IAM & Enterprise Application Engineer

About The Position

Requirements

• Must-have a blend of business operations understanding and technical expertise.
• Demonstrated experience in several of the following:
• Identity Governance & Administration (e.g., Okta IGA/Workflows, SailPoint), directory/IdP (e.g., Entra ID, Okta).
• SSO & federation standards (SAML, OIDC, OAuth 2.0), MFA/conditional access, device trust.
• HRIS/ITSM integration (e.g., Workday/UKG/BambooHR; ServiceNow/Jira) and SCIM/JIT provisioning.
• RBAC/ABAC design, role mining, separation of duties modeling for financial/operational functions, periodic access reviews.
• Scripting & automation (PowerShell, Python), REST APIs, webhooks.
• Experience with IaC or policy-as-code.
• SaaS platform administration at scale (license management, secure configuration, delegated administration, audit logging).
• Regulatory familiarity: FFIEC, GLBA, SOX, NIST CSF/SP 800-53 and evidence automation for audits.
• Strong stakeholder management, process mapping, and communication skills. Able to influence across teams.
• Comfortable operating effectively in a dynamic and changing environment (often with unstructured and/or virtual teams).
• Ability to manage multiple priorities, meet deadlines, and deliver business results.
• 8+ years in identity engineering, enterprise applications administration, or related fields, preferably in regulated financial-services or cloud-first environments.

Nice To Haves

• Security certifications, such as CISSP, AZ-500, or GIAC, are a plus.

Responsibilities

• Design and operate identity lifecycle automation across directories, SaaS apps, and groups using HRIS/source-of-truth and SCIM/API integrations.
• Define and maintain standard access profiles by role, job family, and team.
• Build and run access review campaigns both for ad-hoc access and the composition of standard access profiles. Ensure evidence of access review campaign preparation and completion is audit-ready.
• Configure new applications and federated trusts (SAML/OIDC) in IdPs.
• Administer authentication, session, conditional access, and device trust policies, ensuring systems are hardened against unauthorized access and common threats, such as credential stuffing and session theft.
• Develop integrations and scripts (Python, TypeScript, and PowerShell preferred, with knowledge of APIs and webhooks a necessity)
• Adopt Infrastructure-as-Code where supported (e.g., Terraform for Okta and Entra).
• Lead the COTS/SaaS application lifecycle: intake & vendor assessment, PoC, secure configuration, go-live, ongoing administration, license/usage optimization, and deprecation.
• Partner with the business unit driving the usage of each application define, document, implement, and administer the application’s access model.
• Integrate enterprise applications with central identity services (directory/IdP), enabling JIT/SCIM provisioning and deprovisioning.
• Integrate applications into standard security-relevant operational processes, such as asset management, configuration hardening, data loss prevention, change management, and security monitoring.
• Map identity and application controls to FFIEC, GLBA, SOX, PCI-DSS, and NIST CSF v2.0 requirements.
• Centralize application logs and admin activity, partner with business units and the Security Operations team to develop monitoring, and coordinate with Security Operations for incident response and forensics when required.
• Prepare audit evidence packages (config exports, campaign artifacts, approvals) and lead remediation of exceptions.

Benefits

• Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
• Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
• Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
• Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.
• Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
• Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury.
• Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
• 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
• Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
• Holidays: Enjoy 11 paid holidays throughout the year.