Key skills
PowerShellAIClaudeAWSIAMEntra IDOAuthOktaSAMLLDAPActive DirectorySSOSplunk
About this role
OEC provides software solutions to the automotive parts and repair industry, and they are seeking a Sr Identity & Access Engineer to own and evolve their enterprise identity platform. The role involves shaping architecture, strengthening security posture, and driving scalable identity solutions across various platforms.
Responsibilities:
- Own the identity platform end-to-end: availability, performance, and security across AD, Entra ID, and Okta
- Design modern access controls: MFA, passwordless, Conditional Access, and adaptive authentication
- Enforce least privilege at scale using RBAC/ABAC and automate Joiner/Mover/Leaver (JML) processes
- Lead cloud identity strategy across Entra ID and AWS IAM, including federation and workload identities
- Secure privileged access with PIM/PAM and resilient break-glass patterns
- Detect and respond to threats using SIEM/log platforms; lead identity-related incident investigations
- Own SOC 2 identity controls including access reviews, certifications, and audit readiness
- Act as a subject matter expert: build architecture diagrams, runbooks, and integration standards
- Collaborate and mentor through peer reviews, knowledge sharing, and team upskilling
- Participate in an on-call rotation supporting a critical security platform
Requirements:
- 7+ years of hands-on IAM experience in enterprise environments
- Deep expertise across Active Directory, Entra ID, and Okta
- Experience designing hybrid identity architectures and modern access strategies
- Strong background in identity security, incident response, and compliance frameworks (SOC 2, NIST, ISO)
- Proven ability to own and evolve platforms, not just support them
- Bachelor's degree in Computer Science, IT, or related field (or equivalent experience)
- Active Directory: domains, forests, GPOs, Kerberos, LDAP
- Microsoft Entra ID: Conditional Access, MFA, Identity Protection, PIM, Entra Connect
- Okta: SSO, lifecycle management, integrations, federation, Workflows
- Protocols: SAML, OAuth 2.0, OIDC
- Access Models: RBAC/ABAC, entitlement design, JML automation
- Privileged Access: PIM, PAM, break-glass strategies
- Cloud IAM: AWS IAM, federated identity, cross-platform trust
- Security Monitoring: SIEM tools (Sentinel, Splunk), Entra & Okta logs
- IGA Tools: SailPoint, Saviynt, or Entra ID Governance
- PAM Tools: CyberArk, BeyondTrust, or Delinea
- Automation: SCIM provisioning, scripting (PowerShell required)
- Communicate clearly and constructively—even in high-pressure situations
- Adapt quickly as priorities shift in a fast-moving environment
- Thrive in a remote-first, highly autonomous team
- Relevant certifications preferred: SC-300, AZ-500, Okta Certified Professional/Admin
- Familiarity with AI-assisted scripting/tools (e.g., Copilot, Claude) is a plus