IAM Security Engineer

Spectraforce
Seattle, United States of America
2 days ago

Role details

Contract type
Temporary to permanent
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Seattle, United States of America

Tech stack

Microsoft Access
Microsoft Windows
Microsoft Active Directory
Amazon Web Services (AWS)
Automation of Tests
Azure
Bash
Cloud Computing
Computer Security
Linux
Identity and Access Management
JSON
Python
Kerberos (Protocol)
Lightweight Directory Access Protocols (LDAP)
OAuth
OpenID
Oracle Applications
Public Key Infrastructure
Powershell
Role-Based Access Control
Azure
Zero Trust Network Access
Security Assertion Markup Language (SAML)
YAML
SSL Certificate Management
Scripting (Bash/Python/Go/Ruby)
Google Cloud Platform
Okta
Multi-Cloud
Infrastructure as Code (IaC)
GIT
HR Software
Build Management
Kubernetes
Infrastructure Automation Frameworks
Information Technology
Hashicorp
low-code
SailPoint
REST
Terraform
Docker
Legacy Systems
Programming Languages

Job description

A solid individual contributor responsible for designing, implementing, and supporting IAM solutions across multiple environments with minimal supervision. This role actively develops automation to streamline operational tasks, implements subsystem-level security designs, and serves as an escalation point for complex technical issues., * Design and implement secure IAM configurations across multi-cloud and hybrid identity environments, applying Zero Trust principles to develop and tune conditional access policies and cloud IAM roles.

  • Develop, test, and maintain automation scripts (Python, PowerShell) and low-code workflows (e.g., Okta Workflows) to streamline user lifecycle management (LCM), reduce manual effort, and improve accuracy.
  • Independently manage the end-to-end integration of new applications into the IAM ecosystem, including SSO, MFA, IGA, and PAM solutions, applying Role-Based Access Control (RBAC) models.
  • Implement and configure IAM controls for non-human identities, such as service principals in Azure or Cloud Infrastructure platform (AWS, GCP, Oracle), ensuring they adhere to the principle of least privilege.
  • Create and maintain modular and reusable Infrastructure as Code (IaC) modules (e.g., Terraform) for the repeatable and consistent deployment of IAM resources.
  • Manage secrets and credentials for applications and services using a vaulting solution and enterprise Public Key Infrastructure (PKI).
  • Troubleshoot and resolve complex technical identity and access issues across both cloud and legacy systems, performing root cause analysis and implementing preventative measures.
  • For development-focused roles: Develop, test, and maintain custom automation scripts and simple applications that interact with REST APIs to extend IAM platform capabilities.

Example Projects or Deliverables

  • Design and build an automated workflow in Okta Workflows to deprovision access from a set of high-risk applications within one hour of receiving a termination event from the HR system.
  • Develop a reusable Terraform module to standardize the creation of IAM roles in AWS, incorporating permissions boundaries and mandatory tagging policies.
  • Implement Just-in-Time (JIT) access for a defined set of privileged roles using a PAM solution, reducing standing privileged access by 75% for that group.
  • Create a comprehensive dashboard to monitor for anomalous login patterns, correlating data from the IdP, cloud platforms, and legacy directory services.

Requirements

  • 2+ years of direct experience in an Identity and Access Management role.
  • Demonstrated experience with at least one major cloud identity platform (Okta, Microsoft Entra ID).
  • Proficiency in scripting with PowerShell or Python for automation.
  • Hands-on experience with Infrastructure as Code tools, particularly Terraform.
  • Strong understanding of modern authentication and federation protocols (SAML, OIDC, OAuth 2.0, SCIM).
  • Experience with hybrid identity models connecting cloud IdPs to on-premise Active Directory.
  • *For development-focused roles: Proficiency in a scripting or programming language (Python, Go) and hands-on experience consuming REST APIs.
  • Bachelor's Degree in Information Technology, Computer Science, Cybersecurity or related experience required., * AWS Certified Security - Specialty or Azure Security Engineer Associate
  • Microsoft SC-300: Identity and Access Administrator Associate
  • Okta Certified Administrator
  • SailPoint Certified IdentityIQ Associate or SailPoint Certified IdentityNow Professional
  • For development-focused roles: Experience with full-stack development is a plus.
  • Technical Skills

Tools:

  • Okta, Microsoft Entra ID, Active Directory, AWS IAM, SailPoint IdentityNow, Terraform, BeyondTrust, HashiCorp Vault, PKI / Certificate Management, Git.
  • Languages: PowerShell, Python*, Bash*, Go*, JSON, YAML, REST APIs*.
  • Platforms: AWS, Azure, GCP, Windows/Linux, Docker, Kubernetes.
  • Protocols: SAML 2.0, OAuth 2.0, OIDC, SCIM, LDAP, Kerberos, FIDO2.

Soft Skills

  • Customer Focus
  • Drives Results
  • Builds Trust
  • Self-Development
  • Communicates Effectively
  • Has Courage
  • Decision Quality
  • Strategic Mindset
  • Manages Complexity

Apply for this position