate with engineering teams to close compliance and architectural gaps.
• Work closely with development, cloud, and cybersecurity teams to ensure alignment on IAM requirements and best practices.

Required Qualifications

• 7+ years of experience in Information Security or Identity & Access Management.
• Strong hands-on experience with SSO, MFA, and federation technologies.
• Deep expertise in IAM protocols including:
  • OAuth 2.0, OIDC
  • SAML 2.0
  • SCIM
  • FIDO
  • LDAP
• Strong experience designing IAM solutions for:
  • AWS IAM
  • Azure / Entra ID
  • Google Cloud Platform IAM
• Experience federating cloud applications and building modern authentication flows.
• Knowledge of Active Directory, LDAP, MFA solutions, risk-based authentication, and privileged access concepts.
• Proficient in Linux & Windows, plus experience with Tomcat, WebLogic, or WebSphere.
• Ability to script or program in Python, PowerShell, Bash, Java, JavaScript, or Perl.
• Experience deploying large-scale, enterprise/global IAM projects.
• Strong communication skills and ability to influence cross-functional partners.
• Familiarity with IT security, risk management, and compliance frameworks.

Preferred Experience:

• Experience with PingFederate, PingAccess, PingDirectory, or PingID for SSO, MFA, and federation.
• Experience integrating Ping Identity solutions into cloud IAM environments.
• Understanding of identity token mapping, adapters, authentication policies, and directory replication.

Soft Skills & Leadership

• Ability to influence technical teams without direct authority.
• Strong communication and interpersonal skills.
• Demonstrated ability to support fast-paced, enterprise-scale IAM initiatives.
• Motivation and willingness to learn new cloud and identity technologies.

We reserve the right to pay above or below the posted wage based on factors unrelated to sex, race, or any other protected classification.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. This temporary role may be eligible for the following:

• Medical, dental & vision
• 401(k)/Roth
• Insurance (Basic/Supplemental Life & AD&D)
• Short and long-term disability
• Health & Dependent Care Spending Accounts (HSA & DCFSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)

Job Type & Location
This is a Contract position based out of Denver, CO.
Pay and Benefits
The pay range for this position is $60.00 - $78.00/hr.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following: Medical, dental & vision Critical Illness, Accident, and Hospital 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available Life Insurance (Voluntary Life & AD&D for the employee and dependents) Short and long-term disability Health Spending Account (HSA) Transportation benefits Employee Assistance Program Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type
This is a fully onsite position in Denver,CO.
Application Deadline
This position is anticipated to close on Mar 31, 2026.
>About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

About TEKsystems and TEKsystems Global Services

We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.

The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.