IAM Security Engineer 3

<p>We are looking for an IAM Security Engineer 3 to join our Enterprise Security (IAMSEC) team. In this role, you will help design, implement, and operate identity, access, and endpoint security solutions at scale. You’ll work closely with senior IAM engineers, Cloud Security, and IT teams to improve our IAM posture, automate routine operations, and support key compliance initiatives such as FedRAMP High.</p> <p>We are looking to speak to candidates who are based on the West Coast of the US for our hybrid working model.</p> <h3><strong> </strong><strong>Responsibilities</strong></h3> <ul> <li>Operate and enhance IAM platforms, including Okta, AWS IAM, GCP IAM, and Azure AD, helping to ensure secure, least-privilege, and scalable access models for employees and service accounts.</li> <li>Need to be a US Citizen</li> <li>Implement and support SSO integrations (SAML, OIDC, OAuth2) and MFA enforcement for internal and third-party applications.</li> <li>Help maintain and improve RBAC models, groups, and policies, ensuring access is consistent with business needs and audit requirements.</li> <li>Contribute to the identity lifecycle (provisioning, deprovisioning, access changes, and just-in-time access) using automation (Terraform/OpenTofu, Python, Tines) to reduce manual effort and errors.</li> <li>Assist with hardening non-human identities (service accounts, workloads, automation identities, agentic AI systems), focusing on least-privilege and proper key/secret management.</li> <li>Collaborate with senior engineers to support FedRAMP High and other regulatory/compliance programs by implementing and operating required IAM and endpoint controls, and helping prepare evidence for audits.</li> <li>Integrate IAM and endpoint events into Datadog (or similar tools) to improve visibility, alerts, and investigations around authentication and access activity.</li> <li>Partner with teams operating MDM platforms (Jamf, Workspace ONE, Kolide) to ensure device posture is reflected in IAM policies where applicable.</li> <li>Create and maintain documentation and runbooks for IAM workflows, automations, and on-call procedures.</li> <li>Participate in the IAMSEC team’s on-call rotation for production incidents impacting identity, access, or FedRAMP-scoped services, with guidance from senior team members.</li> </ul> <h3><strong>Requirements</strong></h3> <ul> <li>3–5 years of experience in Identity Access Management, Security Engineering, or Cloud Security roles.</li> <li>Hands-on experience administering and securing Okta for workforce identity (groups, policies, app integrations, MFA).</li> <li>Practical experience working with IAM in at least one major cloud provider (AWS IAM strongly preferred; GCP IAM or Azure AD a plus).</li> <li>Good understanding of authentication and authorization standards, including OAuth2, OIDC, SAML, and modern MFA approaches.</li> <li>Exposure to FedRAMP High or Moderate, or similar U.S. public-sector frameworks (e.g., FISMA, StateRAMP), and an interest in deepening expertise in NIST 800‑53, ATO processes, and POAM management.</li> <li>Experience implementing or supporting RBAC models, group/role structures, and access reviews in a mid-to-large enterprise.</li> <li>Experience with scripting or programming (e.g., Python, Bash) to automate repetitive IAM or security tasks.</li> <li>Familiarity with Infrastructure as Code (Terraform/OpenTofu, CloudFormation) and a willingness to grow into owning IAM-related IaC modules.</li> <li>Experience with observability or SIEM tools such as Datadog (or similar) for working with logs, alerts, and dashboards.</li> <li>Strong problem-solving skills, attention to detail, and the ability to follow and improve documented processes.</li> <li>Comfortable collaborating in a remote, distributed team, communicating clearly in writing, and asking for help or clarification when needed.</li> </ul> <h3><strong>Nice to Have</strong></h3> <ul> <li>Experience designing or operating phishing-resistant a ... (truncated, view full listing at source)