Identity and Access Management (IAM) Engineer
Denver, CO (Hybrid)
Duration:
12 month contract
Pay:$62-68/hr
The IAM Engineer is a hands-on technical role responsible for designing, implementing, and automating secure identity solutions. This position focuses on engineering, scripting, and process improvements to streamline identity lifecycle management, enforce security controls, and ensure regulatory compliance.
The role also supports strategic initiatives, including onboarding enterprise applications, defining access provisioning standards, and integrating identity governance practices, with an emphasis on automation and preventive controls to reduce manual effort and mitigate audit risks.
Key Responsibilities
- Lead improvements and automation for Joiner–Mover–Leaver (JML) processes, leveraging tools such as ServiceNow, SailPoint, and Microsoft Entra ID (Azure AD).
- Define, implement, and maintain Segregation of Duties (SoD) and Toxic Combination standards across applications.
- Design and automate User Access Reviews (UARs) and other access governance functions.
- Engineer and support Microsoft Entra ID services, including SSO (SAML/OIDC), MFA, Conditional Access, and Privileged Identity Management (PIM).
- Support Privileged Access Management (PAM) initiatives, including just-in-time access and session monitoring for high-risk accounts.
- Lead IAM engineering for major platform integrations, establishing provisioning standards and governance patterns.
- Identify automation opportunities to streamline identity lifecycle processes and reduce manual tasks.
- Redesign and automate JML workflows, collaborating with HR and IT to improve data quality and process efficiency.
- Develop and maintain preventive controls to ensure compliance with SOX, ISO 27001, SOC 2, and internal policies.
- Automate audit evidence collection and reporting for access reviews and compliance audits.
- Troubleshoot identity synchronization, federation, and access issues across systems.
- Partner with Security, IT, HR, and Compliance teams to ensure identity services meet security and regulatory requirements.
- Participate in continuous improvement initiatives to enhance IAM processes, technology, and automation.
Technical Skills and Qualifications
- Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent experience.
- 3–5+ years in Identity & Access Management, identity security engineering, or related IAM roles.
- Hands-on experience with Microsoft Entra ID (Azure AD) and Azure identity services.
- Knowledge of Conditional Access, MFA, PIM, and IAM lifecycle processes.
- Experience implementing audit-ready controls and supporting compliance frameworks such as SOX, ISO, SOC 2, ISAE, and DORA.
- Familiarity with APIs, JSON, and XML for system integrations.
- Scripting experience in PowerShell, Python, SQL, Java, or Beanshell.
- Experience with IGA tools such as Microsoft Entra ID Governance or SailPoint.
- Preferred experience with enterprise business systems like Employee Central (SuccessFactors), SAP, Salesforce, or other core platforms.
Core Competencies
- Strong problem-solving, troubleshooting, and engineering skills.
- Ability to design and implement secure, automated identity solutions.
- Excellent communication and documentation skills, capable of translating technical concepts to non-technical stakeholders.
- Ability to work effectively in high-volume, fast-paced environments while maintaining quality and compliance.
- High attention to detail, integrity, and commitment to best practices.
- Strong collaboration skills; able to work across multiple teams and influence without direct authority.
- Commitment to continuous improvement and maintaining technical and compliance standards.
Compliance Expectations
All employees are expected to:
- Prioritize clients’ interests and act ethically in accordance with fairness principles.
- Understand and comply with applicable laws, regulations, and internal policies.
- Seek guidance from Compliance or policy owners when clarification is needed.
...