IAM Security Engineer

• Identity Lifecycle & Access Management: Manage and improve provisioning, de-provisioning, and modification processes for user accounts and service principals across cloud and enterprise systems
• Conduct access reviews, entitlement cleanups, and role evaluations to ensure least-privilege access
• Identify gaps in lifecycle processes and recommend enhancements or workflow automation opportunities
• Access Requests & Role Governance: Process and validate access requests, ensuring alignment with RBAC models, security policies, and job function requirements
• Contribute to the development and refinement of RBAC roles, access policies, and approval workflows
• Partner with stakeholders to analyze access patterns and propose more efficient and secure role structures
• Application Integration & IAM Enablement: Support onboarding applications into IAM systems, including SSO configuration, SCIM provisioning, OAuth app integration, and secure authentication setup
• Work with application and engineering teams to ensure proper identity integration and consistent enforcement of IAM standards
• Assist with evaluating and implementing new IAM tools or capabilities as the organization evolves
• Security Controls & Identity Governance: Implement and support IAM security controls such as MFA, Conditional Access policies, PIM, and identity governance features
• Monitor for identity threats, misconfigurations, and anomalies
• proactively recommend remediation steps
• Participate in maturing identity governance processes such as certification campaigns, privileged access workflows, and separation-of-duty reviews
• Incident Response & Operational Support: Troubleshoot and resolve identity-related issues with moderate complexity, including authentication failures, directory sync issues, and access conflicts
• Investigate identity-related security alerts and coordinate escalation with Security Operations team as needed
• Provide SME support to IT, security, and engineering teams for IAM-related questions and problems
• Compliance, Auditing & Reporting: Support internal and external audits by preparing access-related evidence, reports, and documentation
• Ensure IAM controls and workflows meet regulatory, security, and policy requirements
• Develop periodic reports on access activity, privileged accounts, anomalies, and IAM policy adherence
• Documentation, Knowledge Sharing & Process Improvement: Maintain accurate and detailed documentation of IAM processes, workflows, configurations, and standards
• Contribute to internal knowledge bases, runbooks, training materials, and user guides
• Continuously evaluate IAM processes and tools to identify opportunities to streamline, standardize, or automate.

• Bachelor's degree or equivalent in Computer Science, Information Security, or Information Systems
• 3-5 years of hands-on experience in an Identity and Access Management (IAM) role with a strong focus on Azure environments
• Strong understanding of Azure Entra ID (Azure Active Directory), including Conditional Access, MFA, Identity Governance, PIM, directory services, and RBAC
• Experience supporting SSO integrations and identity protocols such as SAML, OAuth 2.0, OpenID Connect, and SCIM provisioning
• Ability to analyze and improve access models, workflows, and entitlements, applying least privilege and zero-trust principles
• Proficiency with PowerShell or similar scripting tools to automate IAM tasks
• Experience monitoring for identity-related threats, anomalous login behavior, and misconfigurations in cloud IAM environments
• Working knowledge of IT/security governance and compliance frameworks (e.g., SOC 2, ISO 27001, NIST) and experience supporting audits or access reviews
• Strong troubleshooting and diagnostic skills for identity issues involving authentication, authorization, directory sync, and permissions
• Excellent written and verbal communication skills, including the ability to work cross-functionally with engineering, IT, and security teams
• Ability to work effectively in a fast-paced environment, handle multiple priorities, and take ownership of IAM responsibilities
• This position requires onsite work at Truveta’s Bellevue, WA office.

Relevant certifications preferred, such as Microsoft SC-300 (strongly preferred), AZ-104, AZ-500, or Security+.

• Interesting and meaningful work for every career stage
• Comprehensive benefits with strong medical, dental and vision insurance plans
• 401K plan
• Professional development & training opportunities for continuous learning
• Work/life autonomy via flexible work hours and flexible paid time off
• Generous parental leave
• Regular team activities (virtual and in-person)
• Additional compensation such as incentive pay and stock options for certain roles.