Senior IAM Engineer

About the role

The Senior Identity & Access Management (IAM) Engineer designs, implements and maintains enterprise IAM solutions, ensuring secure and seamless access to systems and data. You will lead technical initiatives, automate identity lifecycle processes, and integrate applications while enforcing zero‑trust security principles.

Key responsibilities

• Design and implement IAM architectures, including lifecycle management, authentication/authorization models, RBAC/ABAC, and privileged access management.
• Automate joiner/mover/leaver (JML) workflows, build custom connectors and provisioning scripts using PowerShell and Windows Script.
• Manage enterprise directories (Active Directory, Entra ID, LDAP), implement MFA, password‑less and adaptive access policies, and troubleshoot authentication protocols.
• Ensure access governance and compliance with standards such as ISO 27001, SOX, HIPAA, PCI; support certifications and conduct risk analysis.
• Administer PAM platforms (CyberArk, BeyondTrust, Delinea), implement vaulting, credential rotation and just‑in‑time access.
• Onboard applications for SSO and provisioning using SAML, OAuth, OIDC and SCIM; collaborate with developers to apply modern identity patterns.
• Investigate IAM‑related security incidents, support SOC detection, alerts and forensics, and perform root‑cause analysis.

Required profile

• Strong analytical and problem‑solving mindset.
• Excellent communication skills with both technical and non‑technical stakeholders.
• Proven experience leading IAM projects and automation initiatives.

Required skills

• IAM platforms: Okta, Azure AD/Entra ID, Ping, ForgeRock, SailPoint.
• Directory services: Active Directory, LDAP.
• SSO/Federation protocols: SAML, OAuth, OIDC.
• SCIM provisioning.
• Privileged access technologies: CyberArk, BeyondTrust, Delinea.
• Zero‑Trust principles.
• Cloud platforms: Azure, AWS, GCP.
• Scripting: PowerShell, Windows Script.