Key Responsibilities
• Architect and maintain IAM solutions across cloud and on-premises environments
• Architect SSO, MFA, and federation integrations using SAML, OIDC, and OAuth 2.0
• Architect and enforce least-privilege access controls, RBAC/ABAC policies, and PAM standards
• Manage email security and filtering platforms (Mimecast, Barracuda)
• Deploy and administer hardware authentication tokens (YubiKey) and MFA infrastructure
• Automate identity lifecycle workflows: provisioning, de-provisioning, access reviews
• Respond to and investigate access-related security incidents
• Collaborate with Security, DevOps, and Compliance to embed IAM into existing pipelines
Required Qualifications
• 5+ years of hands-on IAM experience in an enterprise environment
• Proficiency with Mimecast or Barracuda for email security and policy enforcement
• Experience deploying and managing YubiKey or equivalent hardware token solutions
• Strong command of identity protocols: SAML 2.0, OIDC, OAuth 2.0, SCIM, LDAP/AD
• Scripting and automation skills (Python, PowerShell, or equivalent)
• Familiarity with compliance frameworks: SOC 2, ISO 27001, NIST, or HIPAA
Required Certifications
Candidates must hold at least one of the following, or demonstrate a willingness to obtain within the first year of employment:
• Okta Certified Professional or Okta Certified Administrator
• Microsoft SC-300 (Identity and Access Administrator)
• CISSP or CISM
• SailPoint IdentityNow Certified
• CyberArk Trustee or Defender
Note on Certifications: Candidates who do not yet hold the required certifications are welcome to apply. We offer the opportunity to complete certification training in your own time as a condition of continued employment. Study materials and exam fees are not covered by the company.
Never miss an opportunity! Create an alert based on the job you applied for.
