Jobs · Engineering

Senior Identity & Access Management (IAM) Engineer

Repligen Corporation · Massachusetts, United States · 1 wk ago
Engineering$130k–$180k/yrFull-time

Responsibilities

  • Own the administration, engineering, governance, and continuous improvement of enterprise identity and access management services.
  • Serve as the primary technical owner for Microsoft Entra ID and related identity platforms.
  • Design, implement, and support authentication and authorization solutions across cloud and on-premises environments.
  • Administer and maintain Conditional Access policies, Multi-Factor Authentication (MFA), Identity Protection, passwordless authentication, and modern access management solutions.
  • Design and support Single Sign-On (SSO) integrations utilizing SAML, OAuth, OpenID Connect, LDAP, Kerberos, and SCIM technologies.
  • Manage enterprise application onboarding, identity integrations, access provisioning, and entitlement management processes.
  • Partner with HR, Infrastructure, and application owners to design and automate Joiner, Mover, and Leaver (JML) processes.
  • Implement and maintain role-based access controls (RBAC), access governance standards, segregation of duties, and least-privilege access models.
  • Administer Privileged Identity Management (PIM), privileged access controls, privileged account governance, and delegated administration models.
  • Conduct access reviews, entitlement reviews, and certification activities to ensure appropriate access to systems and applications.
  • Administer and maintain enterprise Public Key Infrastructure (PKI), including certificate authorities, certificate lifecycle management, issuance, renewal, revocation, and governance.
  • Manage digital certificates supporting users, devices, applications, servers, network infrastructure, and cloud services.
  • Support certificate-based authentication, passwordless authentication, and device trust technologies across enterprise platforms.
  • Partner with Network Engineering teams to support secure wired, wireless, VPN, remote access, and device authentication services.
  • Maintain identity, authentication, PKI, and NAC platform health while proactively identifying and addressing operational issues.
  • Develop automation using PowerShell, Microsoft Graph, and related technologies to improve provisioning, governance, monitoring, and reporting processes.
  • Create and maintain technical documentation, architecture diagrams, operational runbooks, and support procedures.
  • Evaluate emerging identity, authentication, PKI, and access management technologies and recommend improvements that enhance security, scalability, and user experience.
  • Provide technical guidance and mentorship to IT teams and application owners regarding identity and access management best practices.

Qualifications

  • Bachelor's degree in Information Technology, Computer Science, Information Systems, Cybersecurity, or a related field, or equivalent experience.
  • Minimum of 7 years of hands-on experience supporting Identity and Access Management technologies in a medium or large enterprise environment.
  • Deep expertise with Microsoft Entra ID, including Conditional Access, Identity Protection, Multi-Factor Authentication, Identity Governance, and access lifecycle management.
  • Strong experience implementing and supporting Single Sign-On technologies, including SAML, OAuth, OpenID Connect, LDAP, Kerberos, and SCIM provisioning.
  • Experience designing and supporting automated Joiner, Mover, and Leaver (JML) processes and identity lifecycle management workflows.
  • Hands-on experience with Privileged Identity Management (PIM), role-based access controls, access reviews, entitlement management, and access certification processes.
  • Experience integrating enterprise SaaS platforms such as Microsoft 365, ServiceNow, Workday, SAP, Concur, Salesforce, MasterControl, and similar business applications.
  • Strong experience with Microsoft Active Directory and hybrid identity environments.
  • Experience administering enterprise Public Key Infrastructure (PKI), including Microsoft Active Directory Certificate Services (AD CS), certificate lifecycle management, and certificate-based authentication.
  • Experience supporting modern identity security platforms such as Beyond Identity, Okta, Duo, Ping Identity, CyberArk, SailPoint, Saviynt, or similar technologies is highly desirable.
  • Strong understanding of modern identity architecture, authentication protocols, Zero Trust principles, passwordless authentication, device trust, and identity-centric security models.
  • Strong PowerShell scripting and automation experience.
  • Experience utilizing Microsoft Graph API and related automation frameworks for identity administration and governance.
  • Working knowledge of compliance controls, audit requirements, and identity governance best practices.
  • Strong analytical, troubleshooting, communication, and documentation skills.
  • Experience supporting global and geographically distributed organizations.
  • Microsoft certifications such as SC-300 (Identity and Access Administrator), SC-100 (Cybersecurity Architect), or equivalent certifications are highly desirable.

Similar jobs