Senior Identity & Access Management Engineer & ZTN

About the Role: A leading media company is seeking a Senior IAM Engineer to secure all facet's of the company's identity foot print and help build the architecture of the Zero Trust Network Implementation. You'll be responsible for securing access across our Google Workspace, Okta, and Google Cloud Platform environments while ensuring SOX compliance and advancing our Zero Trust security posture.  You will also be responsible for addressing issues around secrets and keys exposure and ensure that all teams are following secure process around identity and access handling including privilged access.

Core Responsibilities:

Identity Platform Management

• Design, implement and manage Okta configurations including SSO, MFA, Adaptive Authentication, and lifecycle management.  Ensure continous enhancements to improve security.
• Implement and optimize Okta Verify and FastPass deployments for passwordless authentication
• Configure and maintain Google Workspace directory services and group-based access controls
• Integrate and manage LDAP directories for legacy application authentication
• Optimize the use of existing tools and enhance reporting on identity riskss

Security & Zero Trust Architecture

• Implement risk-based authentication policies and contextual access controls
• Design and deploy Zero Trust Network (ZTN) access frameworks
• Configure and manage VPN solutions with identity-aware proxy capabilities
• Conduct security assessments and vulnerability remediation for identity systems

Cloud & Security Integration

• Audit Google Cloud Platform IAM roles, service accounts, and workload identity federation
• Integrate Wiz cloud security platform with identity systems for vulnerability tracking
• Review, address and enforce proper hygien for secrets and keys.  Design and implement counter measures and metigating process to minimize the risks of exposures
• Automate identity provisioning and de-provisioning workflows
• Develop and implement privligied access management strategy including just-in-time (JIT) access, break glass acounts process and other security features.

Compliance & Governance

• Prepare for and support SOX IT general controls audits
• Maintain audit trails, access reviews, and segregation of duties (SoD) controls
• Document IAM policies, procedures, and runbooks
• Generate compliance reports and metrics for leadership

Required Qualifications:

• 7+ years of hands-on IAM engineering experience
• Expert-level Okta administration (Verify, FastPass, Workflows, API)
• Strong experience with Google Workspace administration and directory services
• Deep understanding of LDAP, SAML, OAuth 2.0, OIDC protocols
• Proven experience implementing risk-based authentication and Zero Trust principles
• Google Cloud Platform IAM and resource management experience
• SOX compliance experience (IT general controls, access reviews)
• Experience with Wiz or similar cloud security platforms

Preferred Qualifications:

• Okta Certified Professional/Administrator
• Experience with Identity Governance
• Experience with PAM solutions and concepts
• Experience with Sentinel One Siem
• Wiz security

Technical Skills:

• Identity Platforms: Okta (advanced), Google Workspace, Active Directory/LDAP
• Authentication: SAML, OAuth 2.0, OIDC, MFA/Passwordless
• Cloud: Google Cloud Platform IAM, AWS IAM (plus), Azure AD (plus)
• Security Tools: Wiz, SIEM integration, vulnerability management
• Automation: Terraform, Python, REST APIs, PowerShell
• Networking: VPN technologies, proxies, network segmentation