CrawlJobs Logo
Barbaricum Logo Barbaricum · IT - Administration

Zero Trust IGA Engineer

United States, Tampa · Job Posted January 30, 2026
Apply Position
Job Link Share

Job Description

We are seeking an IGA Engineer to support USSOCOM’s Zero Trust execution efforts by implementing and operating SailPoint-based identity governance capabilities across NIPR, SIPR, and Top Secret networks. The IGA Engineer is responsible for designing, deploying, and maintaining SailPoint Identity Governance solutions that serve as the authoritative source for identity attributes and access decisions. This role goes beyond basic provisioning and focuses on implementing lifecycle automation, access governance, and attribute-driven access control in complex, multi-enclave environments.

Job Responsibility

  • Design, deploy, and maintain SailPoint IdentityNow or IdentityIQ to automate Joiner-Mover-Leaver (JML) identity lifecycle processes
  • Define and manage identity attributes (e.g., clearance, role, COI, project codes) used to support attribute-based access control (ABAC) models
  • Configure and execute automated access certification campaigns for privileged roles and critical systems
  • Develop and maintain SailPoint role models, including technical and business roles, to replace static group-based access
  • Support identity governance operations across disconnected and air-gapped environments, including Top Secret networks
  • Ensure identity data integrity and synchronization between low-side and high-side environments
  • Collaborate with ICAM, Zero Trust, and integration teams to ensure identity attributes are consumed correctly by downstream enforcement tools
  • Support audit and compliance requirements related to access governance and identity lifecycle management

Requirements

  • Active DoD Top Secret clearance with SCI eligibility
  • DoD 8570 / 8140 compliant (Security+ CE or higher – IAT Level II)
  • 5+ years of hands-on experience implementing and administering SailPoint (IdentityNow or IdentityIQ) in an enterprise environment
  • Strong understanding of identity lifecycle management (Joiner-Mover-Leaver automation)
  • Experience integrating SailPoint with Active Directory, LDAP, and Microsoft Entra ID
  • Experience implementing access governance concepts, including RBAC, separation of duties (SoD), and access certification
  • Ability to operate independently in complex, mission-critical environments
  • Labor Category Alignment: Journeyman: 3–10 years of experience
  • BA/BS or MA/MS
  • Senior: 10+ years of experience
  • MA/MS
  • supports high-visibility or mission-critical program efforts and may lead others

Nice to have

  • Experience implementing Attribute-Based Access Control (ABAC) strategies
  • Familiarity with DoD ICAM reference architectures and Zero Trust concepts
  • Experience integrating SailPoint using REST, SCIM, or SOAP
  • Prior experience supporting USSOCOM or other DoD organizations
  • SailPoint Certified IdentityNow or IdentityIQ Engineer
  • CIAM or CISA certification
Barbaricum - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Zero Trust IGA Engineer

8 matching positions

Identity Governance and Administration (IGA) Engineer

Barbaricum is seeking an Identity Governance and Administration (IGA) Engineer t...
Location
Location
United States , Tampa
Salary
Salary:
Not provided
barbaricum.com Logo
Barbaricum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Active DoD Top Secret clearance with SCI eligibility
  • Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Computer Science, or related field
  • 3–10 years of relevant experience (Journeyman) or 10+ years of experience (Senior)
  • Hands-on experience implementing and administering SailPoint identity governance solutions
  • Strong knowledge of Active Directory, LDAP, and Azure Active Directory structures and management
  • Experience implementing Role-Based Access Control (RBAC), Separation of Duties (SoD), and access certification processes
  • Required: CompTIA Security+ CE (DoD 8570 IAT Level II)
Job Responsibility
Job Responsibility
  • Deploy and administer SailPoint IdentityNow or IdentityIQ across enterprise environments
  • Design and automate identity lifecycle processes including Joiner, Mover, and Leaver (JML) workflows
  • Define and manage identity attribute schemas supporting Attribute-Based Access Control (ABAC) models
  • Implement access certification campaigns and governance processes to maintain compliance with audit requirements
  • Develop and maintain role-based and attribute-based access models within SailPoint
  • Integrate SailPoint with Active Directory, Azure Active Directory (Entra ID), and enterprise applications
  • Support synchronization of identity data across classified and unclassified networks
Read More
Arrow Right
New

Global Senior Security Manager

We are seeking a seasoned security leader to partner with our CISO in protecting...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 210000.00 USD / Year
alterdomus.com Logo
Alter Domus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years in cybersecurity with at least 5 years in a leadership role managing global, cross-functional teams
  • Proven track record of representing security at C-suite and board level, translating complex risk into clear business narrative
  • Experience in financial services or a similarly regulated industry (FCA, PRA, DORA, SOX, PCI-DSS)
  • Familiarity with deploying AI security frameworks such as NIST AI RMF 1.0, MITRE ATLAS, and financial services AI governance standards
  • Practical knowledge of implementing AI-powered security tools to automate detection, response, and guardrail enforcement
  • Familiarity with AI model risk, LLM threat surfaces, data poisoning, prompt injection, and adversarial ML attack vectors
  • Familiarity with enterprise security tools
  • Broad exposure to endpoint protection, vulnerability management, CSPM, DLP, and email security platforms
  • CISSP, CISM, or CRISC — one or more preferred
  • CCSP or equivalent cloud security credential
Job Responsibility
Job Responsibility
  • Support CISO in key decision making and regulatory meetings — presenting risk posture, programme status, and strategic recommendations with clarity and confidence
  • Build, mentor, and manage high-performing, globally distributed security teams spanning multiple time zones and functions
  • Define and execute the enterprise security roadmap aligned with business strategy and applicable regulatory requirements (FCA, PRA, DORA, SOX, PCI-DSS)
  • Lead end-to-end transformation of Identity & Access Management (IAM) and Privileged Access Management (PAM), including strategy, tooling selection, and programme delivery
  • Drive implementation of an Identity Governance & Administration (IGA) framework — encompassing joiner/mover/leaver processes, role engineering, access certification, and policy enforcement
  • Oversee deployment and maturation of PAM controls, credential vaulting, just-in-time access, and session monitoring to eliminate over-privileged accounts across the enterprise
  • Establish access management metrics and KPIs reported to executive leadership and regulators
  • Lead the Zero Trust Architecture (ZTA) transformation programme — defining principles, technology roadmap, and phased rollout across on-premises, cloud, and hybrid environments
  • Drive AI-augmented network and security architecture, leveraging machine learning for anomaly detection, automated policy enforcement, and predictive threat modelling
  • Build and operationalise a Network Operations (NetOps) operating model — defining governance, runbooks, escalation paths, and SLA frameworks for a globally resilient network
What we offer
What we offer
  • Support for professional accreditations
  • Flexible arrangements, generous holidays, plus an additional day off for your birthday
  • Continuous mentoring along your career progression
  • Active sports, events and social committees across our offices
  • 24/7 support available from our Employee Assistance Program
  • The opportunity to invest in our growth and success through our Employee Share Plan
  • Plus additional local benefits depending on your location
  • Fulltime
Read More
Arrow Right

Enterprise Identity Architect

We are seeking an Enterprise Identity Architect with deep, hands-on expertise in...
Location
Location
United Kingdom , Multiple Locations
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven record of accomplishment leading largescale IAM transformations in the Defence Sector with mixed classification environments (OFFICIAL, OFFICIALSENSITIVE, SECRET)
  • Deep expertise with Microsoft Entra ID (Azure AD), Entra Connect/Cloud Sync, MIM/Entra ID Governance, Conditional Access, PIM, tenant to tenant and hybrid patterns
  • Active Directory (multi‑forest consolidation, trusts, tiered admin, admin forests), DNS/PKI (enterprise and offline PKI, CRL/OCSP, HSMs FIPS 140‑2/3)
  • PIM , PAW and PAM
  • MFA/password less (FIDO2, smartcards, CAC/PIVstyle credentials), credential hygiene, Kerberos/NTLM deprecation strategies
  • Zero Trust identity controls, RBAC/ABAC, and policy as code approaches
  • Aligning all Zero Trust / Master identity to Enterprise Service Model
  • Demonstrable success unravelling complex identity estates (e.g., multiple AD forests, conflicting schemas, brittle sync, overlapping personas) and delivering a master identity model with clean source of truth and lifecycle automation
  • Experience defining cross domain identity patterns for air gapped or highside environments, including guardmediated flows, brokers, one way trust, and offline credential issuance
  • Strong documentation: HLD/LLD, architecture decision records, control mappings (JSP/ASP/NCSC), test plans, migration & decommission plans
Job Responsibility
Job Responsibility
  • Enterprise Identity Architecture: Define and own end to end IAM reference architectures for OFFICIAL and SECRET domains, including enclave segregation, trust models, and boundary controls
  • Design authoritative identity sources and golden record schemas (HR, ERP, clearance systems), lifecycle policies (joiner/mover/leaver), and attribute governance
  • Specify RBAC/ABAC models, entitlement catalogues, role mining, separation of duties (SoD) and privileged access patterns (PAW tiers, admin forest, bastion models)
  • Technical Strategy & Delivery: Lead consolidation/modernisation across Microsoft Entra ID (Azure AD), on Prem AD, MIM/Entra ID Governance, and third-party IGA (SailPoint/Saviynt)
  • Architect MFA/password less (FIDO2/YubiKey, smartcard/PIV equivalents), Conditional Access, risk based access, device trust, PIM and PAM (CyberArk/Beyond Trust)
  • Own identity integration for critical apps (cloud, on Prem, legacy, air gapped) and cross domain access patterns via controlled brokers/guards
  • Security, Compliance & Defence Governance: Map designs and evidence to ASP 240 and applicable JSP guidelines (e.g., JSP 440 Security, JSP 604 Information/IA policies or successors), NCSC guidance, ISO/IEC 27001, and Zero Trust principles
  • Produce and maintain HLD/LLD, Control Matrices, Risk/Threat Models (STRIDE/ATT&CK), Security Cases, Transition Plans, and Operational Runbooks
  • Support audits, Design Reviews, IAO/SIRO approvals, security testing, and accreditation evidence
  • Change & Stakeholder Leadership: Run workshops to untangle legacy identity estates, discover shadow entitlements, and align business/mission owners to a single operating model
  • Fulltime
Read More
Arrow Right

Iam Lead Architect

Join us as a IAM Lead Architect - IAM is a fast moving and strategic defence for...
Location
Location
United Kingdom , Knutsford
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Understanding of Identity management and security principles
  • Knowledge of PAM / AM / LAM
  • Experience of designing and implementing a new IGA platform
  • Understanding of Zero Trust and Security Architecture
Job Responsibility
Job Responsibility
  • Design and development of solutions as products that can evolve, meeting business requirements that align with modern software engineering practices and automated delivery tooling. This includes identification and implementation of the technologies and platforms
  • Targeted design activities that apply an appropriate workload placement strategy and maximise the benefit of cloud capabilities such as elasticity, serverless, containerisation etc
  • Best practice designs incorporating security principles (such as defence in depth and reduction of blast radius) that meet the Bank’s resiliency expectations
  • Solutions that appropriately balance risks and controls to deliver the agreed business and technology value
  • Adoption of standardised solutions where they fit. If no standard solutions fit, feed into their ongoing evolution where appropriate
  • Fault finding and performance issues support to operational support teams, leveraging available tooling
  • Solution design impact assessment in terms of risk, capacity and cost impact, inc. estimation of project change and ongoing run costs
  • Development of the requisite architecture inputs required to comply with the banks governance processes, including design artefacts required for architecture, privacy, security and records management governance processes
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Senior Cyber Security Engineer II-Identity Governance

The Sr. Cyber Security Engineer II – Identity Governance is a pivotal role respo...
Location
Location
United States , Framingham
Salary
Salary:
139000.00 - 191000.00 USD / Year
staplespromo.com Logo
Staples Promotional Products
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Computer Science, or a related field or equivalent work experience
  • 10 or more years of progressively complex experience in cybersecurity
  • Proven experience with cybersecurity frameworks (e.g., NIST, ISO 27001)
  • Hands-on experience with security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, and content filtering
  • Knowledge of network protocols and data encryption methods
  • Hands-on experience supporting Active Directory in an enterprise environment
  • Practical experience with identity and access management concepts including: user lifecycle provisioning, entitlement management, role-based access control (RBAC)
  • Experience building or supporting application integrations with an IGA platform
  • Experience supporting SSO and authentication integrations
  • Working knowledge of conditional access and modern authentication controls
Job Responsibility
Job Responsibility
  • Engineer, maintain, and secure Active Directory components including domains, OUs, group structures, service accounts, and delegated administration models
  • Support hybrid identity patterns integrating on‑premises Active Directory with cloud identity platforms
  • Partner with infrastructure and cloud teams to ensure directory services are resilient, monitored, and aligned to security best practices
  • Apply Zero Trust security concepts to identity systems, recognizing Active Directory and identity connectors as high‑risk control plane assets
  • Support privileged access separation, administrative role scoping, and least‑privilege enforcement across identity platforms
  • Participate in hardening initiatives to reduce privilege escalation paths and credential exposure within identity services
  • Implement and support SSO and federation integrations using industry‑standard protocols (SAML, OIDC, OAuth)
  • Assist in designing and maintaining conditional access policies based on user risk, role, device posture, and authentication context
  • Troubleshoot authentication and authorization issues across directories, identity providers, and integrated applications
  • Support joiner / mover / leaver lifecycle processes across Active Directory and downstream applications
What we offer
What we offer
  • Competitive base salary + bonus on eligible positions
  • 22 days plus 7 major holidays and 1 floating holiday
  • Company match 401(k) plan
  • Online and retail discounts
  • Physical and mental health wellness programs
  • Daycare, cafeteria, fitness center, and coffee shop at our HQ
  • Inclusive culture with associate-led Business Resource Groups
  • Fulltime
Read More
Arrow Right

Identity and Access Management Engineer

We are seeking an Identity and Access Management Engineer to design and protect ...
Location
Location
United States , San Jose
Salary
Salary:
133400.00 - 200000.00 USD / Year
archer.com Logo
Archer Aviation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5 plus years of experience in Identity and Access Management or related roles, with a minimum of 2 years in a senior or architect-level capacity
  • Hands-on design and implementation experience with enterprise Identity Providers such as Okta, Azure AD (Active Directory), or Ping Identity
  • Deep technical understanding of authentication protocols and standards, including OIDC, SAML, OAuth 2.0, and LDAP
  • Extensive experience designing and operating Privileged Access Management (PAM) solutions, preferably Delinea, including credential vaulting, session recording, and approval workflows
  • Working knowledge of RBAC (Role-Based Access Control) design and implementation, with the ability to map complex organizational hierarchies to access policies
  • Experience implementing and managing Multi-Factor Authentication (MFA) technologies such as FIDO2, Okta Verify, Duo Security, YubiKey, and PKI-based authentication
  • Strong understanding of NIST SP 800-171 and CMMC Level 2 requirements, specifically as they relate to access control, audit logging, and identity governance
  • Proficiency in scripting and automation using PowerShell, Python, or Bash to automate identity workflows, audit processes, and integrations
  • Excellent communication skills to translate complex identity architecture and compliance requirements to both technical teams and executive leadership
Job Responsibility
Job Responsibility
  • Design and implement Zero Trust Architecture (ZTA) across Archer's enterprise network, eliminating implicit trust and enforcing continuous verification of user identity and device posture before granting access
  • Architect and maintain Okta as the authoritative Identity Provider (IdP) for Archer, managing Single Sign-On (SSO), Multi-Factor Authentication (MFA), and user lifecycle management across all enterprise applications and SaaS platforms
  • Design and implement Privileged Access Management (PAM) using Delinea, including credential vaulting, privileged session management, and automated credential rotation for administrative and service accounts
  • Implement Identity Governance and Administration (IGA) controls to enforce role-based access control (RBAC), segregation of duties, periodic access reviews, and just-in-time (JIT) access provisioning
  • Build and maintain federated identity standards (OIDC, SAML, SCIM) to enable secure integration between Archer's identity platform and third-party applications, cloud providers, and vendor systems
  • Conduct access control audits and design remediation strategies to ensure compliance with NIST SP 800-171 Access Control (AC) requirements, CMMC Level 2 practices, and SOX ITGC expectations for financial systems
  • Implement automated audit logging and session recording for all authentication and privileged access events, ensuring that individual users' actions can be uniquely traced for compliance investigations and forensic analysis
  • Secure third-party and contractor access by implementing time-limited, role-restricted access provisioning and automated de-provisioning upon project completion or relationship termination
  • Stay current with emerging identity threats, attack vectors, and security best practices, including insider threats, account takeover (ATO), and lateral movement techniques
  • Provide technical guidance and training to IT, application, and security teams on identity best practices and policy enforcement
  • Fulltime
Read More
Arrow Right

Senior Identity & Access Management Engineer

The Identity & Access Management (IAM) team is a new, foundational group within ...
Location
Location
United States
Salary
Salary:
92000.00 - 150000.00 USD / Year
li.me Logo
Lime
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3-5+ years of hands-on experience in Identity & Access Management
  • Strong, hands-on experience with enterprise identity providers, with a preference for Okta
  • Experience with IGA platforms (e.g., Saviynt, SailPoint, Okta IGA) is a significant plus
  • Solid scripting and automation skills (e.g., Python, PowerShell) for identity workflows
  • A strong understanding of core security principles, including Zero Trust models and least privilege
  • Experience working in an environment with compliance frameworks such as SOX, GDPR, or CCPA
  • Strong collaboration skills and experience working on complex, cross-functional projects
  • A customer-first mindset focused on creating secure yet frictionless access experiences
Job Responsibility
Job Responsibility
  • Be a key driver in the greenfield implementation of Lime’s enterprise IGA platform
  • Implement, manage, and automate the identity lifecycle (joiner, mover, leaver) to ensure seamless and secure transitions
  • Execute on a high volume of new application integrations for Single Sign-On (SSO) and MFA
  • Collaborate with the security team to implement Zero Trust principles through hands-on configuration of risk-based policies
  • Support automated user access review (UAR) campaigns to ensure continuous compliance with SOX and other regulatory requirements
  • Assist in providing evidence and support for internal and external auditors regarding identity and access controls
  • Partner with application owners across the company to successfully integrate their systems into our centralized IAM platforms
  • Help develop and maintain clear documentation for IAM processes and configurations
What we offer
What we offer
  • Comprehensive Health & Wellness: A choice of medical, dental, and vision plans
  • Company-paid life and disability insurance
  • Company-funded mental health benefits
  • Financial & Retirement Planning: 401(k) plan with both pre-tax and Roth options
  • Access to a Health Savings Account (HSA) with a monthly company contribution
  • Family & Fertility Support: Paid parental leave for birthing and non-birthing parents
  • Fertility and family-forming benefits
  • Paid Time Off: Unlimited vacation
  • Paid leaves
  • 10 company holidays
  • Fulltime
Read More
Arrow Right

Senior Identity & Access Management Engineer

The Identity & Access Management (IAM) team is a new, foundational group within ...
Location
Location
Canada
Salary
Salary:
90000.00 - 138000.00 CAD / Year
li.me Logo
Lime
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3-5+ years of hands-on experience in Identity & Access Management
  • Strong, hands-on experience with enterprise identity providers, with a preference for Okta
  • Experience with IGA platforms (e.g., Saviynt, SailPoint, Okta IGA) is a significant plus
  • Solid scripting and automation skills (e.g., Python, PowerShell) for identity workflows
  • A strong understanding of core security principles, including Zero Trust models and least privilege
  • Experience working in an environment with compliance frameworks such as SOX, GDPR, or CCPA
  • Strong collaboration skills and experience working on complex, cross-functional projects
  • A customer-first mindset focused on creating secure yet frictionless access experiences
Job Responsibility
Job Responsibility
  • Be a key driver in the greenfield implementation of Lime’s enterprise IGA platform
  • Implement, manage, and automate the identity lifecycle (joiner, mover, leaver) to ensure seamless and secure transitions
  • Execute on a high volume of new application integrations for Single Sign-On (SSO) and MFA
  • Collaborate with the security team to implement Zero Trust principles through hands-on configuration of risk-based policies
  • Support automated user access review (UAR) campaigns to ensure continuous compliance with SOX and other regulatory requirements
  • Assist in providing evidence and support for internal and external auditors regarding identity and access controls
  • Partner with application owners across the company to successfully integrate their systems into our centralized IAM platforms
  • Help develop and maintain clear documentation for IAM processes and configurations
What we offer
What we offer
  • Offers Equity
  • Offers Bonus
  • Fulltime
Read More
Arrow Right