IAM Engineer II
Osaic · Scottsdale, AZ · 3 wk ago
Engineering$120k–$156k/yrFull-time
About the role
The IAM Engineer II role supports user onboarding/offboarding, Single Sign On (SSO) integrations, access requests, entitlement administration, and basic privileged access functions.
Responsibilities
- Automate Joiner/Mover/Leaver (JML) processes, including provisioning, de-provisioning, access requests, and access reviews.
- Ensure group based and role-based access is assigned accurately and timely.
- Troubleshoot identity issues such as failed provisioning tasks, directory sync, and entitlement assignments.
- Process access requests and approvals; maintain entitlement catalogs and birthright access definitions.
- Assist in quarterly and ad hoc access certification campaigns.
- Onboard applications to identity platforms using REST APIs and JSON field mapping.
- Onboard applications for SSO using standard SAML/OIDC templates.
- Affirm adherence to least privilege and separation of duties (SoD) requirements.
- Collect and maintain evidence for audits and identity reviews.
- Follow established change management, documentation, and incident management processes.
- Use PowerShell or basic REST API calls for simple identity queries or repeatable tasks.
- Maintain runbooks, knowledge base articles, and user facing guides.
- Participate in identity related incident handling and troubleshooting.
- All other duties as assigned.
Requirements
- 1–3 years of experience in IT, security operations, or identity administration.
- Hands-on experience with user and group management.
- Familiarity with SAML, OIDC, and basic authentication/authorization principles.
- Understanding of IAM concepts such as MFA, RBAC, provisioning, and JML workflows.
- Basic scripting experience (PowerShell, Python, or similar).
- Strong analytical and troubleshooting skills; attention to detail.
- Ability to follow documented procedures and maintain accurate records.
Preferred Requirements
- Experience with an IAM platform (provisioning, access requests, access reviews, connectors).
- Experience with onboarding applications for SSO.
- Exposure to PAM (Privileged Access Management) tools and workflows.
- Understanding of security frameworks and controls (least privilege, SoD, zero trust).
- Ability to read logs and debug authentication or provisioning errors.
- CompTIA Security +, Microsoft SC-900, Microsoft SC-300, (ISC)² CC or SSCP
Benefits
To view more details of what you can look forward to, visit our careers page: Osaic Benefits.
Pay
$120,000 - $156,000 per year + annual performance-based bonus
Schedule
Our hybrid schedule requires a minimum of 4 days weekly in the office.