As an Identity and Security Engineer, you will play a pivotal role in safeguarding digital identities across a complex, hybrid enterprise environment. You will be responsible for designing, implementing, and managing scalable IAM solutions that ensure secure and seamless access for users, applications, and services. This hands-on engineering role requires deep expertise in identity protocols, cloud IAM, and security automation. You will collaborate with cross-functional teams including DevOps, infrastructure, application development, and compliance to embed identity as a key component of the security architecture.

Key Responsibilities Identity Architecture & Engineering

Design and implement scalable IAM solutions, including SSO, MFA, and RBAC.

Manage identity lifecycle processes: onboarding, offboarding, access reviews, and recertifications.

Integrate IAM systems with enterprise applications, cloud platforms (Azure AD, AWS IAM), and third-party tools.

Security Operations & Automation

Develop automation scripts for identity provisioning and access governance.

Deploy and manage Privileged Access Management (PAM) solutions to secure administrative access.

Support Zero Trust Architecture by enforcing least privilege access across all environments.

Monitoring, Detection & Incident Response

Monitor identity-related events using SIEM and analytics tools.

Investigate and respond to access violations and identity-based security incidents.

Conduct root cause analysis and implement preventive controls.

Compliance & Governance

Ensure compliance with standards such as GDPR, PCI-DSS, ISO 27001.

Maintain audit trails, access logs, and documentation to support internal/external audits.

Contribute to policy development, risk assessments, and awareness programs.

Collaboration & Continuous Improvement

Work with DevOps and IT teams to embed IAM into CI/CD pipelines and cloud-native environments.

Mentor junior engineers and promote IAM best practices across teams.

Stay updated on identity trends, technologies, and evolving threat landscapes.

Required Qualifications

Minimum 5 years of experience in IAM or security engineering roles.

Strong understanding of IAM protocols (SAML, OAuth2, OpenID Connect, LDAP, SCIM).

Hands-on experience with Azure AD, Active Directory, AWS IAM/GCP IAM.

Experience with PAM tools such as CyberArk, BeyondTrust, or HashiCorp Vault.

Proficient in scripting languages (PowerShell, Python, or equivalent).

Strong grasp of Zero Trust principles and identity governance frameworks.

Preferred Qualifications

Relevant certifications (Microsoft Identity and Access Administrator, CISSP, Azure Security Engineer, etc.).

Experience in enterprise or retail environments at scale.

Familiarity with Just-In-Time (JIT) access, identity analytics, and behavioral monitoring.

Exposure to DevSecOps and CI/CD pipeline security integration.