Senior Identity & Access Management Engineer

Summary

Join KBRA Holdings, LLC as a Senior Identity and Access Management (IAM) Engineer and design a modern IAM program for access, authentication, and authorization across all business units. Collaborate with cybersecurity and technical teams to manage and maintain access and identities, ensuring compliance with security design principles. This remote position (with location restrictions) requires close collaboration with IT, cybersecurity, business units, and third parties. You will design, establish, and manage enterprise-wide identities and access controls, adopting best-practice IAM principles. The ideal candidate possesses 5-7 years of experience in cybersecurity, IAM, or IT administration. This role involves designing resilient and scalable identity strategies, creating technical documentation, and driving the adoption of IAM technologies.

Requirements

• 7-10 + years’ experience in cybersecurity administration, with three-plus years’ IAM practitioner experience
• Subject matter expertise in directory services, Microsoft Azure/AWS/GCP, SSO, MFA and role-based access
• Understanding of IAM-related protocols such as Kerberos, SAML, SPML, XACML, SCIM, OpenID and OAuth
• Understanding of cloud computing architecture, technical design and implementations, including IaaS, PaaS and SaaS models
• Experience administering IAM systems, access controls, security and risk management, and governance fundamentals
• Strong written and oral communication skills across varying levels of the organization
• Capacity to comprehend complex technical infrastructure, identities, access controls and least privilege
• Understanding of service design, delivery concepts and control frameworks
• Organizational skills and the ability to prioritize and complete tasks within defined SLAs/SLOs
• Excellent judgment and the ability to make quick decisions when working with complex situations
• High degree of integrity, professionalism and trustworthiness

Responsibilities

• Serve on a distributed security and technology team responsible for establishing IAM solutions
• Design and oversee IAM projects from inception to completion, ensuring they remain on time and within budget
• Collaborate with leadership and teammates to implement IAM models aligned with risk posture
• Supply technical IAM architecture for a global and diverse enterprise workforce
• Architect for SSO, directory, zero trust network access, MFA, privileged accounts, automation and behavior analytic systems
• Craft resilient and scalable identity strategies that align with cybersecurity policies and governance structure
• Design the identity lifecycle from onboarding to offboarding, as well as role changes
• Collaborate with stakeholders to define IAM requirements and design comprehensive solutions for business needs
• Create technical documentation with architecture diagrams, configuration guides and operational practices
• Drive adoption of IAM reference architecture for new, existing and emerging IAM technologies
• Create and enforce IAM capability roadmaps to respond to and address business and technology drivers
• Strategize for on-premises, cloud and hybrid infrastructure and applications to support remote workforce
• Conduct business impact analysis and risk assessments based on the level of access granted and recommend improvements
• Work closely with incident responders for potential incidents and escalate to management as needed
• Document access, policies and exceptions, and maintain integrity for audit reviews
• Outline controls to review internal, external and contractor accounts as part of periodic audits
• Make recommendations to improve automation efficiencies, security practices and end user experience
• Communicate security posture to cybersecurity leaders, stakeholders, IT and developers
• Participate in security groups and consortiums for knowledge and building relationships
• Define key performance indicators, operational metrics and SLAs for reporting data to validate success and areas of improvement
• Execute tactical requests along with supporting strategic vision for rigorous and scalable IAM controls
• Interact with business units to understand plans, risk posture, tolerance and IAM support requirements

Preferred Qualifications

• Bachelor's degree preferred in information assurance, computer science, engineering or technical field
• Certifications in IAM or security-related fields (e.g., CISSP, CISM, AWS or Azure Security, Okta Certified Professional, CIAM, CAMS, CIDPRO)
• Experience with modern IAM platforms such as Okta, Auth0, Ping Identity, or ForgeRock
• Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and their IAM services
• Knowledge of IT service management (ITSM) tools and processes
• Preferable experience with one or more scripting languages (Python, PowerShell and Bash)

Benefits

• Competitive benefits and paid time off
• Paid family and disability leave
• 401(k) plan, including employer match (100% vested)
• Educational and professional development financial assistance
• Employee referral bonus program
• Cell Phone provided