Senior IAM Engineer

complex application migrations and enterprise security initiatives.

Operating within client governance frameworks, this role partners closely with client stakeholders, architects, and security leadership to define IAM strategies, establish integration standards, and guide implementation outcomes. The Senior IAM Engineer is accountable for the technical quality, security posture, and scalability of IAM solutions and provides leadership across the IAM lifecycle-from design and implementation through migration, testing, and operational readiness.

While this role remains hands-on, it extends beyond execution to include technical decision-making, architectural leadership, and mentorship, ensuring IAM solutions align with business objectives, regulatory requirements, and enterprise security standards.

KEY RESPONSIBILITIES

IAM Architecture & Design Leadership

• Lead the design and implementation of IAM solutions across authentication, authorization, secrets management, identity governance, and privileged access domains

• Define and maintain IAM reference architectures, integration patterns, and best practices aligned to enterprise standards

• Provide technical recommendations and trade-off analysis balancing security, usability, scalability, and operational efficiency

• Participate in architecture reviews and influence client IAM roadmaps and modernization strategies

Delivery Ownership & Execution

• Own IAM outcomes for assigned programs and migrations, ensuring solutions meet security, compliance, and performance expectations

• Lead IAM readiness activities for migrations and cutovers, including risk identification, mitigation planning, and execution support

• Guide and execute IAM configuration and integrations for SSO, MFA, federation, PAM, and secrets management

• Develop and enhance accelerators, automation, and self-service capabilities to improve delivery efficiency and consistency

Security, Risk & Compliance

• Ensure IAM implementations align with enterprise security policies, regulatory requirements, and audit standards

• Lead or coordinate IAM-related security testing, including authentication/authorization validation and vulnerability assessments

• Identify IAM risks and proactively recommend remediation or improvement opportunities

Technical Leadership & Collaboration

• Serve as a point of escalation for complex IAM issues and defect resolution

• Mentor junior engineers and review IAM designs, configurations, and documentation

• Collaborate with application teams, cloud engineers, security operations, and governance partners to drive successful IAM adoption

• Document IAM architectures, configurations, and operational procedures for long-term sustainability

We want all new Associates to succeed in their roles at Ensono. That's why we've outlined the job requirements below. To be considered for this role, it's important that you meet all Required Qualifications. If you do not meet all of the Preferred Qualifications, we still encourage you to apply.

Required Qualifications:

• 7+ years of progressive experience in Identity and Access Management engineering, including leadership of complex IAM initiatives

• Proven experience designing and implementing IAM solutions in large-scale, hybrid, or cloud environments

• Demonstrated ability to act as a technical authority and advisor, influencing IAM decisions and standards

• Hands-on expertise with enterprise IAM technologies, including:

  • Privileged Access Management (PAM)
    • CyberArk (Enterprise Password Vault, Privileged Session Manager, Central Credential Provider, Conjur)
    • HashiCorp Vault (secrets engines, policies, authentication methods, dynamic credentials)
  • Authentication / Identity Providers (IDP)
    • ForgeRock (Access Management, Identity Management, Directory Services, Identity Gateway)
    • RSA (SecurID Authentication Manager, MFA, Identity Governance & Lifecycle)
  • User Access & Entitlement Management
    • SailPoint (IdentityIQ, IdentityNow - access certifications, provisioning, role management)
    • ESF (Enterprise Security Framework - entitlement management and access controls)
    • Strong experience with authentication and federation protocols: SAML, OAuth 2.0, OpenID Connect, Kerberos
    • Advanced knowledge of Active Directory, LDAP, and identity integrations
    • Experience with cloud platforms (AWS, Azure) and cloud-native IAM services
    • Strong scripting and automation capabilities (PowerShell, Python, Terraform, or equivalent)

• Excellent troubleshooting, analytical, and communication skills

Preferred Qualifications:

• CyberArk Certified Defender or Delivery Engineer

• HashiCorp Certified Vault Associate / Professional

• ForgeRock Certified Engineer

• SailPoint Certified IdentityIQ Engineer

• RSA Certified Administrator

• Experience in financial services or highly regulated industries

Why Ensono?

Ensono is a place to make better happen - for our clients and for your career. You can do great things through innovation or collaboration, by learning or volunteering, or to promote diversity and inclusion. You can do great things for your own health or for a healthier planet. Whatever it means to you to do great things we want Ensono to be the place you can do it.

We are a client-facing business, but we do encourage clients to allow us to work remotely most of the time so if you are not required to be on a client site, you can choose to work from home or in our Ensono office

Some of our benefits include:

• Unlimited Paid Days Off

• Three health plan options

• 401k with company match

• Eligibility for dental, vision, short and long-term disability, life and AD&D coverage, and flexible spending accounts

• Family Forming Benefit including fertility coverage and adoption/surrogacy reimbursement

• Paid childbearing and paternal leave

• Education Reimbursement, Student Loan Assistance or 529 College Funding

• Sabbatical leave

• Wellness program

• Flexible work schedule

As of the date of this posting, a good faith estimate of the current pay scale for this role is $125,000 to $150,000 annually based on a full-time schedule. Please note that placement in the range may vary based on numerous factors including but not limited to skills, experience, internal equity, and business needs. In addition to base salary, other compensation programs, depending on eligibility, includean annual bonus plan based on company and individual performance and an equity grant under our Associate Equity Appreciation Program.

Ensono is an Equal Opportunity/Affirmative Action employer. We are committed to providing equal employment to our Associates and building a diverse and inclusive workforce. All qualified applicants will be considered without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or other legally protected basis, in accordance with applicable law.

Pay transparency nondiscrimination statement/posting OFCCP's pay transparency policy can be found on OFCCP's website.

If you need accommodation at any point during the application or interview process, please let your recruiter know or email [email protected].

JR013400