Ardent MillsRemote
Senior IAM Security Engineer
District of Columbia, United States of America
Full Time
1 month ago
$140,000 - $200,000 USD
Visa Sponsor
Key skills
AzureERPAnalyticsIAMAzure ADEntra IDOktaSAMLLDAPSSOZero Trust
About this role
Role Overview
- Design and maintain IAM security architecture: directory services, federation, SSO (SAML/OIDC), MFA, conditional access, device trust
- Implement identity lifecycle automation (joiner/mover/leaver), birthright roles, and SCIM-based provisioning/deprovisioning
- Define RBAC/ABAC models; perform access reviews, role mining, and segregation-of-duties analyses
- Integrate identity governance platforms (where applicable) with HRIS/ERP and downstream applications
- Engineer privileged access management (PAM) solutions (Examples: CyberArk/BeyondTrust) including JIT elevation and session recording
- Secure service and machine identities, secrets, and certificates; enforce rotation and attestation
- Develop identity security monitoring and anomaly detection (e.g., Identity Protection, risk-based access); integrate with SIEM/XDR for response
- Support Zero Trust identity strategy, including strong authentication, device trust, and continuous access evaluation
- Support compliance audits (where applicable) with access certification evidence and control narratives
- Troubleshoot complex federation and authorization issues; provide tier-3 support and root-cause analysis
- Document standards, patterns, and runbooks; advise application teams on secure integration
Requirements
- Bachelor’s degree in Information Security/Computer Science or equivalent experience
- 7–10 years in IAM engineering/architecture with enterprise platforms (Entra ID/Azure AD, Okta, Ping, SailPoint)
- Strong understanding of authentication/authorization protocols (SAML, OIDC/OAuth2, Kerberos, LDAP, SCIM)
- Experience with PAM, certificate/secrets management, and identity analytics
- Certifications: Microsoft Certified: Identity and Access Administrator (SC-300), Okta Certified Administrator/Professional, CISSP or CIAM
- Good to have: Experience with just-in-time access, just-enough-access, attribute-based access control, and modern device trust models
- Experience working in a co-managed environment with SOC/MDR providers
- Certifications: CCSP, Certified in Governance, Risk and Compliance (as relevant), SailPoint Certified
Tech Stack
- Azure
- ERP
Benefits
- Medical, Dental and Vision Coverage
- Health and Dependent Savings Accounts
- Life and Disability Programs
- Voluntary Benefit Programs
- Company Sponsored Wellness Programs
- Retirement Savings with Company Match
- Team Member and Family Assistance Program (EAP)
- Paid Time Off and Paid Holidays
- Employee Recognition Program with Rewards (RAVE)