CrawlJobs Logo

Identity and Access Management Engineer

United States, San Jose 133400.00 - 200000.00 USD / Year · Job Posted March 10, 2026
Apply Position
Job Link Share

Job Description

We are seeking an Identity and Access Management Engineer to design and protect Archer's identity ecosystem. You are a proactive, team-oriented communicator who understands the bigger picture. The ideal candidate will develop and deploy enterprise-level authentication, authorization, and privileged access solutions that support our critical systems while ensuring compliance with CMMC Level 2, NIST SP 800-171, SOX, and ITAR. This role requires deep technical expertise in modern identity platforms (such as Okta, Google Identity Platform, AWS Identity Center, Azure AD), privileged access management (Delinea), identity governance, and Zero Trust principles. You will collaborate with infrastructure, security, and compliance teams to create scalable, auditable access controls that improve operational efficiency and security.

Job Responsibility

  • Design and implement Zero Trust Architecture (ZTA) across Archer's enterprise network, eliminating implicit trust and enforcing continuous verification of user identity and device posture before granting access
  • Architect and maintain Okta as the authoritative Identity Provider (IdP) for Archer, managing Single Sign-On (SSO), Multi-Factor Authentication (MFA), and user lifecycle management across all enterprise applications and SaaS platforms
  • Design and implement Privileged Access Management (PAM) using Delinea, including credential vaulting, privileged session management, and automated credential rotation for administrative and service accounts
  • Implement Identity Governance and Administration (IGA) controls to enforce role-based access control (RBAC), segregation of duties, periodic access reviews, and just-in-time (JIT) access provisioning
  • Build and maintain federated identity standards (OIDC, SAML, SCIM) to enable secure integration between Archer's identity platform and third-party applications, cloud providers, and vendor systems
  • Conduct access control audits and design remediation strategies to ensure compliance with NIST SP 800-171 Access Control (AC) requirements, CMMC Level 2 practices, and SOX ITGC expectations for financial systems
  • Implement automated audit logging and session recording for all authentication and privileged access events, ensuring that individual users' actions can be uniquely traced for compliance investigations and forensic analysis
  • Secure third-party and contractor access by implementing time-limited, role-restricted access provisioning and automated de-provisioning upon project completion or relationship termination
  • Stay current with emerging identity threats, attack vectors, and security best practices, including insider threats, account takeover (ATO), and lateral movement techniques
  • Provide technical guidance and training to IT, application, and security teams on identity best practices and policy enforcement

Requirements

  • 5 plus years of experience in Identity and Access Management or related roles, with a minimum of 2 years in a senior or architect-level capacity
  • Hands-on design and implementation experience with enterprise Identity Providers such as Okta, Azure AD (Active Directory), or Ping Identity
  • Deep technical understanding of authentication protocols and standards, including OIDC, SAML, OAuth 2.0, and LDAP
  • Extensive experience designing and operating Privileged Access Management (PAM) solutions, preferably Delinea, including credential vaulting, session recording, and approval workflows
  • Working knowledge of RBAC (Role-Based Access Control) design and implementation, with the ability to map complex organizational hierarchies to access policies
  • Experience implementing and managing Multi-Factor Authentication (MFA) technologies such as FIDO2, Okta Verify, Duo Security, YubiKey, and PKI-based authentication
  • Strong understanding of NIST SP 800-171 and CMMC Level 2 requirements, specifically as they relate to access control, audit logging, and identity governance
  • Proficiency in scripting and automation using PowerShell, Python, or Bash to automate identity workflows, audit processes, and integrations
  • Excellent communication skills to translate complex identity architecture and compliance requirements to both technical teams and executive leadership

Nice to have

  • Hands-on experience architecting and implementing Zero Trust Architecture (ZTA) across enterprise networks
  • Experience with Identity Governance and Administration (IGA) platforms such as SailPoint or Okta Identity Governance
  • Knowledge of SCIM (System for Cross-Domain Identity Management) and REST APIs for automating user provisioning and de-provisioning across SaaS applications and HR systems
  • Familiarity with aerospace, defense, or federal contractor environments, including experience with ITAR, CMMC enforcement, or DoD contract requirements
  • Experience conducting or participating in CMMC Level 2 assessments or NIST 800-171 compliance audits
  • Relevant security certifications such as CISSP, CISM, and Okta Certified Administrator, or Azure Administrator (AZ-104)
  • Experience with insider threat detection, behavioral analytics, and anomalous access pattern identification
  • Knowledge of Single Sign-On (SSO) attacks, credential stuffing, phishing-resistant MFA, and modern attack techniques against identity systems
  • Direct experience with compliance frameworks, ISO 27001, PCI, HIPAA, ITAR/ EAR, NIST 800-171, CMMC, CUI, and DO-326A
  • Advanced degrees in Computer Science, Cybersecurity, or Engineering

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Identity and Access Management Engineer

8 matching positions

Identity and Access Management Engineer

We are looking for an Identity and Access Management Engineer to support secure ...
Location
Location
United States , Silver Spring
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience designing and supporting identity and access management solutions in complex enterprise environments
  • Strong knowledge of federation concepts and hands-on experience with OAuth 2.0, OpenID Connect, claims, and token-based authentication
  • Ability to develop process documentation and integration standards for onboarding enterprise applications
  • Experience improving identity lifecycle workflows, including user onboarding, role changes, and offboarding activities
  • Familiarity with access governance practices such as certification reviews, remediation tracking, and segregation of duties enforcement
  • Working knowledge of Active Directory-related technologies, including Group Policy Objects and enterprise access architecture
  • Understanding of supporting infrastructure domains such as server virtualization, enterprise storage, DevOps practices, and architecture standards
Job Responsibility
Job Responsibility
  • Architect and support identity federation integrations for enterprise platforms using modern authentication and authorization standards such as OAuth 2.0 and OpenID Connect
  • Establish and maintain trust relationships and secure sign-on configurations to ensure dependable access across connected applications
  • Create clear onboarding frameworks and technical documentation to streamline the integration of new business systems into the identity environment
  • Investigate and resolve complex authentication issues involving tokens, claims, and federated access flows
  • Drive improvements to joiner, mover, and leaver processes so that account provisioning and deprovisioning remain accurate and timely
  • Enhance access models and contribute to role engineering efforts that align user permissions with business responsibilities
  • Support access review activities by helping coordinate certification campaigns and tracking remediation work through completion
  • Reinforce segregation of duties controls and apply policy standards that reduce risk and strengthen governance
  • Collaborate with infrastructure and engineering teams on directory services, Group Policy Objects, virtualization, storage, and DevOps-related IAM dependencies
What we offer
What we offer
  • Medical insurance
  • Vision insurance
  • Dental insurance
  • Life insurance
  • Disability insurance
  • 401(k) plan
  • Free online training
  • Access to top jobs
  • Fulltime
Read More
Arrow Right

Identity and Access Management Engineer

The Identity and Access (IAM) Engineer will help mature Clark’s security posture...
Location
Location
United States , McLean; Baltimore
Salary
Salary:
Not provided
clarkconstruction.com Logo
Clark Construction Company
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in the information technology field
  • 3+ years of experience of IAM-related experience
  • Strong oral communication and writing skills
  • Ability to collaborate across business units and engage with stakeholders
  • Proficient knowledge of IAM concepts
  • Authentication Methods
  • Least Privilege Access
  • Experience integrating with account and access management technologies
  • APIs
  • SCIM
Job Responsibility
Job Responsibility
  • Identity and Access Governance (IGA) Administration
  • Administer and maintain the IGA platform (Saviynt)
  • Onboarding new applications to the platform
  • Resolve IAM-related issues
  • Authentication and Authorization Administration
  • Configure and maintain single sign-on (SSO) integrations
  • Administer and maintain SSO platforms
  • Identity Lifecycle Management
  • Automate user provisioning and de-provisioning processes.
  • Develop and maintain role and attribute-based access controls.
  • Fulltime
Read More
Arrow Right

Identity and Access Management Engineer

The Identity and Access Management (IAM) Engineer is accountable for the design,...
Location
Location
United States , Tucker
Salary
Salary:
99360.00 - 173900.00 USD / Year
gasoc.com Logo
Georgia System Operations
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Systems, or a related field from an accredited college or university
  • Minimum of 4 years of experience implementing and operating enterprise IAM solutions, including SSO, MFA, identity lifecycle management, and directory services
  • Hands-on experience with enterprise IAM platforms such as Microsoft Entra ID (Azure AD), Okta, Ping Identity, or ForgeRock
  • Strong knowledge of SSO, MFA, conditional access, RBAC, ABAC, and Zero Trust architectures
  • Experience integrating IAM with Azure, AWS, and/or GCP
  • Working knowledge of Active Directory, Azure AD, LDAP, and identity synchronization
  • Experience with Privileged Access Management solutions and secure service account management
  • Experience with IAM and PAM platforms
  • Scripting and automation (PowerShell, Python preferred)
  • Logging and monitoring integrations with SIEM platforms
Job Responsibility
Job Responsibility
  • Design, implement, and operate enterprise IAM solutions across on-premises and cloud environments, including SSO, MFA, conditional access, RBAC, directory services, and application integrations
  • Own and continuously improve Joiner/Mover/Leaver processes using authoritative identity sources
  • Implement role- and attribute-based access models and automation to ensure timely provisioning and deprovisioning
  • Implement and operate PAM solutions for administrative and service accounts, enforcing least privilege, credential vaulting, session monitoring, and secure break-glass access
  • Support access reviews, audits, and regulatory assessments
  • Maintain IAM documentation, standards, and procedures
  • Identify and remediate identity-related risks and control gaps
  • Assist with identity-related incident response activities
  • Investigate authentication anomalies, improve IAM logging and monitoring, and enhance alerting and detection capabilities
  • Serve as the IAM subject-matter expert
What we offer
What we offer
  • Comprehensive medical, dental, and vision coverage
  • Strong retirement program
  • Career development
  • Flexible work schedules
  • Focus on wellness
  • Fulltime
Read More
Arrow Right

Identity and Access Management Engineer

We are seeking an Identity & Access Management (IAM) Security Specialist to supp...
Location
Location
United Arab Emirates , Dubai
Salary
Salary:
Not provided
parserdigital.com Logo
Parser Limited
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Security, or related field
  • equivalent experience accepted
  • 3–7 years of experience in Identity & Access Management, Identity Governance, or Security Operations
  • Proven experience reviewing and improving identity processes, procedures, and internal controls
  • Hands-on experience implementing or operating IAM platforms such as: OneLogin, Okta, SailPoint IdentityIQ / IdentityNow, Microsoft Entra ID (formerly Azure AD), AWS IAM, AWS SSO, or AWS Organizations
  • Strong understanding of authentication, authorization, SSO, MFA, federation, and identity protocols (SAML, OAuth2, OIDC, SCIM)
  • Experience with RBAC, least privilege, privileged access, and access attestation processes
  • Excellent communication and documentation skills
Job Responsibility
Job Responsibility
  • Review, assess, and optimize identity lifecycle processes, including onboarding, offboarding, access reviews, recertification, and role-based access control (RBAC)
  • Conduct access control audits of other applications such as Salesforce, Netsuite etc to identify and access control gaps and security issues. Work alongside Salesforce and Netsuite teams to close findings
  • Identify control gaps and recommend improvements to strengthen identity assurance and compliance
  • Ensure IAM processes meet regulatory, audit, and internal security requirements
  • Operational Management: Oversee the day-to-day operation and maintenance of IDAM controls and security solutions, ensuring high availability and optimal performance
  • Operate and monitor IAM controls across the environment, ensuring proper execution of provisioning, deprovisioning, and privilege assignment
  • Support day-to-day IAM operations, including user access requests, privileged access management (PAM) oversight, and multi-factor authentication (MFA) management
  • Conduct periodic access reviews, segregation of duties (SoD) assessments, and user entitlement analyses
  • Implement and configure IAM tools and platforms to support identity governance, SSO, MFA, directory services, and access control mechanisms
  • Integrate applications and systems into the IAM ecosystem using SAML, OAuth, OIDC, SCIM, and other relevant identity protocols
What we offer
What we offer
  • The chance to join an organization with triple-digit growth that is changing the paradigm on how software products are built
  • The opportunity to form part of an amazing, multicultural community of tech experts
  • A highly competitive compensation package
  • Fulltime
Read More
Arrow Right

Engineer, Identity and Access Management

As an Identity Engineer, you will be responsible for the design, implementation,...
Location
Location
United States
Salary
Salary:
66379.50 USD / Year
stridelearning.com Logo
Stride, Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Five (5+) years of experience in identity & access management, user administration, or security compliance
  • Documented experience and a solid understanding of identity lifecycle management, credential management, role-based access, and identity governance
  • Demonstrable experience with identity management & administration tools and practices
  • Prior in-depth expertise with Active Directory, Entra ID, and SailPoint Identity Security Cloud required
  • Hands-on experience with Privileged Identity Management systems required
  • In-depth understanding of leading-edge identity governance - enabling technologies & practices
  • Strong demonstrated ability to gain consensus and support across diverse functions and departments
  • Excellent communication and presentation skills (verbal and written)
  • Experienced guiding stakeholders with risk-based decision-making
  • Ability to identify, document, and communicate information security issues to business and information owners
Job Responsibility
Job Responsibility
  • Design, implement, and maintain Stride’s Identity Governance, Management, Privileged Access Management technologies and Access technologies
  • Enforce company policies and procedures related to IAM, IGA, and PAM
  • Update and maintain policies, standards, and procedures as needed
  • Work with other IT team members to ensure seamless integrations into the overall IT infrastructure
  • Develop architecture diagrams, process workflows, and technical documentation for identity governance frameworks
  • Design and implement API integrations to enhance automation and system interoperability
  • Work with DevOps and engineering teams to integrate IAM capabilities into cloud and hybrid environments
  • Troubleshoot IAM & IGA issues and develop creative solutions to solve problems
  • Implement IGA & IAM controls & support IT IAM Controls testing (SOX and non-SOX)
  • Create detailed technical documentation and architecture diagrams to support IAM and PAM initiatives
What we offer
What we offer
  • Health benefits
  • Retirement contributions
  • Paid time off
  • Eligible employees may receive a bonus
  • Fulltime
Read More
Arrow Right

Senior Customer Identity and Access Management Engineer

Are you passionate about securing digital identities and creating seamless user ...
Location
Location
Ireland , Dublin 2
Salary
Salary:
Not provided
bentley.com Logo
Bentley Systems
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A minimum of 5 years of hands-on experience with the Ping Identity suite
  • Thorough understanding of Identity and Access Management (IAM) for both enterprise and customer-facing applications
  • Strong coding and scripting abilities (Java & TypeScript are preferred)
  • In-depth knowledge of OAuth, OIDC, and SAML
  • Knowledge of System for Cross-domain Identity Management (SCIM)
  • Experience with API configuration and deployment
  • Strong experience with Linux environments (navigating, tuning, etc.)
  • Excellent problem-solving and communication skills
Job Responsibility
Job Responsibility
  • Lead the management and administration of the full Ping Identity suite, including Ping Federate, Ping Access, Ping Directory, Ping Data Proxy, Ping Data Sync, and Ping Authorize
  • Architect and manage common Ping Components, such as IdP & SP adapters, selectors, authentication policies, and more
  • Deploy, configure, and troubleshoot modern authentication protocols, including OAuth, OIDC, and SAML, ensuring compliance with industry standards
  • Strengthen security by configuring and deploying Multi-Factor Authentication (MFA) solutions
  • Oversee the entire lifecycle of digital certificates
  • Develop and maintain clean, efficient, and well-documented code and scripts, with a preference for Java & TypeScript
  • Configure and deploy APIs to extend and integrate our CIAM solutions
  • Thrive in a DevOps model, contributing to our CI/CD pipelines and automation efforts
  • Operate within our cloud-based infrastructure, with a preference for AWS
  • Manage and maintain containerized environments
What we offer
What we offer
  • A great Team and culture
  • An exciting career as an integral part of a world-leading software company
  • An attractive salary and benefits package
  • A commitment to inclusion, belonging, and colleague well-being through global initiatives and resource groups
  • A company committed to making a real difference by advancing the world’s infrastructure for a better quality of life
Read More
Arrow Right

Senior Staff Identity and Access Management Engineer

GEICO is seeking an experienced Engineer with a passion for building high perfor...
Location
Location
United States , Chevy Chase; Palo Alto; Dallas; Seattle
Salary
Salary:
120000.00 - 260000.00 USD / Year
geico.com Logo
Geico
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of professional experience in technology or identity engineering
  • 8+ years of experience with security, identity, architecture, and design
  • 4+ years of experience with open-source frameworks is desired
  • 4+ years of experience with AWS, GCP, Azure, or another cloud service
  • 1+ years of people management experience
  • Bachelor’s degree in computer science, Information Systems, or equivalent education or work experience
  • Experience building the architecture and design (architecture, design patterns, reliability, and scaling) of new and current systems
  • Fluency in DevOps Concepts, Cloud Architecture, and the Software Development Lifecycle
  • Experience in security protocols and products: Understanding of Active Directory, Kerberos, LDAP, SAML, OAuth, and OIDC
  • Experience with continuous delivery and infrastructure as code
Job Responsibility
Job Responsibility
  • Lead execution and adoption of modern authentication and authorization mechanisms (SAML, OIDC/OAUTH2)
  • Engage peers and leaders at all levels
  • Consistently share best practices and improve processes within and across teams
  • Determine and support resource requirements, evaluate operational processes, measure outcomes to ensure desired results, and demonstrate adaptability and sponsoring continuous learning
  • Own the complete project lifecycle for application integrations of both on-premises and SaaS applications with our IGA platform
  • Collaborate with application team to implement tokenization solutions that reduce sensitive data exposure, thereby enhancing data security and minimizing the risk of unauthorized access
  • Stay at the forefront of emerging identity trends, technologies, and best practices, and apply this knowledge to enhance GEICO’s data protection strategies
  • Provide technical guidance and mentorship to the team, fostering a culture of innovation, collaboration, and continuous improvements
  • Collaborate with cross-functional teams, including security, compliance, and application teams to ensure the seamless integration and alignment of solutions with organizational goals
  • Build resilient and scalable architecture, driving innovation and cost efficiency
What we offer
What we offer
  • Comprehensive Total Rewards program that offers personalized coverage tailor-made for you and your family’s overall well-being
  • Financial benefits including market-competitive compensation
  • a 401K savings plan vested from day one that offers a 6% match
  • performance and recognition-based incentives
  • and tuition assistance
  • Access to additional benefits like mental healthcare as well as fertility and adoption assistance
  • Supports flexibility- We provide workplace flexibility as well as our GEICO Flex program, which offers the ability to work from anywhere in the US for up to four weeks per year
  • Fulltime
Read More
Arrow Right

Cloud Software Engineer - Identity and Access Management

The Platform Auth team’s goal is to support our ‘one customer identity’ vision b...
Location
Location
Canada
Salary
Salary:
Not provided
clickhouse.com Logo
ClickHouse
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4+ years of experience as a software engineer, with focus on complex system design and development, working with diverse programming languages (i.e. C++, TypeScript)
  • Bachelor’s or Master’s degree in Computer Science or a related field
  • or equivalent experience
  • Experience implementing authentication and authorization services to a standard such as SAML, SCIM, OAuth2, or OIDC
  • Direct experience with Auth0, Okta, Cloud IAM (AWS, GCP, Azure) and AuthZ systems
  • Experience implementing access control on web applications, APIs and databases
  • Experience with distributed systems, cloud computing, and scalable architectures
  • You are passionate about building secure systems that are easy to use and easy to develop against
  • You have excellent communication skills and the ability to work well within a team and across engineering teams
  • You are a strong problem solver and have solid production debugging skills
Job Responsibility
Job Responsibility
  • Develop, manage and collaborate with other engineering teams for authentication, authorization, audit logging and monitoring
  • Ensure customers and internal users are provided a secure, user-friendly way to access systems, including support for SAML, SCIM, MFA and passwordless auth
  • Ensure resources have the proper level of authorization that is secure, easy for users to understand and easy for engineers to develop against
  • Ensure events are captured for analysis and surfaced for both internal teams and customers as appropriate
  • Collaborate with other engineering teams to understand database access management patterns, provide guidance for security or usability improvements and contribute where possible
  • Collaborate with other engineering teams to understand integration patterns for third party systems and work to develop common patterns and platforms to enable secure management of credentials for this application
  • Ensure systems comply with relevant security and compliance frameworks, such as NIST
  • Create and maintain internal documentation to enable other teams to on-board and integrate with identity & access management systems
  • Respond to on-call escalations involving the identity and access management platform
What we offer
What we offer
  • Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in 20 countries.
  • Healthcare - Employer contributions towards your healthcare.
  • Equity in the company - Every new team member who joins our company receives stock options.
  • Time off - Flexible time off in the US, generous entitlement in other countries.
  • A $500 Home office setup if you’re a remote employee.
  • Global Gatherings – We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites
Read More
Arrow Right