Sr IAM Engineer

Senior Identity and Access Management (IAM) Engineer
We are seeking a Senior IAM Engineer to lead the architecture, implementation, and operations of our enterprise Identity and Access Management solutions — with a heavy focus on Ping Identity, Okta, modern authentication protocols, and automation. This role is critical to securing user identities, driving customer identity (CIAM) initiatives, and enforcing least privilege access across internal and external systems.
Core Focus Areas:
Ping Identity
Okta Workforce & Customer Identity (CIAM)
OIDC / SAML / OAuth 2.0 / SCIM
PAM (Privileged Access Management)
Identity Automation & API Integration
Responsibilities:
Architect and manage IAM solutions across Ping Identity and Okta platforms.
Design and implement secure authentication and authorization patterns using OIDC, SAML 2.0, OAuth 2.0.
Develop SCIM integrations for user provisioning/deprovisioning across SaaS, on-prem, and cloud-native apps.
Lead customer identity (CIAM) initiatives — enabling secure, frictionless access for external users.
Drive PAM strategy and operations leveraging platforms like Cyber Ark, Beyond Trust, or similar.
Define and enforce identity security controls — Zero Trust, least privilege, RBAC/ABAC.
Automate identity lifecycle processes — provisioning, access management, role engineering, reporting.
Build and maintain API-based integrations for identity management workflows.
Troubleshoot complex IAM issues across authentication, authorization, federation, and access management.
Collaborate with Security, Infrastructure, and Application teams to align IAM strategy to business objectives.
Stay ahead of evolving identity standards, attack patterns, and security trends.

Required Skills:

5+ years of hands-on IAM engineering experience.
Deep expertise with Ping Identity and Okta.
Strong knowledge of OIDC, SAML 2.0, OAuth 2.0, and SCIM.

Experience with PAM solutions — Cyber Ark, Beyond Trust, etc.
Strong knowledge of CIAM design and customer identity best practices.
Solid understanding of RBAC, ABAC, Zero Trust, and modern identity security models.
Proficiency in Python, Power Shell, or other scripting languages for automation.
Experience working with RESTful APIs for identity workflows.
Familiarity with IAM controls in Azure AD/Entra, Okta & Ping
Strong troubleshooting and problem-solving skills in complex IAM environments.
Preferred:

Certifications:

Okta Certified Consultant, Ping Identity Certified, Azure Identity & Access Administrator, CISSP.

Experience with CIAM user journeys, registration flows, MFA, and customer-facing identity design.
Familiarity with Dev Ops pipelines and Infrastructure-as-Code for IAM automation.
Experience supporting regulatory compliance: SOX, HIPAA, PCI, GDPR.

FULLY Remote Role - 3,437,800 LPR/Y