Torchora
Back to Home

Key Responsibilities and Required Skills for Identity Engineer

💰 $110,000 - $175,000

CybersecurityIT InfrastructureIdentity and Access ManagementCloud Engineering

🎯 Role Definition

This role requires a proactive and technically adept Identity Engineer to join our growing cybersecurity team. In this critical role, you will be the subject matter expert responsible for the architecture, implementation, and operational management of our enterprise-wide Identity and Access Management (IAM) infrastructure. You will be instrumental in safeguarding our digital assets by ensuring that the right individuals have the right access to the right resources at the right time. This position involves collaborating across various IT and business units to integrate applications, enforce security policies, and enhance the user authentication and authorization experience, directly contributing to our company's security posture and operational efficiency.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Systems Administrator / Engineer
  • Cybersecurity Analyst
  • Network Engineer
  • Software Developer (with a focus on security)

Advancement To:

  • Senior or Lead Identity Engineer
  • Identity Architect / IAM Architect
  • Manager, Identity and Access Management
  • Principal Cybersecurity Architect

Lateral Moves:

  • Cloud Security Engineer
  • DevSecOps Engineer
  • Security Consultant

Core Responsibilities

Primary Functions

  • Design, build, and maintain enterprise-level Identity and Access Management (IAM) solutions, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Privileged Access Management (PAM).
  • Act as the technical lead for our primary Identity Provider (e.g., Azure Active Directory / Entra ID, Okta, Ping Identity), managing its configuration, health, and lifecycle.
  • Engineer and implement robust federation and SSO solutions using industry-standard protocols like SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) for a wide range of SaaS and on-premise applications.
  • Develop, manage, and automate the end-to-end user identity lifecycle (Joiner, Mover, Leaver) to ensure timely and accurate provisioning and de-provisioning of access.
  • Manage and support hybrid identity environments, ensuring seamless synchronization and authentication between on-premise Active Directory and cloud directories like Azure AD.
  • Create and maintain automation scripts using PowerShell, Python, or other languages to streamline IAM operations, reporting, and administrative tasks.
  • Integrate new applications and systems into our IAM framework, working closely with application owners and vendors to define requirements and ensure secure configuration.
  • Architect and manage Privileged Access Management (PAM) solutions (e.g., CyberArk, Delinea) to secure, monitor, and govern access to critical infrastructure and sensitive accounts.
  • Develop and enforce IAM policies, standards, and procedures across the organization to align with security best practices and compliance requirements.
  • Troubleshoot and resolve complex authentication, authorization, and other identity-related issues, serving as the Tier 3 escalation point for the support team.
  • Conduct regular access reviews and certification campaigns in partnership with business and application owners to ensure the principle of least privilege is maintained.
  • Manage the lifecycle of digital certificates and the underlying Public Key Infrastructure (PKI) that supports our IAM services.
  • Continuously monitor IAM systems for security vulnerabilities, anomalous activity, and performance degradation, and proactively implement remediation measures.
  • Lead technical discovery and design sessions with stakeholders to translate business requirements into secure and scalable IAM solutions.
  • Develop and maintain comprehensive documentation for IAM architecture, configurations, standard operating procedures, and disaster recovery plans.
  • Evaluate emerging IAM technologies, industry trends, and security threats to recommend improvements and enhancements to our identity security posture.
  • Implement and manage Identity Governance and Administration (IGA) tools to provide enhanced visibility, governance, and compliance reporting over user access.
  • Develop custom connectors and workflows for provisioning, often utilizing SCIM (System for Cross-domain Identity Management) to connect to applications that lack native support.
  • Participate in internal and external audits by providing evidence of IAM controls and demonstrating compliance with regulations such as SOX, GDPR, and CCPA.
  • Collaborate with the security operations team to integrate IAM platforms with SIEM and other monitoring tools for a unified security monitoring strategy.
  • Provide expert guidance and mentorship to junior team members and other IT staff on identity management principles and best practices.

Secondary Functions

  • Support ad-hoc data requests and exploratory data analysis related to user access and permissions.
  • Contribute to the organization's broader cybersecurity strategy and technology roadmap.
  • Collaborate with business units to translate data access and security needs into engineering requirements.
  • Participate in sprint planning, retrospectives, and other agile ceremonies within the engineering team.

Required Skills & Competencies

Hard Skills (Technical)

  • IAM Platforms: Deep expertise in managing enterprise Identity Providers such as Azure Active Directory (Entra ID), Okta, Ping Identity, or ForgeRock.
  • Authentication/Federation Protocols: Proficient in implementing and troubleshooting SAML, OAuth 2.0, OpenID Connect (OIDC), and Kerberos.
  • Directory Services: Extensive hands-on experience with Active Directory Domain Services (AD DS) and cloud-based directories (Azure AD).
  • Scripting & Automation: Strong scripting skills for automation and integration, particularly with PowerShell and/or Python.
  • Privileged Access Management (PAM): Experience with the design, implementation, and operation of PAM solutions like CyberArk, Delinea, or BeyondTrust.
  • Cloud Infrastructure: Familiarity with IAM services in major cloud platforms (AWS IAM, Google Cloud Identity).
  • Provisioning Standards: Knowledge of SCIM (System for Cross-domain Identity Management) for automated user provisioning.
  • MFA Technologies: In-depth understanding of various multi-factor authentication methods and technologies (e.g., authenticator apps, FIDO2, biometrics).
  • Identity Governance & Administration (IGA): Experience with IGA platforms (e.g., SailPoint, Saviynt) for access reviews and governance.
  • API Security: Understanding of REST APIs and how to secure them within an IAM context.
  • Networking Concepts: Solid understanding of networking principles (TCP/IP, DNS, firewalls, load balancers) as they relate to IAM flows.

Soft Skills

  • Analytical Problem-Solving: Ability to diagnose and resolve complex technical issues with a systematic and logical approach.
  • Strong Communication: Excellent verbal and written communication skills to effectively articulate complex technical concepts to both technical and non-technical audiences.
  • Collaboration & Teamwork: A proven track record of working effectively in cross-functional teams to achieve common goals.
  • Attention to Detail: Meticulous approach to configuration, documentation, and policy enforcement to prevent security gaps.
  • Project Management: Ability to manage multiple projects simultaneously, prioritize tasks, and meet deadlines.
  • Customer Focus: A commitment to providing a secure yet seamless user experience for all employees and customers.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor's degree in a relevant field or equivalent practical experience in lieu of a degree.

Preferred Education:

  • Bachelor's or Master's degree in Cybersecurity, Computer Science, or Information Technology.
  • Relevant industry certifications (e.g., CISSP, CompTIA Security+, vendor-specific certs like Microsoft Certified: Identity and Access Administrator Associate or Okta Certified Professional).

Relevant Fields of Study:

  • Computer Science
  • Information Systems / Information Technology
  • Cybersecurity Engineering

Experience Requirements

Typical Experience Range:

  • 3-7 years of dedicated, hands-on experience in an Identity and Access Management engineering role or a closely related cybersecurity field.

Preferred:

  • 5+ years of experience architecting, implementing, and operating enterprise-scale IAM solutions in a large, complex, hybrid on-prem/cloud environment. Demonstrable project leadership experience is a significant plus.
Explore More Careers