IAM Engineer

IAM Engineer
Denver, CO
12 Months

Description: Proven experience improving the JML(Joiner, Mover, Leaver) processes to assist with an overhaul of the program utilizing ServiceNow, Sailpoint and Entra ID along with other applications.
Extensive understanding of SoD, Toxic Combinations standards.
Experience with User Access Reviews and automation of functions within the program.

• Understanding of Microsoft Entra ID (Azure AD), including SSO (SAML/OIDC), MFA, Conditional Access, and Privileged Identity Management (PIM).
• Provide support and guidance around implementation of Privileged Access Management
• (PAM) solutions to secure administrative and high-risk accounts, enforce just-in-time access, and monitor privileged sessions.
• Lead IAM engineering work for major projects such as Aladdin onboarding, including defining access provisioning standards and integrating with identity governance processes.
• Experience working with SailPoint, understanding of provisioning processes and automation.
• Seek out automation opportunities to streamline identity lifecycle processes.
• Redesign and automate Joiner Mover Leaver (JML) workflows to eliminate manual steps and reduce errors. Includes working with our people department to assist with data improvements.
• Partner to build and maintain preventive controls to ensure compliance with SOX, ISO 27001, SOC 2, and internal policies.
• Automate evidence collection and reporting for audits and access reviews.
• Troubleshoot and resolve identity synchronization issues, federation problems, and access failures.
• Partner with Security, IT, People Department and Compliance teams to ensure identity services meet security and regulatory requirements.
• Participate in continuous improvement initiatives and recommend enhancements to identity processes and technology.
• Carry out additional duties as assigned.

Supervisory responsibilities Technical Skills and Qualifications

• Bachelor s Degree in Computer Science, Information Security, or equivalent work experience.
• 3 5+ years in Identity & Access Management or Identity Security engineering roles.
• Strong hands-on experience with Microsoft Entra ID (Azure AD) and Azure identity services.
• Experience implementing audit-ready controls and supporting compliance frameworks (SOX, ISO, SOC 2, ISAE, DORA).
• Familiarity with Conditional Access, MFA, and PIM.
• Knowledge of Identity Governance and lifecycle processes.
• Familiarity with markup languages (JSON, XML)
• Understanding of API workings as integrating various software systems enabling seamless communication and data exchanges
• Working knowledge of PowerShell / Python, SQL, Java, and Beanshell scripting languages.
• Desired knowledge of Business Systems: Employee Central SuccessFactors, SAP, Salesforce, Aladdin
• Experience with IGA tools (Microsoft Entra ID Governance, SailPoint).

Competencies Required

• Ability to design and implement secure, automated identity solutions.
• Strong problem-solving and troubleshooting skills.
• Ability to work in high-volume, high-pressure environments while maintaining quality.
• Excellent communication skills able to document processes and present technical concepts clearly.
• Highly motivated with attention to detail and integrity.
• Strong collaboration skills; able to work across teams and influence without authority.
• Desire and ability to coach and train peers of best practices and technical directions
• Ability to define and enforce standards for new platforms like Aladdin.
• Commitment to continuous improvement and following best practices.