Senior IAM Engineer

Role Overview

We are looking for a Senior IAM Engineer to own and advance our identity and access management program. You will be the subject matter expert for Okta and the broader IAM ecosystem—administering the platform end to end, integrating it with the systems our teams rely on every day, and partnering closely with Security to ensure our access controls are strong, scalable, and easy to use. You will lead lifecycle automation, harden application integrations, and serve as the senior escalation point for complex identity issues. This is a hands-on, high-impact role for someone who enjoys solving complex identity problems and continuously improving the experience for the business.

Responsibilities

• Administer Okta end to end, including users, groups, applications, authentication policies, sign-on rules, network zones, and Okta Workflows across the full product suite.
• Configure and support Okta authentication and access standards, including OAuth/OIDC, SAML, SCIM, Okta FastPass, Device Trust, device-bound SSO, and Device Access.
• Integrate and manage third-party SaaS applications in Okta, including SSO setup, SCIM-based provisioning and de-provisioning, group push, and role mapping.
• Own Okta's integrations with core enterprise systems, including Microsoft (Entra ID / Active Directory) and Workday as the HR system of record driving joiner, mover, and leaver events.
• Design and operate the joiner/mover/leaver lifecycle, ensuring timely, accurate, and auditable provisioning and de-provisioning across all in-scope applications.
• Ensure application integrations meet security best practices, including least-privilege access, MFA enforcement, strong authentication policies, and well-structured group and role design.
• Partner with the Security team to design and implement Okta and application-level security controls, policies, and risk-based / adaptive access rules.
• Support audit, compliance, and access certification activities (e.g., SOX, SOC 2) with reporting, evidence collection, and periodic access reviews.
• Build and maintain Okta Workflows and other automations to streamline identity processes such as onboarding, offboarding, group membership, and access reviews.
• Provide tier 2 and tier 3 support for IAM-related issues, including triage, root-cause analysis, and remediation, and serve as the escalation point for the helpdesk.
• Document configurations, runbooks, and processes to support team continuity, onboarding, and audit readiness.

Requirements

• 5+ years of experience in an Identity and Access Management, IT security, or systems engineering role.
• Hands-on experience administering Okta in production across the full product suite, including users, groups, applications, authentication policies, and Okta Workflows.
• Deep working knowledge of identity standards and Okta features, including OAuth/OIDC, SAML, SCIM, Okta FastPass, Device Trust, device-bound SSO, and Device Access.
• Proven experience integrating third-party SaaS applications with Okta, including SSO and SCIM provisioning.
• Experience integrating Okta with Microsoft (Entra ID / Active Directory).
• Experience integrating Okta with Workday as the HR system of record driving lifecycle events.
• Experience designing and operating joiner/mover/leaver lifecycle processes at scale.
• Experience partnering with Security teams to implement IAM controls, policies, and best practices for application integrations and access design.
• Experience providing tier 2 and tier 3 end-user support for identity-related issues.
• Strong problem-solving and troubleshooting skills, with a structured, root-cause-driven approach.
• Strong written and verbal communication skills, with the ability to work directly with business, IT, and security stakeholders.

Preferred Qualifications

• Okta Certified Administrator, Okta Certified Consultant, or Okta Certified Master.
• Experience building AI agents to assist with Okta and IAM management (e.g., automating lifecycle tasks, triaging access requests, or surfacing anomalous events).
• Experience scripting and integrating with REST APIs (e.g., Python, JavaScript) to extend Okta and IAM workflows.
• Experience with privileged access management (PAM) tools (e.g., CyberArk, BeyondTrust, Delinea, Keeper).
• Experience supporting IAM in regulated environments (e.g., SOX, SOC 2, HIPAA, PCI).
• Familiarity with Zero Trust principles and conditional/adaptive access design.

Benefits

• Performance-driven compensation: Competitive base salary with bonus or incentive opportunities.
• Comprehensive health benefits: Range of medical and dental plans, plus vision coverage starting on day one.
• Financial wellbeing: 401(k) with Vanguard, HSA with employer contributions, FSAs, and Employer Paid STD & LTD plans.
• Time to recharge: Generous paid time off, company holidays, sick time, and paid parental leave.
• Support for families: Paid parental leave and childcare support, including employer matching for dependent care FSA.
• Holistic wellbeing: Mental health care (6 free sessions), wellness programs through Spring Health, and EAP access.
• Flexibility: Pre-tax commuter benefit accounts with employer match and support for different working styles.
• Daily perks: Meal and snack offerings in select offices, plus a stipend to support your day-to-day whether in-office or remote.
• Office experience: Access to modern office spaces designed for collaboration and creativity.