IAM Security Engineer 3

MongoDB is a leading database company that empowers customers to innovate at speed. They are seeking an IAM & Security Engineer 3 to design, implement, and operate identity, access, and endpoint security solutions, working closely with senior IAM engineers and IT teams to enhance IAM posture and support compliance initiatives.

Responsibilities:

• Operate and enhance IAM platforms, including Okta, AWS IAM, GCP IAM, and Azure AD, helping to ensure secure, least-privilege, and scalable access models for employees and service accounts
• Need to be a US Citizen
• Implement and support SSO integrations (SAML, OIDC, OAuth2) and MFA enforcement for internal and third-party applications
• Help maintain and improve RBAC models, groups, and policies, ensuring access is consistent with business needs and audit requirements
• Contribute to the identity lifecycle (provisioning, deprovisioning, access changes, and just-in-time access) using automation (Terraform/OpenTofu, Python, Tines) to reduce manual effort and errors
• Assist with hardening non-human identities (service accounts, workloads, automation identities, agentic AI systems), focusing on least-privilege and proper key/secret management
• Collaborate with senior engineers to support FedRAMP High and other regulatory/compliance programs by implementing and operating required IAM and endpoint controls, and helping prepare evidence for audits
• Integrate IAM and endpoint events into Datadog (or similar tools) to improve visibility, alerts, and investigations around authentication and access activity
• Partner with teams operating MDM platforms (Jamf, Workspace ONE, Kolide) to ensure device posture is reflected in IAM policies where applicable
• Create and maintain documentation and runbooks for IAM workflows, automations, and on-call procedures
• Participate in the IAMSEC team’s on-call rotation for production incidents impacting identity, access, or FedRAMP-scoped services, with guidance from senior team members

Requirements:

• 3–5 years of experience in Identity & Access Management, Security Engineering, or Cloud Security roles
• Hands-on experience administering and securing Okta for workforce identity (groups, policies, app integrations, MFA)
• Practical experience working with IAM in at least one major cloud provider (AWS IAM strongly preferred; GCP IAM or Azure AD a plus)
• Good understanding of authentication and authorization standards, including OAuth2, OIDC, SAML, and modern MFA approaches
• Exposure to FedRAMP High or Moderate, or similar U.S. public-sector frameworks (e.g., FISMA, StateRAMP), and an interest in deepening expertise in NIST 800‑53, ATO processes, and POA&M management
• Experience implementing or supporting RBAC models, group/role structures, and access reviews in a mid-to-large enterprise
• Experience with scripting or programming (e.g., Python, Bash) to automate repetitive IAM or security tasks
• Familiarity with Infrastructure as Code (Terraform/OpenTofu, CloudFormation) and a willingness to grow into owning IAM-related IaC modules
• Experience with observability or SIEM tools such as Datadog (or similar) for working with logs, alerts, and dashboards
• Strong problem-solving skills, attention to detail, and the ability to follow and improve documented processes
• Comfortable collaborating in a remote, distributed team, communicating clearly in writing, and asking for help or clarification when needed
• Need to be a US Citizen
• Operate and enhance IAM platforms, including Okta, AWS IAM, GCP IAM, and Azure AD, helping to ensure secure, least-privilege, and scalable access models for employees and service accounts
• Implement and support SSO integrations (SAML, OIDC, OAuth2) and MFA enforcement for internal and third-party applications
• Help maintain and improve RBAC models, groups, and policies, ensuring access is consistent with business needs and audit requirements
• Contribute to the identity lifecycle (provisioning, deprovisioning, access changes, and just-in-time access) using automation (Terraform/OpenTofu, Python, Tines) to reduce manual effort and errors
• Assist with hardening non-human identities (service accounts, workloads, automation identities, agentic AI systems), focusing on least-privilege and proper key/secret management
• Collaborate with senior engineers to support FedRAMP High and other regulatory/compliance programs by implementing and operating required IAM and endpoint controls, and helping prepare evidence for audits
• Integrate IAM and endpoint events into Datadog (or similar tools) to improve visibility, alerts, and investigations around authentication and access activity
• Partner with teams operating MDM platforms (Jamf, Workspace ONE, Kolide) to ensure device posture is reflected in IAM policies where applicable
• Create and maintain documentation and runbooks for IAM workflows, automations, and on-call procedures
• Participate in the IAMSEC team's on-call rotation for production incidents impacting identity, access, or FedRAMP-scoped services, with guidance from senior team members
• Experience designing or operating phishing-resistant authentication (e.g., WebAuthn, FIDO2, YubiKey)
• Experience with identity governance and administration (IGA) platforms or structured access review / certification processes
• Experience with Zero Trust concepts and integrating device posture into access policies
• Exposure to MDM platforms (Jamf, Workspace ONE, Kolide) and endpoint baselines
• Familiarity with Tines or other low-code automation tools for security workflows
• Industry certifications such as Okta Certified Administrator, AWS Associate/Professional, or security certifications like Security+; interest in pursuing more advanced certifications over time