Hiring Senior Identity & Access Management (IAM) Engineer
Abhinav Mohanty
Hello Everyone,
Please share suitable profiles.
Don’t call me, Once I review the profile will give you a call.
|
If you are sharing any profile, please mention: Location – Work Authorization – "Before submitting any candidates please share the visa back and front copy must and LinkedIn id " |
Role: Senior Identity & Access Management (IAM) Engineer
Location: 100% Remote
US Citizen
only
Job Description:
MUST HAVE SAILPOINT AND & BEYONDTRUST EXPERIENCE.
Role Overview
City of Hope is seeking an elite, highly technical Senior IAM Engineer to architect, secure, and operate our enterprise identity infrastructure [1, 2]. This role is a critical position focused on modernizing our hybrid identity footprint, enforcing zero-trust architecture, and securing privileged access. The ideal candidate possesses deep, hands-on engineering mastery across the Microsoft Entra ID suite, SailPoint Identity Governance, Active Directory, and BeyondTrust PAM [3, 4]. You will be responsible for eliminating identity risk, automating the Joiner-Mover-Leaver (JML) lifecycle, and providing high-confidence identity security across our healthcare and research networks [2].
Core Technical Stack
· Identity Platforms: Microsoft Entra ID (Azure AD), Active Directory (AD) [3].
· Identity Governance (IGA): SailPoint [3, 4].
· Privileged Access Management (PAM): BeyondTrust [4].
· Protocols & Standards: SAML, OIDC, OAuth 2.0, Kerberos, LDAP, KQL.
Key Responsibilities
☁️ Microsoft Entra ID & Hybrid Identity Operations
· Tenant & Core Identity: Maintain Entra ID tenant architecture, service accounts, directory roles, and emergency break-glass account governance.
· Hybrid Identity & Synchronization: Manage Entra Connect and Cloud Sync topologies, resolve complex attribute authority matching issues, and monitor global synchronization health.
· Groups & RBAC: Define enterprise security group standards, engineer dynamic assignment rules, and build scalable Role-Based Access Control (RBAC) and least-privilege authorization models.
🛡️ Authentication, Access Control & Application Identity
· MFA & Passwordless: Design and enforce MFA policies, authentication methods, passwordless configurations (FIDO2, Temporary Access Pass/TAP), and manage exception architectures.
· Conditional Access (CA): Architect and troubleshoot advanced, risk-based Conditional Access strategies tracking application, network, and device postures.
· SSO & Application Integration: Own the full lifecycle of application registrations, enterprise apps, OAuth consent workflows, SAML/OIDC configurations, and token claims mapping.
🔐 Privileged & Governance Controls (SailPoint & BeyondTrust)
· Identity Governance (IGA): Partner to optimize automated SailPoint Joiner-Mover-Leaver (JML) lifecycle workflows, access packages, entitlement management, separation of duties (SoD), and user access reviews.
· Privileged Access Management (PAM): Architect and configure BeyondTrust and Entra Privileged Identity Management (PIM) to enforce Just-In-Time (JIT) access, admin role approvals, and privileged session auditing.
· External Identity (B2B): Enforce guest user lifecycle configurations, cross-tenant synchronization, external vendor access reviews, and naming standards.
🚨 Identity Security, Compliance & Incident Response
· Security Monitoring: Leverage Entra Identity Protection and Microsoft Sentinel integrations to proactively triage identity alerts and anomalies.
· Compliance & Auditing: Respond to identity-centric incident escalations, gather evidence for regulatory audits, and author Standard Operating Procedures (SOPs).
Required Qualifications
· Experience: 7+ years of dedicated Identity and Access Management (IAM) engineering experience within an enterprise environment.
· Platform Mastery: Proven hands-on engineering experience configuring and maintaining Microsoft Entra ID (Azure AD) and on-premises Active Directory [3].
· Governance Tools: Deep technical experience interacting with SailPoint for identity lifecycle automation and access governance [3, 4].
· Privileged Infrastructure: Hands-on experience operating BeyondTrust or Entra PIM for privileged credential vaulting and session management [4].
· Automation: Strong scripting capabilities (PowerShell, Microsoft Graph API) to automate administrative identity tasks.
· Education: Bachelor’s degree in Computer Science, Information Security, or equivalent professional experience.
Preferred Certifications
· Microsoft Certified: Identity and Access Administrator Associate (SC-300)
· Microsoft Certified: Azure Administrator Associate (AZ-104)
· Certified Information Systems Security Professional (CISSP)
· SailPoint Certified IdentityNow/IdentityIQ Engineer or BeyondTrust Certified Engineer [4]