Senior Systems Engineer Identity Access Management - Fully Remote
Position Summary
The Senior Systems Engineer provides senior technical leadership across two core areas: Identity & Access Management (IAM) and IT Productivity & Collaboration services. The position designs, implements, administers, and supports Identity Governance & Administration (IGA) and enterprise identity services (directory services, SSO/federation, MFA/conditional access alignment, and privileged access) using Okta, Active Directory, and Microsoft Entra.
Engineering Solutions, Design, and Administration
- Design, implement, and maintain IAM/IGA capabilities (directory services, SSO/federation, and privileged access) using Okta, Active Directory, and Microsoft Entra to deliver secure, reliable access.
- Lead discovery and solution delivery for IAM initiatives (requirements, design, build, testing, and rollout); evaluate options and recommend best-fit approaches with internal teams and vendors.
- Automate identity lifecycle (joiner/mover/leaver; provisioning/deprovisioning) and related administration using scripting and modern tooling to reduce manual effort and risk.
- Define and enforce access governance (RBAC/ABAC), policies, workflows, and secure access patterns (SSO/MFA/conditional access alignment and least-privilege role design), including periodic access reviews.
- Support security and compliance by remediating identity-related vulnerabilities and supporting audits, penetration tests, and access reviews with evidence, reporting, and corrective actions.
- Onboard and integrate applications and platforms (SaaS and Microsoft 365) using standards-based connectors/integrations; partner with application owners to validate requirements, data flows, and security controls.
- Own and administer Microsoft 365 and collaboration services (Teams, SharePoint/OneDrive, Exchange Online) and adjacent SaaS tools, including hybrid identity/access integrations and roadmap execution.
- Operate and improve services through monitoring, dashboards/alerts, incident and problem management (RCA/post-incident reviews), and on-call participation; troubleshoot authentication/authorization/provisioning issues to restore service.
- Create and maintain documentation and enablement (standards, runbooks, procedures, and knowledge articles); support tiered support and knowledge transfer with Service Desk/L2.
- Partner with Procurement/Vendor Management on renewals, licensing optimization, and vendor escalations; identify cost-saving opportunities through usage analysis and right-sizing.
- Evaluate and adopt new features and products (including collaboration AI capabilities) via pilots, guardrails, and measured rollouts.
Required Qualifications
- Knowledge of: IAM/IGA concepts and practices, including identity lifecycle (joiner/mover/leaver), provisioning/deprovisioning, and access recertification.
- Identity standards and protocols (SAML, OAuth/OIDC, SCIM) and how they are used for SSO/federation and application integrations.
- Okta, Active Directory, and Microsoft Entra ID administration and configuration concepts (tenant/directory structure, groups, app assignments, conditional access/access policies).
- Privileged access management principles and controls (least privilege, role-based access, privileged roles/accounts, access request/approval workflows).
- Security and compliance practices related to identity services, including logging/monitoring, vulnerability remediation, audit evidence collection, and access reviews.
- Enterprise IT operations practices (incident/problem management, change control) and creating/supporting technical documentation such as procedures and runbooks.
- Ability To Demonstrate strong interpersonal and organizational skills, demonstrated success in working both independently and in a team environment.
- Demonstrate above-average written and oral communication skills.
- Demonstrate strong analytical and creative problem solving, and the ability to manage multiple and rapidly changing priorities.
- Work effectively both independently and collaboratively across technical and non-technical teams.
- Communicate clearly in writing and verbally, including translating technical concepts for varied audiences.
- Analyze complex issues, solve problems systematically, and manage multiple priorities in a fast-changing environment.
- Hands-on experience with the relevant technologies and solutions for fulfilling the activities in the accountabilities section.
- Bachelor’s degree in computer science, Management Information Systems, Computer Science, Information Security or related field (or equivalent related experience and/or education).
- Minimum of five or more years of experience in engineering and supporting solutions in a heterogeneous enterprise IT environment.
PREFERRED QUALIFICATIONS
- Modern Workplace/Automation: Defines and completes project tasks, including scripting, related to workplace automation, leveraging Intune, SharePoint (including migrations), Viva, PowerApps, Power Automate, Microsoft Power Platform, etc.
- Strong experience with Okta tenant configuration and core components (policies, claims, scopes, access policies) beyond day-to-day administration.
- Experience partnering with application developers and using Okta APIs to automate integrations and workflows.
- Experience with log management and reporting tools (e.g., Varonis, Okta reporting) for monitoring and investigation.
About The Team
NMDP offers regular, full-time employees medical, dental, vision, life and disability, accident/critical illness/hospital, well-being, legal, identity theft and pet benefits. Retirement, paid time off/holidays, leave and incentive plans are also offered to eligible employees. Please reference this link for more information: NMDP Benefit Information