Senior IAM Developer

Position Description:

The Senior IAM Developer is responsible for the architecture, development, implementation, and maintenance of the enterprise-wide Identity and Access Management solutions. This role will ensure secure and seamless access for all users (internal staff, agency partners, and the public) to Maryland Benefits applications, including the Consumer Portal, Unified Benefits Screener, and One Application. This expert will lead efforts to modernize the State's identity framework, integrate with enterprise-grade IAM platforms (like Forgerock and Entra), automate identity lifecycle processes, govern identities using IGA tools (like SailPoint), and apply AI-driven security controls.

Responsibilities include:

A. Architecting and developing the end-to-end IAM framework for all Maryland Benefits applications, ensuring scalability, security, and compliance.

B. Implementing and managing Single Sign-On (SSO) solutions (SAML, OIDC, OAuth 2.0) to federate identities across the Consumer Portal, Unified Benefits Screener, and One Application.

C. Designing, implementing, and maintaining strong Role-Based Access Control (RBAC) policies and privileged access management (PAM) solutions.

D. Leading the hands-on integration and development of IAM solutions, including Microsoft Entra ID (for enterprise/consumer access), Forgerock, and AWS IAM Identity Center (for enterprise access).

E. Automating the identity lifecycle (JML - joiner, mover, leaver) and provisioning processes by integrating SailPoint with HR systems and target applications.

F. Implementing and managing Multi-Factor Authentication (MFA) and adaptive authentication policies across all platforms.

G. Integrating and configuring AI/ML tools for user behavior analytics (UBA), anomaly detection, and risk-based adaptive access policies.

H. Collaborating with security and compliance teams to ensure the IAM framework meets all state, federal, and PII/HIPAA policy requirements.

I. Providing senior-level technical guidance, code reviews, and mentoring to development teams on IAM and DevSecOps best practices.

J. Managing IAM-related components of the CI/CD pipeline and ensuring identity controls are embedded securely within automated workflows.

Education:

This position requires a Bachelor s degree from an accredited college or university in Computer Science, Information Security, or a related technical discipline.

Relevant industry certifications (e.g., CISSP, CISM, AWS Certified Security - Specialty, or platform-specific certifications for SailPoint, Forgerock, or Entra) are highly preferred.

General Experience:

The candidate must have at least seven (7) years of progressive experience in software engineering, with a specific focus on cybersecurity and identity management.

Specialized Experience:

Must have at least five (5) years of experience in a senior developer or architect role focused exclusively on IAM.

Proven experience designing and building enterprise-level IAM solutions for large-scale, public-facing applications.

Expert-level knowledge of identity protocols (SAML, OAuth 2.0, OIDC, LDAP, SCIM).

Strong, hands-on experience with leading IAM platforms (e.g., Microsoft Entra ID, Forgerock) and cloud-native identity services (e.g., AWS IAM, AWS IAM Identity Center (SSO), AWS Secrets Manager).

Expertise with Identity Governance and Administration (IGA) platforms, specifically SailPoint, including access certification, automated provisioning, and access request workflows.

Demonstrable experience integrating IAM solutions with health and human services platforms (e.g., systems for SNAP, TANF, Medicaid) is highly desirable.

Experience implementing AI-driven security controls, such as risk-based authentication or user behavior analytics.

Strong scripting and development skills (e.g., Python, Java, .NET) for custom integrations and automation.

Excellent leadership, communication, and problem-solving skills.

EDUCATION
Bachelor s Degree in Computer Science, Information Systems, Engineering or related field or equivalent work experience.