Security Services Engineer

Summary

Join Upwork's Hybrid Workforce Solutions Team as a Security Services Engineer specializing in Identity and Access Management (IAM). Design, implement, and maintain secure identity and access solutions across the enterprise. Collaborate with IT, HR, and Engineering teams to ensure secure authentication, authorization, and identity lifecycle management. Automate identity lifecycle processes using Python and PowerShell. Administer and support identity governance platforms like SailPoint. Analyze and resolve access-related issues. Support compliance and audit readiness for identity and access controls. Maintain detailed documentation of configurations, policies, and procedures. This role requires strong experience with identity platforms and cloud IAM, along with a deep understanding of IAM automation and scripting.

Requirements

• 3–5+ years of experience in cybersecurity or IT, with 2+ years specifically in IAM or identity governance in cloud-native or SaaS environments
• Strong experience with identity platforms such as Okta, Azure AD, Google Workspace, or Ping Identity
• Technical familiarity with SSO, MFA, RBAC, SCIM, SAML, OAuth/OIDC , and IAM-related API integrations
• Experience with cloud IAM (AWS IAM, GCP IAM, or Azure IAM), especially within CI/CD pipelines or platform engineering contexts
• Familiarity with IAM automation or scripting using PowerShell, Python, Bash, or similar
• Understanding of zero trust principles , secure access architecture, and modern remote work security models
• Strong analytical and troubleshooting skills in complex IAM ecosystems
• Excellent written and verbal communication skills

Responsibilities

• Design, implement, and maintain IAM solutions across internal and cloud-based systems including SSO, MFA, RBAC, and provisioning platforms
• Automate identity lifecycle processes (joiner/mover/leaver workflows) using Python and PowerShell or other scripting languages
• Administer and support identity governance platforms such as SailPoint
• Collaborate with internal teams to support secure access control across cloud and on-premises environments
• Analyze and resolve access-related issues and requests, ensuring security, speed, and simplicity in the user experience
• Support compliance and audit readiness for identity and access controls (e.g., SOC 2, ISO 27001)
• Maintain detailed documentation of configurations, policies, and procedures

Preferred Qualifications

• Experience supporting distributed or remote-first teams in a high-scale tech environment
• Familiarity with DevSecOps and infrastructure-as-code (IaC) principles as they relate to access controls
• Experience with privileged access management (PAM) tools like CyberArk or BeyondTrust
• Ability to translate technical IAM requirements into business-aligned solutions and clear documentation
• Demonstrated ability to work independently in a fast-paced, agile, and collaborative environment
• Industry certifications such as CISSP, GIAC, GSEC, or identity-specific credentials are a plus but not required