Identity and Access Management Engineer (Hybrid)

<div class="content-intro"><p><span style="font-weight: 400;">Archer is an aerospace company based in San Jose, California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing, manufacturing, and operating an all-electric aircraft that can carry four passengers while producing minimal noise.</span></p> <p><span style="font-weight: 400;">Our sights are set high and our problems are hard, and we believe that diversity in the workplace is what makes us smarter, drives better insights, and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences, and supports and celebrates all of our team members.</span></p></div><p><strong>Identity and Access Management Engineer</strong></p> <p><strong>Job Overview</strong></p> <p>We are seeking an Identity and Access Management Engineer to design and protect Archer's identity ecosystem. You are a proactive, team-oriented communicator who understands the bigger picture. The ideal candidate will develop and deploy enterprise-level authentication, authorization, and privileged access solutions that support our critical systems while ensuring compliance with CMMC Level 2, NIST SP 800-171, SOX, and ITAR. This role requires deep technical expertise in modern identity platforms (such as Okta, Google Identity Platform, AWS Identity Center, Azure AD), privileged access management (Delinea), identity governance, and Zero Trust principles. You will collaborate with infrastructure, security, and compliance teams to create scalable, auditable access controls that improve operational efficiency and security.</p> <p><strong>Key Responsibilities</strong></p> <ul> <li>Design and implement Zero Trust Architecture (ZTA) across Archer's enterprise network, eliminating implicit trust and enforcing continuous verification of user identity and device posture before granting access.</li> <li>Architect and maintain Okta as the authoritative Identity Provider (IdP) for Archer, managing Single Sign-On (SSO), Multi-Factor Authentication (MFA), and user lifecycle management across all enterprise applications and SaaS platforms.</li> <li>Design and implement Privileged Access Management (PAM) using Delinea, including credential vaulting, privileged session management, and automated credential rotation for administrative and service accounts.</li> <li>Implement Identity Governance and Administration (IGA) controls to enforce role-based access control (RBAC), segregation of duties, periodic access reviews, and just-in-time (JIT) access provisioning.</li> <li>Build and maintain federated identity standards (OIDC, SAML, SCIM) to enable secure integration between Archer's identity platform and third-party applications, cloud providers, and vendor systems.</li> <li>Conduct access control audits and design remediation strategies to ensure compliance with NIST SP 800-171 Access Control (AC) requirements, CMMC Level 2 practices, and SOX ITGC expectations for financial systems.</li> <li>Implement automated audit logging and session recording for all authentication and privileged access events, ensuring that individual users' actions can be uniquely traced for compliance investigations and forensic analysis.</li> <li>Secure third-party and contractor access by implementing time-limited, role-restricted access provisioning and automated de-provisioning upon project completion or relationship termination.</li> <li>Stay current with emerging identity threats, attack vectors, and security best practices, including insider threats, account takeover (ATO), and lateral move ... (truncated, view full listing at source)