IAM Engineer

Hiring: W2 Candidates Only

Visa: Open to any visa type with valid work authorization in the USA

We are seeking an experienced Identity and Access Management (IAM) Engineer to design, implement, and support enterprise-wide identity solutions. The ideal candidate has strong hands-on experience with IAM tools, authentication protocols, access governance, and security best practices. You will work closely with security, cloud, and infrastructure teams to ensure secure and seamless user access across applications and systems.

Key Responsibilities

• Design, implement, and maintain IAM solutions including user provisioning, authentication, authorization, and access governance.
• Administer and support IAM platforms such as Okta, SailPoint, Ping Identity, Azure AD, CyberArk, Forgerock, or similar technologies.
• Develop and manage identity lifecycle processes: onboarding, offboarding, access reviews, and role management.
• Implement authentication methods including SSO, MFA, OAuth, SAML, OpenID Connect, and federation.
• Integrate enterprise applications with IAM systems through APIs, connectors, and directory services.
• Support Privileged Access Management (PAM) controls and work with tools such as CyberArk or BeyondTrust.
• Conduct periodic access certifications, role mining, and access clean-up activities.
• Ensure IAM architecture aligns with Zero Trust principles and security best practices.
• Troubleshoot IAM-related issues, security events, and access failures.
• Collaborate with compliance, security, and audit teams to meet regulatory requirements (SOX, HIPAA, PCI, ISO).
• Develop automation scripts for identity workflows using PowerShell, Python, or REST APIs.
• Maintain documentation for IAM design, configurations, and operational procedures.

Required Skills & Qualifications

• Bachelor s degree in Cybersecurity, IT, Computer Science, or related field.
• 3-7+ years of experience as an IAM Engineer, Security Engineer, or Identity Specialist.
• Strong hands-on knowledge of at least one IAM platform (Okta, SailPoint, Ping Identity, Azure AD, etc.).
• Experience with authentication protocols: SAML, OAuth 2.0, OIDC, LDAP, Kerberos.
• Solid understanding of identity lifecycle management and access governance models.
• Experience with AD/Azure AD administration, group policy, conditional access, and identity federation.
• Understanding of Zero Trust Architecture and modern identity strategies.
• Strong scripting skills (PowerShell, Python) for automation.
• Familiarity with role-based access control (RBAC), ABAC, and least-privilege principles.
• Excellent troubleshooting, analytical, and communication skills.

Preferred Qualifications

• Experience with SailPoint IIQ, Okta Workflows, PingFederate, or ForgeRock Identity Stack.
• Experience with PAM tools (CyberArk, BeyondTrust, Thycotic).
• Knowledge of cloud IAM (AWS IAM, Azure AD, Google Cloud Platform IAM).
• Security certifications such as Security+, Azure Security Engineer, Okta Certified Professional, CISSP, CIAM, CCSP.
• Background in DevSecOps, API security, and identity automation pipelines