IAM Engineer

Key Responsibilities

• Design, implement, and maintain enterprise IAM solutions using Okta Identity Engine (OIE), with focus on modern authentication and authorization frameworks
• Develop and optimize automated identity workflows using Okta Workflows to streamline provisioning, deprovisioning, and access lifecycle management
• Lead Okta Identity Governance (OIG) initiatives including access certifications, separation of duties policies, and role-based access control (RBAC) implementations
• Ensure IAM systems meet compliance requirements for SOC 2, ISO 27001, and other relevant security frameworks
• Design and implement advanced access control models including Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC)
• Collaborate with security, compliance, and IT teams to conduct access reviews, risk assessments, and security audits
• Develop and maintain IAM policies, standards, and procedures aligned with business objectives and regulatory requirements
• Integrate IAM solutions with enterprise applications, cloud platforms, and on-premises systems
• Provide technical leadership and mentorship to junior IAM team members
• Monitor IAM system performance, troubleshoot issues, and implement continuous improvements

Required Qualifications

• 5+ years of experience in Identity and Access Management with at least 3 years in a senior or lead role
• Expert-level knowledge of Okta platform, including Okta Identity Engine (OIE) architecture and implementation
• Extensive hands-on experience with Okta Workflows for automation and orchestration
• Proven experience implementing Okta Identity Governance (OIG) including access certifications and policy management
• Strong understanding of GRC frameworks and experience with SOC 2 and ISO 27001 compliance requirements
• Deep expertise in implementing RBAC and ABAC models in enterprise environments
• Strong knowledge of authentication protocols (SAML, OAuth 2.0, OIDC, SCIM) and federation standards
• Experience with identity lifecycle management, provisioning, and deprovisioning processes
• Excellent problem-solving skills and ability to work in complex enterprise environments
• Strong communication skills with ability to explain technical concepts to non-technical stakeholders

Preferred Qualifications

• Experience with Terraform or other Infrastructure as Code (IaC) tools for IAM automation and deployment
• Okta certifications (Okta Certified Professional, Okta Certified Administrator, or Okta Certified Consultant)
• Experience with cloud platforms (AWS IAM, Azure AD, GCP IAM) and hybrid identity architectures
• Knowledge of scripting languages (Python, PowerShell, JavaScript) for automation
• Familiarity with privileged access management (PAM) solutions
• Experience with Zero Trust security frameworks and implementation
• Understanding of DevSecOps practices and CI/CD pipelines
• Experience conducting security audits and responding to audit findings
• Strong technical documentation skills with ability to create clear architecture diagrams, runbooks, and standard operating procedures
• Experience working in Agile/Scrum environments with ability to manage sprints and deliver iterative solutions
• Excellent stakeholder management skills with experience collaborating across multiple teams and departments
• Strong analytical and critical thinking abilities with attention to detail
• Proven ability to mentor team members and foster knowledge sharing
• Self-motivated with strong organizational skills and ability to manage multiple priorities

We are an equal opportunity employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, national origin, citizenship/ immigration status, veteran status, or any other status protected under federal, state, or local law.