IAM Security Engineer
Confiz · Seattle, WA · 5 days ago
On-siteInformation TechnologyTemporary
Responsibilities
- Own end-to-end program planning, scheduling, and execution for one or more identity security workstreams.
- Develop and maintain detailed project plans, dependency maps, risk registers, and RAID logs.
- Lead sprint planning, PI Planning events, and backlog grooming in an SAFe/Agile delivery model.
- Facilitate cross-team ceremonies including standups, demos, retrospectives, and steering committee reviews.
- Track and report on program health, milestones, and KPIs to senior leadership and the CISO organization.
- Proactively identify, escalate, and resolve blockers, risks, and inter-workstream dependencies.
- Drive delivery of Privileged Access Management (PAM) programs using BeyondTrust Password Safe, Endpoint Privilege Management (EPM), and Privileged Remote Access (PRA).
- Support initiatives related to Microsoft Entra ID (Azure AD) including conditional access policy governance, hybrid identity, and lifecycle management.
- Partner with IGA teams on SailPoint IdentityNow configuration, access certification campaigns, and role engineering.
- Coordinate Okta identity platform hardening, including phishing-resistant MFA (FastPass, FIDO2/WebAuthn), device assurance policies, and authenticator enrollment controls.
- Translate technical identity requirements into workable project scope, acceptance criteria, and delivery milestones.
Qualifications
- Bachelor's Degree in Information Technology, Computer Science, Cybersecurity or related experience required.
- 2+ years of direct experience in an Identity and Access Management role.
- Demonstrated experience with at least one major cloud identity platform (Okta, Microsoft Entra ID).
- Proficiency in scripting with PowerShell or Python for automation.
- Hands-on experience with Infrastructure as Code tools, particularly Terraform.
- Strong understanding of modern authentication and federation protocols (SAML, OIDC, OAuth 2.0, SCIM).
- Experience with hybrid identity models connecting cloud IdPs to on-premise Active Directory.
- SailPoint Certified IdentityIQ Associate or SailPoint Certified IdentityNow Professional preferred.