Security Engineer - Identity and Access Management

Overview

On Site
$65
Contract - W2
Contract - Independent

Job Details

Vaco has partnered with a rapidly growing national brand headquartered in Tempe that’s modernizing its identity infrastructure and building toward a mature Zero Trust model. The organization is consolidating multiple legacy IAM platforms into Microsoft Entra ID (Azure AD), unifying governance, automation, and security across roughly 19,000 identities spanning corporate and distributed field locations.

This is a high-energy, collaborative environment where cross-functional teams work face-to-face daily — think frequent hallway discussions, ad-hoc whiteboarding, and an espresso shot tradition every Monday morning to kick off the week. If you thrive in dynamic spaces with constant collaboration, this is your kind of shop.

You’ll be the second IAM Engineer on the team, joining a talented technical group focused on evolving automation, policy governance, and secure access control. This is a hands-on, tactical role for someone who can challenge legacy thinking, ask the right questions, and execute best-practice IAM solutions that scale.

Key Focus Areas

  • Identity Lifecycle Management: Automate and govern joiner/mover/leaver processes, attribute-based entitlements, and provisioning workflows.

  • Privileged Access Management: Implement JIT access, credential vaulting, and session monitoring to strengthen control of elevated accounts.

  • Identity Governance: Enforce policy consistency, automate access reviews, and align with regulatory frameworks.

  • MFA & SSO Expansion: Integrate additional applications and extend MFA coverage organization-wide.

  • Zero Trust Foundations: Build conditional access policies, passwordless authentication (FIDO2), and risk-based MFA into daily operations.

  • Automation & Orchestration: Use scripting, APIs, and CI/CD to eliminate manual IAM processes and accelerate self-service.

What You’ll Do

  • Implement and optimize enterprise-wide PAM and IGA solutions.

  • Build out core IAM capabilities within Entra ID, including provisioning, deprovisioning, policy sets, and governance workflows.

  • Design and enforce RBAC and attribute-based access models for consistent, least-privilege control.

  • Collaborate with security architecture and infrastructure teams to define Zero Trust Network Access (ZTNA) strategy and standards.

  • Drive IAM automation using Terraform, PowerShell, Python, and CI/CD pipelines.

  • Maintain a comprehensive identity governance framework aligned with audit and compliance needs (SOX, PCI DSS, etc.).

What You Bring

  • 3+ years in Identity & Access Management with a focus on PAM and IGA.

  • Hands-on experience managing cloud identity platforms (Microsoft Entra ID, Okta, Auth0, etc.) in hybrid environments.

  • Proficiency with Terraform, API integrations, and CI/CD for IAM configuration and policy automation.

  • Deep understanding of Zero Trust, RBAC, and identity lifecycle management.

  • Knowledge of authentication protocols (SAML, OIDC, OAuth2) and modern authentication (FIDO2, passwordless, MFA, SSO).

  • Experience implementing IGA automation, SoD enforcement, and access certifications.

  • Ability to collaborate cross-functionally and operate in a fast-paced, high-visibility environment.

Why This Role

You’ll help shape the foundation of a modern IAM program during a pivotal transformation. This position offers the opportunity to design and implement real-world Zero Trust and automation strategies that scale across a large enterprise — while being part of an energetic, people-first culture that believes collaboration and caffeine go hand-in-hand.

If you’re ready to take ownership in building secure, intelligent access systems for a national brand, connect with the Vaco team today.


Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual’s skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company’s 401(k) retirement plan.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.