Senior Identity & Access Management (IAM) Engineer
Repligen Corporation · Massachusetts, United States · 1 wk ago
Engineering$130k–$180k/yrFull-time
Responsibilities
- Own the administration, engineering, governance, and continuous improvement of enterprise identity and access management services.
- Serve as the primary technical owner for Microsoft Entra ID and related identity platforms.
- Design, implement, and support authentication and authorization solutions across cloud and on-premises environments.
- Administer and maintain Conditional Access policies, Multi-Factor Authentication (MFA), Identity Protection, passwordless authentication, and modern access management solutions.
- Design and support Single Sign-On (SSO) integrations utilizing SAML, OAuth, OpenID Connect, LDAP, Kerberos, and SCIM technologies.
- Manage enterprise application onboarding, identity integrations, access provisioning, and entitlement management processes.
- Partner with HR, Infrastructure, and application owners to design and automate Joiner, Mover, and Leaver (JML) processes.
- Implement and maintain role-based access controls (RBAC), access governance standards, segregation of duties, and least-privilege access models.
- Administer Privileged Identity Management (PIM), privileged access controls, privileged account governance, and delegated administration models.
- Conduct access reviews, entitlement reviews, and certification activities to ensure appropriate access to systems and applications.
- Administer and maintain enterprise Public Key Infrastructure (PKI), including certificate authorities, certificate lifecycle management, issuance, renewal, revocation, and governance.
- Manage digital certificates supporting users, devices, applications, servers, network infrastructure, and cloud services.
- Support certificate-based authentication, passwordless authentication, and device trust technologies across enterprise platforms.
- Partner with Network Engineering teams to support secure wired, wireless, VPN, remote access, and device authentication services.
- Maintain identity, authentication, PKI, and NAC platform health while proactively identifying and addressing operational issues.
- Develop automation using PowerShell, Microsoft Graph, and related technologies to improve provisioning, governance, monitoring, and reporting processes.
- Create and maintain technical documentation, architecture diagrams, operational runbooks, and support procedures.
- Evaluate emerging identity, authentication, PKI, and access management technologies and recommend improvements that enhance security, scalability, and user experience.
- Provide technical guidance and mentorship to IT teams and application owners regarding identity and access management best practices.
Qualifications
- Bachelor's degree in Information Technology, Computer Science, Information Systems, Cybersecurity, or a related field, or equivalent experience.
- Minimum of 7 years of hands-on experience supporting Identity and Access Management technologies in a medium or large enterprise environment.
- Deep expertise with Microsoft Entra ID, including Conditional Access, Identity Protection, Multi-Factor Authentication, Identity Governance, and access lifecycle management.
- Strong experience implementing and supporting Single Sign-On technologies, including SAML, OAuth, OpenID Connect, LDAP, Kerberos, and SCIM provisioning.
- Experience designing and supporting automated Joiner, Mover, and Leaver (JML) processes and identity lifecycle management workflows.
- Hands-on experience with Privileged Identity Management (PIM), role-based access controls, access reviews, entitlement management, and access certification processes.
- Experience integrating enterprise SaaS platforms such as Microsoft 365, ServiceNow, Workday, SAP, Concur, Salesforce, MasterControl, and similar business applications.
- Strong experience with Microsoft Active Directory and hybrid identity environments.
- Experience administering enterprise Public Key Infrastructure (PKI), including Microsoft Active Directory Certificate Services (AD CS), certificate lifecycle management, and certificate-based authentication.
- Experience supporting modern identity security platforms such as Beyond Identity, Okta, Duo, Ping Identity, CyberArk, SailPoint, Saviynt, or similar technologies is highly desirable.
- Strong understanding of modern identity architecture, authentication protocols, Zero Trust principles, passwordless authentication, device trust, and identity-centric security models.
- Strong PowerShell scripting and automation experience.
- Experience utilizing Microsoft Graph API and related automation frameworks for identity administration and governance.
- Working knowledge of compliance controls, audit requirements, and identity governance best practices.
- Strong analytical, troubleshooting, communication, and documentation skills.
- Experience supporting global and geographically distributed organizations.
- Microsoft certifications such as SC-300 (Identity and Access Administrator), SC-100 (Cybersecurity Architect), or equivalent certifications are highly desirable.