IAM Engineer
Vaco by Highspring · Birmingham, AL · 1 wk ago
HybridInformation TechnologyFull-time
Position Summary
The Identity Access Management Engineer is responsible for enhancing, maintaining, and executing the identity services program, both cloud-based and on-premises, for the organization. The position will maintain the IAM technical standards and will implement IAM controls and processes based upon an understanding of the identity and authentication technology stacks. This role reports to the Director Information Security and will assist in the architecture, implementation, and execution of a risk-based IAM architecture to ensure strong authentication and authorization controls across various business critical systems.
Essential Duties and Responsibilities
- User and Access Management
- Develop and assist with permission changes, group membership updates, and access provisioning.
- Create, modify, and disable user accounts in Active Directory, Microsoft 365, and other systems.
- Support MFA, SSO, and related authentication workflows.
- Authentication and Authorization
- Provides escalation support for all matters related to Identity Access Management operations.
- Ensure readiness for internal and external audit, including action plan to promptly resolve issues identified and ensure standard operation procedures are created and followed.
- Provide consultation and integration within the identity management authentication and authorization framework for new/existing applications.
- Perform routine maintenance tasks and update documentation as needed.
- Access Governance
- Responsible operation and management Identity Governance & Administration (IGA) solutions across the enterprise (SecurEnds).
- Escalate complex issues to senior staff or external vendors when appropriate.
- Responsible for owning User Access Review (UAR) process and campaigns.
- Security and Compliance
- Follow established IT policies, procedures, and security requirements.
- Serve as an advisor for policies/procedures and guidelines to data owners within the organization.
- Support security protection, compliance efforts, and audit-related data collection.
- Maintain confidentiality and adhere to data-handling standards.
Qualifications
- Required
- Bachelor’s degree in information technology or a related field preferred, or equivalent combination of education and experience.
- 5+ years implementing and governing IAM cloud solutions, controls, and capabilities.
- Experience in implementing Single-Sign-On (SSO) and federation standards such as SAML and OpenID Connect, Multi-Factor Authentication (MFA) and Privileged Access Management, Password Vault.
- High proficiency, experience and working knowledge of Active Directory, Entra ID (Azure AD), OKTA, and connector frameworks, and other mainstream IAM products.
- Excellent problem-solving, documentation, and communication skills with the ability to work effectively across cross-functional teams.
- Strong communication skills and ability to work directly with end users.
- Develop scripts and automation with PowerShell, Python, Power Automate, Azure Automations, etc.
- Preferred
- Professional certifications preferred: ITIL, Security+, SSCP, Certified in Cybersecurity (ISC2),
- Understanding of JustinTime (JIT) privileged access models and risk-based reduction of standing admin privileges aligned with modern PAM best practices.
- Experience with endpoint management tools (e.g., Intune).
- Experience in Agile and ITIL, metrics, and driving continuous improvement approaches to Service Delivery