Job Summary
We are looking for an experienced Senior IAM Engineer to lead enterprise Identity and Access Management (IAM) initiatives across cloud and on-premises environments. The ideal candidate will have deep expertise in Identity Governance and Administration (IGA), Privileged Access Management (PAM), Zero Trust architecture, Identity Federation, and IAM governance.
This role requires a technical leader who can design, implement, and optimize enterprise IAM platforms, drive identity transformation programs, establish governance frameworks, and mentor engineering teams while partnering with security, cloud, infrastructure, and application teams.
Key Responsibilities
- Lead enterprise Identity and Access Management (IAM) transformation initiatives.
- Design, implement, and support enterprise IAM solutions across hybrid and cloud environments.
- Architect and implement Identity Governance and Administration (IGA) solutions.
- Deploy and manage Privileged Access Management (PAM) platforms.
- Design and implement Zero Trust Identity architecture and security controls.
- Define IAM governance policies, standards, access models, and compliance frameworks.
- Design and manage Identity Lifecycle Management processes including onboarding, offboarding, role changes, and access certifications.
- Configure and administer IAM platforms including:
- SailPoint IdentityIQ / IdentityNow
- Okta
- Ping Identity (PingFederate / PingOne)
- Microsoft Entra ID (Azure Active Directory)
- AWS Identity and Access Management (AWS IAM)
- Implement and support:
- Single Sign-On (SSO)
- Multi-Factor Authentication (MFA)
- Identity Federation
- Conditional Access
- Integrate enterprise applications using:
- SAML 2.0
- OAuth 2.0
- OpenID Connect (OIDC)
- SCIM
- REST APIs
- Design Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models.
- Implement least-privilege access and privileged identity management strategies.
- Automate identity provisioning, deprovisioning, and access approval workflows.
- Conduct access reviews, entitlement management, and compliance reporting.
- Collaborate with cybersecurity, cloud, DevOps, networking, and application teams to deliver secure identity solutions.
- Mentor junior IAM engineers and provide technical leadership.
- Develop IAM standards, architecture documentation, and operational procedures.
Required Skills
- 8+ years of experience in Identity and Access Management (IAM).
- Strong expertise with:
- SailPoint IdentityIQ / IdentityNow
- Okta
- Ping Identity
- Microsoft Entra ID (Azure Active Directory)
- AWS IAM
- Hands-on experience implementing:
- Identity Governance and Administration (IGA)
- Privileged Access Management (PAM)
- Identity Lifecycle Management
- Single Sign-On (SSO)
- Multi-Factor Authentication (MFA)
- Identity Federation
- Strong understanding of:
- SAML 2.0
- OAuth 2.0
- OpenID Connect (OIDC)
- LDAP
- Active Directory
- SCIM
- Experience integrating enterprise and SaaS applications with IAM platforms.
- Strong knowledge of Zero Trust security architecture and identity-centric security models.
- Experience designing IAM governance frameworks and access control policies.
- Knowledge of AWS IAM roles, policies, permission boundaries, and cross-account access.
- Strong scripting and automation experience using PowerShell, Python, or Bash.
- Experience working with ServiceNow or similar ITSM platforms.
- Excellent troubleshooting, analytical, and problem-solving skills.
Preferred Skills
- IAM Center of Excellence (IAM CoE) implementation experience.
- Identity Threat Detection and Response (ITDR).
- CyberArk, Delinea (Thycotic), BeyondTrust, or HashiCorp Vault.
- Microsoft Identity Protection.
- Conditional Access Policies.
- Azure Privileged Identity Management (PIM).
- AWS Security Hub and GuardDuty.
- Zero Trust implementation across enterprise environments.
- Cloud security and governance.
- Compliance frameworks including ISO 27001, SOC 2, PCI-DSS, HIPAA, NIST, and GDPR.
- DevSecOps and security automation.
- Enterprise IAM modernization and migration projects.
Preferred Certifications
- SailPoint IdentityIQ / IdentityNow Certification
- Okta Certified Professional / Administrator
- AWS Certified Security – Specialty
- CyberArk Certified Defender / Sentry
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
Soft Skills
- Strong technical leadership and mentoring abilities.
- Excellent communication and stakeholder management skills.
- Strong analytical and decision-making capabilities.
- Ability to lead enterprise transformation initiatives.
- Excellent documentation and presentation skills.
- Ability to work effectively in cross-functional and global teams.
Pay: ₹1,500,000.00 - ₹3,000,000.00 per year
Work Location: In person