A Day in Your Life at MKS
We are seeking a hands‑on professional to own the strategy, engineering, and lifecycle of core identity and endpoint security tools—Evidian (IAM/IAG), Admin By Request (privileged access elevation), and 1Password (password management & secrets). As product owner and technical authority, you will ensure these platforms are securely designed, integrated, monitored, and continuously improved to meet business and regulatory needs, partnering with IAM, Endpoint, IT Ops, Enterprise Architecture, Security Operations, and Compliance to deliver reliable, audited, and user‑friendly security services globally
You Will Make an Impact By
-
Platform Ownership & Strategy- Act as product owner for Evidian, Admin By Request, and 1Password—owning roadmaps, backlog, release planning, and stakeholder communication. Define architecture and configuration baselines aligned to zero trust, least privilege, and separation of duties, while maintaining platform governance across access models, workflows, policies, standards, and lifecycle management.
-
Engineering & Integration- Design and implement integrations with enterprise directories (e.g., Azure AD/Entra ID, AD), HRIS (for joinermoverleaver), MDM/UEM (e.g., Intune), SIEM/SOAR, ticketing (ServiceNow/Jira), and secrets pipelines (CI/CD).
-
Security & Compliance-Implement least‑privilege controls with Admin By Request (approval policies, just‑in‑time elevation, allow/deny lists, session auditing) and operate 1Password enterprise policies (domain capture, vault hygiene, phishing‑resistant MFA, secrets access controls, recovery processes).
-
Operations & Service Management -Own SLAs/OLAs, incident/problem/change management, patching, upgrades, and vendor management. Provide L3 support and enable L1/L2 teams through documentation and training.
Skills you bring
-
5+ years in IAM/Security Engineering or Endpoint Security, with 2+ years administering at least two of the following: Evidian (or similar IGA/IAM), Admin By Request (or equivalent PAM/JIT elevation), 1Password (or enterprise password/secrets managers).
-
Strong experience with Entra ID/Azure AD & Active Directory, SSO (SAML/OIDC), and SCIM provisioning.
-
Scripting/automation proficiency: PowerShell
-
Hands-on with SIEM (e.g., Sentinel, Splunk, Chronicle) for log forwarding, correlation, and alerting.
-
Solid understanding of least privilege, JIT/JEA, secrets management, and credential hygiene with Familiarity on data protection principles.
Preferred Skills
-
Prior ownership of Evidian (IGA/IAM modules), Admin By Request at enterprise scale, and 1Password Business/Enterprise, including policies, SSO, domain capture, recovery, and secrets automation.
-
RBAC/ABAC design, SoD rulesets, entitlement modeling, and access recertifications.
-
Knowledge of modern identity patterns (FIDO2/WebAuthn, conditional access, device trust).
-
Certifications (nice to have): CISSP, CCSP, Azure Security Engineer (AZ500), GIAC (e.g., GCLD/GSEC), ITIL.
-
Core Skills Technical: IAM/IGA, PAM/JIT, enterprise password/secrets management, SSO/SCIM, directory services, endpoint management, scripting/automation, log engineering.
#LI-MK1
Globally, our policy is to recruit individuals from wide and diverse backgrounds. However, certain positions require access to controlled goods and technologies subject to various export control regulations. Applicants for these positions may be limited (by, for example, their countries of citizenship, country of origin, or immigration status) where required by law or governmental contact, and/or employment made contingent upon the issuance of appropriate governmental licensing.
MKS Inc. and its affiliates and subsidiaries (“MKS”) is an affirmative action and equal opportunity employer: diverse candidates are encouraged to apply. We win as a team and are committed to recruiting and hiring qualified applicants regardless of race, color, national origin, sex (including pregnancy and pregnancy-related conditions), religion, age, ancestry, physical or mental disability or handicap, marital status, membership in the uniformed services, veteran status, sexual orientation, gender identity or expression, genetic information, or any other category protected by applicable law. Hiring decisions are based on merit, qualifications and business needs. We conduct background checks and drug screens, in accordance with applicable law and company policies. MKS is generally only hiring candidates who reside in states where we are registered to do business.
MKS is committed to working with and providing reasonable accommodations to qualified individuals with disabilities. If you need a reasonable accommodation during the application or interview process due to a disability, please contact us at: [email protected] .
If applying for a specific job, please include the requisition number (ex: RXXXX), the title and location of the role
