Senior IAM Automation Engineer

Vaco has partnered with an Arizona-based healthcare organization as they expand and mature their Identity and Access Management function as part of a broader five-year IAM strategy. This team is centralizing identity governance, automation, and access controls to improve security posture, compliance, and operational efficiency across the enterprise.

This Senior IAM Automation Engineer will report directly into IAM leadership and serve as a key technical driver for automation, integration, and access governance initiatives. The environment includes Entra ID, Defender, Intune, RBAC governance, and advanced PowerShell automation. The organization plans to implement CyberArk in the near future, so exposure to privileged access management is a plus.

The role is open to Arizona-based remote candidates to start, with the potential to expand nationwide if needed. Onsite expectations are minimal, approximately one day per month.

What You’ll Be Doing

• Design and build advanced PowerShell automation to streamline identity lifecycle management and reduce manual provisioning tasks

• Support and enhance Entra ID, Defender, Intune, and hybrid identity environments

• Implement and refine RBAC models to ensure secure, scalable access governance

• Lead automation efforts for onboarding, offboarding, and access modification workflows

• Integrate IAM systems with enterprise platforms such as Workday and ServiceNow

• Support the rollout of new IAM tooling and contribute to future CyberArk implementation efforts

• Partner with IT and business teams to transition decentralized SaaS access management into a centralized IAM process

• Monitor IAM risks, audit findings, and performance metrics, providing visibility to leadership

• Contribute to IAM policies, procedures, documentation, and long-term roadmap initiatives

• Identify inefficiencies and proactively recommend automation and process improvements

Required Experience

• 6 or more years of experience in Identity and Access Management, systems administration, or related security operations roles

• Advanced PowerShell scripting and automation experience

• Strong hands-on experience with Entra ID, Defender, Intune, and hybrid identity environments

• Experience implementing and managing RBAC frameworks

• Experience integrating IAM systems with enterprise applications such as Workday and ServiceNow

• Familiarity with MFA, SSO, audit controls, and identity lifecycle management

• Ability to operate independently with high accountability and ownership

• Bachelor’s degree in Computer Science, IT, or related field

Nice to Have

• Experience with CyberArk or other Privileged Access Management solutions

• Experience working in healthcare or other regulated industries

• Object-oriented programming experience

• Microsoft or IAM-related certifications such as Azure Administrator, Identity and Access Administrator, or Security+

Compensation

• Salary range up to $150,000 annually, depending on experience

• Full-time employment with benefits package available

If you are a self-driven IAM professional who thrives in automation-focused environments and wants to help shape the long-term identity strategy of a growing organization, we would welcome the opportunity to connect.

Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual’s skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company’s 401(k) retirement plan. Additional disclaimer: Unless otherwise noted in the job description, the position Vaco/Highspring is filing for is occupied. Please note, however, that Vaco/Highspring is regularly asked to provide talent to other organizations. By submitting to this position, you are agreeing to be included in our talent pool for future hiring for similarly qualified positions. Submissions to this position are subject to the use of AI to perform preliminary candidate screenings, focused on ensuring minimum job requirements noted in the position are satisfied. Further assessment of candidates beyond this initial phase within Vaco/Highspring will be otherwise assessed by recruiters and hiring managers. Vaco/Highspring does not have knowledge of the tools used by its clients in making final hiring decisions and cannot opine on their use of AI products.