IAM Senior Engineer

Company: Fortune 500 Financial Services Company

Charlotte, NC or Des Moines, IA

Type: Full Time 

Overview

The IAM Senior Engineer will lead the design, deployment, and ongoing support of IAM solutions across multi-cloud environments (AWS, Azure, GCP), ensuring secure, compliant, and seamless access for users, applications, and services. The IAM Lead Engineer will serve as a subject matter expert, driving adoption of modern identity standards and automation to support a Zero Trust security model.

Key Responsibilities

• Lead architecture, engineering, and implementation of cloud IAM solutions across AWS, Azure, and GCP.
• Manage and optimize identity platforms such as Azure Active Directory, Okta, Ping Identity, or equivalent cloud identity providers.
• Define and enforce IAM policies for authentication, authorization, and federation in cloud-native and hybrid environments.
• Automate identity lifecycle processes, including provisioning, de-provisioning, and role/attribute-based access controls.
• Implement and manage privileged access management (PAM) for cloud infrastructure and DevOps pipelines.
• Integrate SaaS and IaaS applications with enterprise IAM platforms using SAML, OAuth 2.0, OIDC, and SCIM.
• Partner with security, DevOps, and application teams to embed IAM best practices into CI/CD and cloud operations.
• Support audits and compliance initiatives (e.g., SOC 2, SOX, PCI-DSS, HIPAA, FedRAMP) with IAM evidence and controls.
• Monitor, troubleshoot, and remediate IAM issues across cloud environments to ensure availability and scalability.
• Research and implement emerging cloud IAM technologies aligned to Zero Trust and least privilege principles.

Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
• 7+ years of experience in Identity and Access Management, with at least 3+ years in cloud IAM.
• Hands-on experience with cloud identity services (Azure AD, AWS IAM, AWS SSO, GCP IAM).
• Strong knowledge of authentication/federation standards: SAML, OAuth 2.0, OIDC, SCIM, LDAP, Kerberos.
• Proficiency with scripting/automation (PowerShell, Python, Terraform, or equivalent).
• Experience implementing RBAC, ABAC, and least privilege across cloud workloads.
• Familiarity with Zero Trust principles, conditional access, and MFA/Passwordless authentication.
• Strong understanding of regulatory compliance frameworks as they apply to cloud security.
• Excellent communication skills with the ability to lead cross-functional teams.

Preferred Skills

• Certifications such as Azure Security Engineer, AWS Certified Security – Specialty, or Okta Certified Professional.
• Experience with Infrastructure as Code (Terraform, CloudFormation) for IAM policy and role management.
• Prior experience integrating IAM with DevSecOps and CI/CD pipelines.
• Knowledge of identity threat detection and response (ITDR) solutions.

Compensation and Benefits

• Base Salary: $160,000 – $200,000 annually, based on experience and qualifications.
• Bonus: Eligible for an annual discretionary performance bonus.
• Benefits Package Includes:
• Comprehensive medical, dental, and vision insurance
• 401(k) retirement plan with company match
• Paid time off (vacation, sick leave, holidays)
• Flexible work arrangements (remote/hybrid options, depending on business needs)
• Professional development opportunities, training, and certifications
• Employee wellness programs and additional voluntary benefits