Identity and Access Management (IAM) Engineer
Kellermeyer Bergensons Services
About KBS
Kellermeyer Bergensons Services (KBS) is the largest privately held provider of facility services in North America, servicing over 2 billion square feet of space daily. We help industry leaders across a wide range of key verticals—including retail, industrial and logistics, healthcare, education, manufacturing, and more—maintain clean, efficient and welcoming spaces that support their operations. As we continue to grow, we’re looking for team members who are dedicated, reliable, and ready to contribute to a culture built on respect, opportunity, and pride in service.Identity and Access Management (IAM) Engineer Job DescriptionKBS is seeking a skilled and security-minded Identity & Access Management (IAM) Engineer to join our Cybersecurity team. This role plays a critical part in enabling secure, reliable access across both our on-premises and cloud environments, focusing on modern identity governance, authentication protocols, and Zero Trust access controls. If this sounds like you, apply today!
LOCATION: 100% remote, but candidates must live in the Pacific or Central time zone
SALARY: $115-125K
The salary range for this position is based on market data and is intended to provide a general guideline for the position. Actual compensation may vary depending on factors such as experience, qualifications, skills, internal equity, and geographic location. The final offer will be determined through a comprehensive evaluation during the hiring process.
Key Responsibilities:Design, implement, and manage identity solutions across Microsoft Entra ID / Azure AD, Active Directory, AWS IAM, and OneLogin, supporting hybrid and cloud-first architectures.Integrate cloud and on-prem applications using SCIM, SAML, OIDC, OAuth2, and FIDO2/WebAuthn.Manage and automate identity lifecycle processes (Joiner, Mover, Leaver), including both HR-driven and technical workflows, using tools like Python, PowerShell, Microsoft Graph API for provisioning, deprovisioning, and policy enforcement. Enforce and fine-tune Conditional Access policies, including MFA, device trust, RBAC, and risk-based access controls using Microsoft Entra ID.Lead troubleshooting and root-cause analysis for IAM-related issues across cloud and on-prem environments; collaborate closely with infrastructure and application teams.Conduct periodic access reviews, audit reporting, and identity governance activities to support compliance with SOC2, NIST CSF, and internal policies.Partner with stakeholders to capture IAM use cases, define process requirements, and manage cross-functional IAM project dependencies.Maintain accurate documentation of IAM processes, policies, and automation workflows.Stay current with evolving IAM technologies, threat trends, and best practices to improve security posture and support a Zero Trust strategy.Other duties as assigned.Required Skills & Qualifications5+ years of hands-on experience with:Microsoft Entra ID / Azure AD, including Conditional Access, Governance, PIM, and Just-in-Time (JIT) access controlsAWS IAM and Identity CenterOneLogin or similar IAM platformsStrong knowledge of IAM standards: SCIM, SAML, OIDC, OAuth2, FIDO2/WebAuthnScripting/automation skills (e.g., Python, PowerShell, Graph API, Terraform)Experience with Zero Trust principles and identity-based security enforcementClear documentation and communication skillsStrong Analytical and problem-solving abilitiesEthical judgment and critical thinkingExcellent interpersonal and customer service skillsProven time management and ability to meet deadlinesEducation and ExperienceBachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)Preferred certifications: SC-300, SC-100, or equivalent identity/security credentialsMinimum 5 years of experience designing, implementing, and supporting enterprise IAM solutionsSolid foundation in identity governance, RBAC models, and security best practicesFamiliarity with Microsoft ecosystem tools: Defender for Identity, Intune, Purview, and Graph APIExperience contributing to enterprise-scale IAM projects, audits, or compliance initiatives (e.g., NIST, SOC2)
Corporate & EVP Full-time Benefits:
As a full-time KBS employee (30+ hours per week) you may qualify for benefits including medical, dental, vision, prescription drugs, and more! Paid Time Off Paid Holidays Sick Time Life Insurance Short Term Disability – Employer paid Long Term Disability Supplemental Health Insurance (E.G., Accident) 401k plan with a match or Non-qualified Deferred Compensation Plan Pet Insurance PerkSpot Discount Program – discounts on travel, gyms, cell phones, restaurants, auto, apparel & electronics
KBS considers all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity, and expression, marital or military status, or based on an individual's status in any group or class protected by applicable federal, state, or local law. KBS also provides reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law.
Kellermeyer Bergensons Services (KBS) is the largest privately held provider of facility services in North America, servicing over 2 billion square feet of space daily. We help industry leaders across a wide range of key verticals—including retail, industrial and logistics, healthcare, education, manufacturing, and more—maintain clean, efficient and welcoming spaces that support their operations. As we continue to grow, we’re looking for team members who are dedicated, reliable, and ready to contribute to a culture built on respect, opportunity, and pride in service.Identity and Access Management (IAM) Engineer Job DescriptionKBS is seeking a skilled and security-minded Identity & Access Management (IAM) Engineer to join our Cybersecurity team. This role plays a critical part in enabling secure, reliable access across both our on-premises and cloud environments, focusing on modern identity governance, authentication protocols, and Zero Trust access controls. If this sounds like you, apply today!
LOCATION: 100% remote, but candidates must live in the Pacific or Central time zone
SALARY: $115-125K
The salary range for this position is based on market data and is intended to provide a general guideline for the position. Actual compensation may vary depending on factors such as experience, qualifications, skills, internal equity, and geographic location. The final offer will be determined through a comprehensive evaluation during the hiring process.
Key Responsibilities:Design, implement, and manage identity solutions across Microsoft Entra ID / Azure AD, Active Directory, AWS IAM, and OneLogin, supporting hybrid and cloud-first architectures.Integrate cloud and on-prem applications using SCIM, SAML, OIDC, OAuth2, and FIDO2/WebAuthn.Manage and automate identity lifecycle processes (Joiner, Mover, Leaver), including both HR-driven and technical workflows, using tools like Python, PowerShell, Microsoft Graph API for provisioning, deprovisioning, and policy enforcement. Enforce and fine-tune Conditional Access policies, including MFA, device trust, RBAC, and risk-based access controls using Microsoft Entra ID.Lead troubleshooting and root-cause analysis for IAM-related issues across cloud and on-prem environments; collaborate closely with infrastructure and application teams.Conduct periodic access reviews, audit reporting, and identity governance activities to support compliance with SOC2, NIST CSF, and internal policies.Partner with stakeholders to capture IAM use cases, define process requirements, and manage cross-functional IAM project dependencies.Maintain accurate documentation of IAM processes, policies, and automation workflows.Stay current with evolving IAM technologies, threat trends, and best practices to improve security posture and support a Zero Trust strategy.Other duties as assigned.Required Skills & Qualifications5+ years of hands-on experience with:Microsoft Entra ID / Azure AD, including Conditional Access, Governance, PIM, and Just-in-Time (JIT) access controlsAWS IAM and Identity CenterOneLogin or similar IAM platformsStrong knowledge of IAM standards: SCIM, SAML, OIDC, OAuth2, FIDO2/WebAuthnScripting/automation skills (e.g., Python, PowerShell, Graph API, Terraform)Experience with Zero Trust principles and identity-based security enforcementClear documentation and communication skillsStrong Analytical and problem-solving abilitiesEthical judgment and critical thinkingExcellent interpersonal and customer service skillsProven time management and ability to meet deadlinesEducation and ExperienceBachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)Preferred certifications: SC-300, SC-100, or equivalent identity/security credentialsMinimum 5 years of experience designing, implementing, and supporting enterprise IAM solutionsSolid foundation in identity governance, RBAC models, and security best practicesFamiliarity with Microsoft ecosystem tools: Defender for Identity, Intune, Purview, and Graph APIExperience contributing to enterprise-scale IAM projects, audits, or compliance initiatives (e.g., NIST, SOC2)
Corporate & EVP Full-time Benefits:
As a full-time KBS employee (30+ hours per week) you may qualify for benefits including medical, dental, vision, prescription drugs, and more! Paid Time Off Paid Holidays Sick Time Life Insurance Short Term Disability – Employer paid Long Term Disability Supplemental Health Insurance (E.G., Accident) 401k plan with a match or Non-qualified Deferred Compensation Plan Pet Insurance PerkSpot Discount Program – discounts on travel, gyms, cell phones, restaurants, auto, apparel & electronics
KBS considers all applicants for employment without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, gender identity, and expression, marital or military status, or based on an individual's status in any group or class protected by applicable federal, state, or local law. KBS also provides reasonable accommodations to qualified individuals with disabilities in accordance with the Americans with Disabilities Act and applicable state and local law.
Por favor confirme su dirección de correo electrónico: Send Email