Key skills
AWS IAMPAM SolutionCI/CD integrationidentity federation protocolsPythonTerraformZero Trust principlesidentity lifecycle managementaudit reportingtroubleshooting federated identitySSO experienceSCIM protocolCCSP certificationBashAWSIAMOAuthSAMLIdentity ManagementSSOSingle Sign-OnCI/CDCloud SecurityZero Trust
About this role
ModMed is a company focused on reimagining the healthcare experience through innovative software solutions. The Senior IAM Security Engineer is responsible for implementing and maintaining secure identity and access controls across cloud and enterprise environments, ensuring compliance with industry standards.
Responsibilities:
- Design, implement, and maintain AWS and SSO IAM policies, roles, and groups following least privilege
- Operationalize PAM Solution for privileged access management (PAM) and identity governance
- Conduct periodic access reviews, role audits, and entitlement reporting
- Integrate IAM with CI/CD and engineering workflows for automated account provisioning
- Support incident response related to identity misuse or compromised credentials
- Makes day-to-day technical and operational decisions impacting access control, audit readiness, and identity posture
- Recommends strategic IAM and PAM improvements to the Security Architect and Director of Security Engineering with minimal supervision
Requirements:
- Bachelor's in Computer Science, CompSci, InfoSec, or related field
- 5+ years hands-on IAM or cloud security engineering experience
- Proficiency with AWS IAM, SSO, PAM Solution, scripting (Python/Bash), Terraform, least privilege enforcement, audit reporting, and troubleshooting federated identity issues, Zero Trust security principles
- Understanding and implementation experience with modern identity federation protocols, including SAML 2.0, OpenID Connect (OIDC), and OAuth 2.0
- Hands-on experience with directory services (SSO)
- Proficiency in identity lifecycle management and automated provisioning/de-provisioning using the SCIM (System for Cross-domain Identity Management) protocol
- Proven track record of integrating enterprise applications with a central Single Sign-On (SSO) solution; hands-on experience with AWS IAM
- Experience integrating IAM with CI/CD and DevOps pipelines preferred
- AWS Certified Security - Specialty or CCSP (Certified Cloud Security Professional) CIDPRO SSO Professional Certification is a plus