Senior IAM Engineer - FedRAMP

Role Overview

The Information Technology team influences business processes and technologies to scale the organization. Operating in a 100% SaaS environment, the team manages infrastructure, technology, and data to ensure operational efficiency and security. As a Senior IAM Engineer, you will design, implement, and operate secure workforce identity services for the RSC-G environment. This role involves owning Okta administration in FedRAMP Moderate/High contexts, implementing strong authentication controls, and partnering with cross-functional teams to sustain compliance and audit readiness.

Responsibilities

• Strategy & Architecture: Develop the overall IAM strategy, security frameworks, and architecture for enterprise-wide access control.
• Cloud & Infrastructure: Design IAM solutions for cloud and on-premise environments, supporting access management, SSO, and identity federation.
• Privileged Access Management (PAM): Implement and manage PAM solutions to control access to sensitive accounts and systems.
• Identity Lifecycle Management: Automate processes for user provisioning, de-provisioning, and identity lifecycle management.
• Policy & Governance: Develop IAM policies, standards, and automation frameworks to ensure compliance with industry best practices and regulations such as NIST and GDPR.
• Collaboration: Partner with engineering, operations, and business teams to ensure IAM solutions align with business needs and collaborate with global teams.
• Security & Compliance: Ensure the confidentiality, integrity, and availability of IAM systems while supporting audits, risk assessments, and SOX compliance.
• Application Integration: Implement and scale identity protocols including SAML, OIDC, OAuth, and SCIM.
• Security Configuration: Develop robust access controls (RBAC, ABAC) and enhance security with MFA, Adaptive MFA, and Device Trust.
• Automations: Automate identity workflows using Okta Workflows, APIs, and Terraform.
• FedRAMP: Administer and enhance Okta for FedRAMP environments and integrate with U.S. GovCloud services.

Requirements

• 8+ years of experience administering Okta in enterprise environments with hands-on ownership of SSO, SCIM provisioning, Okta Workflows, API automation, and policy management.
• Proficiency with modern IAM platforms such as Okta, Azure AD, SailPoint, or CyberArk.
• Deep understanding of identity protocols including SAML, OpenID Connect, and OAuth.
• Experience with cloud IAM services from providers such as AWS, Azure, and GCP.
• Proven ability to design and implement automated IAM workflows.
• Knowledge of regulatory requirements (e.g., SOX, HIPAA, GDPR) and their application to IAM.
• U.S. Citizenship (U.S. born, derived from U.S. parentage, or naturalized) and the ability to provide valid proof of citizenship.
• Ability to obtain a public trust security clearance if required.
• Must be located within the lower 48 contiguous United States.
• Solid understanding of change management processes and strong leadership qualities.

Preferred Qualifications

• Okta certifications (Professional, Administrator, Consultant, or Architect).
• Hands-on experience with Okta Access Requests, Identity Governance, and Okta ASA.
• IGA/PAM experience with tools such as SailPoint, Saviynt, or CyberArk.
• Experience securing CIAM and customer-facing identity journeys.
• Security engineering background with Zero Trust, secrets management, and policy-as-code practices.