Senior IAM Engineer

{
  "content_hash": "2601b4bf9dbf5fda6bc1ae583efd9dd8c5131cbd69fc40bcb484f6b9e499039d",
  "source_hash": "658d786c4be689fd095875d65cd2527338bf30e80034dfdf3e2589888172f6c9",
  "last_changed_at": "2026-06-18T09:33:47.680Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "OKLAHOMA CITY, OK",
    "city": "OKLAHOMA CITY",
    "region": "OK",
    "country": "United States",
    "is_remote": true,
    "confidence": 0.8
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-18T09:33:47.591Z",
  "launch_scope": {
    "reason": "workday_production_catalog",
    "included": true,
    "location": {
      "raw": "OKLAHOMA CITY, OK",
      "city": "OKLAHOMA CITY",
      "region": "OK",
      "country": "United States",
      "is_remote": true,
      "confidence": 0.8
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": "remote",
  "salary_period": null,
  "workplace_type": "remote",
  "salary_currency": null
}

{}

{
  "list_job": {
    "title": "Senior IAM Engineer",
    "postedOn": "Posted 3 Days Ago",
    "remoteType": "Remote",
    "bulletFields": [
      "Oklahoma",
      "JR110310"
    ],
    "externalPath": "/job/OKLAHOMA-CITY-OK/Senior-IAM-Engineer_JR110310",
    "locationsText": "OKLAHOMA CITY, OK"
  },
  "detail_errors": [],
  "detail_job_posting_info": {
    "id": "6b6bf2dd26651001bd65070c0e950000",
    "title": "Senior IAM Engineer",
    "posted": true,
    "country": {
      "id": "bc33aa3152ec42d4995f4791a106ed09",
      "descriptor": "United States of America"
    },
    "canApply": true,
    "jobReqId": "JR110310",
    "location": "OKLAHOMA CITY, OK",
    "postedOn": "Posted 3 Days Ago",
    "timeType": "Full time",
    "startDate": "2026-06-15",
    "remoteType": "Remote",
    "externalUrl": "https://acrisure.wd1.myworkdayjobs.com/Acrisure/job/OKLAHOMA-CITY-OK/Senior-IAM-Engineer_JR110310",
    "jobPostingId": "Senior-IAM-Engineer_JR110310",
    "jobDescription": "<p style=\"text-align:inherit\"></p><h2></h2><div><div><div><b>Senior Identity and Access Management (IAM) Engineer </b></div><div><span><b><span>Department:</span></b><span> Information Security</span></span></div><div><span><b><span>Reports to:</span></b><span> Senior Director, Information Security</span></span></div><div></div><h2><span><span>Role Summary</span></span></h2><div><span><span>You will be a hands-on IAM engineer who designs, automates, and scales secure identity and access controls across cloud and enterprise environments. You’ll build paved-road patterns for identity federation, least privilege, and just-in-time access — ensuring that authentication and authorization boundaries are strong, measurable, and frictionless.</span></span></div><div><span><span>Success in this role means </span><span>turning identity into an enabler</span><span>: making secure access seamless for users, applications, and services while maintaining the highest standards of governance and compliance.</span></span></div><div></div><h2><span><span>What You’ll Do (Core Responsibilities)</span></span></h2><h3><span><span>Architect and Automate Identity Foundations</span></span></h3><ul><li><span><span>Design and maintain </span><span>secure-by-default IAM architectures</span><span> across </span><span>Azure AD / Entra ID, AWS IAM, and hybrid enterprise systems</span><span>.</span></span></li><li><span><span>Develop </span><span>paved road templates</span><span> for access control patterns (e.g., federated access, role assumption, service accounts, workload identity).</span></span></li><li><span><span>Automate provisioning and deprovisioning pipelines using </span><span>identity APIs, SCIM, and workflow orchestration tools</span><span> (e.g., SailPoint, Okta Workflows, Azure Automation, or Terraform).</span></span></li><li><span><span>Implement </span><span>policy-as-code</span><span> for IAM guardrails (e.g., least-privilege enforcement, conditional access, MFA requirements, privilege expiration).</span></span></li></ul><div></div><h3><span><span>Access Control, Federation, and Governance</span></span></h3><ul><li><span><span>Engineer </span><span>federated identity</span><span> solutions for users, applications, and partners using </span><span>SAML, OIDC, and OAuth2</span><span>.</span></span></li><li><span><span>Manage </span><span>conditional access policies</span><span>, </span><span>adaptive authentication</span><span>, and </span><span>passwordless</span><span> strategies to balance security with user experience.</span></span></li><li><span><span>Define and enforce </span><span>least privilege</span><span> for human and machine identities across AWS, Azure, and SaaS platforms.</span></span></li><li><span><span>Integrate IAM governance with enterprise GRC systems to ensure traceability and audit readiness.</span></span></li><li><span><span>Partner with AppSec and Cloud teams to secure </span><span>authn/z boundaries</span><span> across applications, APIs, and services.</span></span></li></ul><div></div><h3><span><span>Privileged Access Management (PAM)</span></span></h3><ul><li><span><span>Implement and maintain </span><span>privileged access vaulting and session control</span><span> using platforms like CyberArk, BeyondTrust, Delinea, or Azure PIM.</span></span></li><li><span><span>Automate </span><span>just-in-time elevation</span><span> for administrative roles and enforce time-bound access approvals.</span></span></li><li><span><span>Continuously monitor and remediate excessive privileges across cloud and on-prem accounts.</span></span></li><li><span><span>Integrate PAM telemetry with SIEM/SOAR for threat detection and behavioral analytics.</span></span></li></ul><div></div><h3><span><span>Lifecycle and Risk Management</span></span></h3><ul><li><span><span>Automate </span><span>joiner/mover/leaver</span><span> processes and identity lifecycle events through API-driven workflows and HR system integrations.</span></span></li><li><span><span>Conduct </span><span>periodic access reviews</span><span> and certifications; deliver evidence for SOC2, PCI, and ISO audits.</span></span></li><li><span><span>Develop and maintain dashboards for </span><span>leading indicators</span><span> (automated provisioning rate, MFA coverage, stale accounts) and </span><span>lagging indicators</span><span> (MTTR for access removal, orphaned identities, failed recertifications).</span></span></li><li><span><span>Prioritize remediation through </span><span>risk scoring</span><span> (criticality × exposure × privilege depth) and ensure compliance with internal SLAs.</span></span></li></ul><div></div><h3><span><span>Detection and Response Integration</span></span></h3><ul><li><span><span>Collaborate with Security Operations to define </span><span>identity-related detections</span><span> (impossible travel, lateral movement, privilege abuse).</span></span></li><li><span><span>Correlate identity events with endpoint and cloud telemetry to identify compromised accounts.</span></span></li><li><span><span>Assist in </span><span>incident response</span><span> for identity-based breaches, credential theft, and access abuse.</span></span></li></ul><div></div><h2><span><span>Minimum Qualifications</span></span></h2><ul><li><span><span>5&#43; years</span><span> of experience in </span><span>Identity and Access Management</span><span> engineering, including multi-cloud and hybrid enterprise environments.</span></span></li><li><span><span>Strong knowledge of </span><span>Azure AD / Entra ID</span><span>, </span><span>AWS IAM</span><span>, and </span><span>SAML / OIDC / OAuth2 / SCIM</span><span> protocols.</span></span></li><li><span><span>Proficiency with </span><span>identity automation</span><span> using </span><span>PowerShell, Python, Terraform, or APIs</span><span>.</span></span></li><li><span><span>Experience with </span><span>PAM platforms</span><span> (CyberArk, BeyondTrust, or Azure PIM) and </span><span>IGA tools</span><span> (SailPoint, Saviynt, or Okta).</span></span></li><li><span><span>Familiarity with </span><span>conditional access</span><span>, </span><span>MFA enforcement</span><span>, and </span><span>passwordless authentication</span><span> in large-scale environments.</span></span></li><li><span><span>Understanding of </span><span>zero trust architecture</span><span>, </span><span>least privilege design</span><span>, and </span><span>role-based access control (RBAC)</span><span>principles.</span></span></li><li><span><span>Proven ability to interpret business access needs and translate them into secure, scalable IAM solutions.</span></span></li></ul><div></div><h2><span><span>Preferred Qualifications</span></span></h2><ul><li><span><span>Exposure to </span><span>NIST 800-63</span><span>, </span><span>CIS Controls</span><span>, </span><span>Zero Trust Maturity Model</span><span>, and </span><span>NIST CSF</span><span>.</span></span></li><li><span><span>Experience integrating IAM data with </span><span>SIEM</span><span> (e.g. Sentinel) and </span><span>SOAR</span><span> workflows.</span></span></li><li><span><span>Relevant certifications such as </span><span>CISSP</span><span>, </span><span>CISM</span><span>, </span><span>Azure Security Engineer Associate</span><span>, </span><span>AWS Security – Specialty</span><span>, or </span><span>Okta Certified Professional</span><span>.</span></span></li></ul><div></div><h2><span><span>Behavioral Competencies</span></span></h2><ul><li><span><span>Enablement first:</span><span> You design access patterns that simplify compliance and make the secure option the default.</span></span></li><li><span><span>Automation mindset:</span><span> You codify identity logic and guardrails, reducing manual effort and human error.</span></span></li><li><span><span>System thinker:</span><span> You see identity as the connective tissue between applications, infrastructure, and users.</span></span></li><li><span><span>Risk translator:</span><span> You clearly articulate the business impact of over-privilege and authentication weaknesses.</span></span></li></ul></div><p>#Auris</p><p></p><p></p><ul></ul></div><p></p><p><b>Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership.</b></p><p> </p><p><b>Why Join Us:</b></p><p>At Acrisure, we’re building more than a business, we’re building a community where people can grow, thrive, and make an impact. Our benefits are designed to support every dimension of your life, from your health and finances to your family and future.</p><p></p><p>Making a lasting impact on the communities it serves, Acrisure has pledged more than $22 million through its partnerships with Corewell Health Helen DeVos Children&#39;s Hospital in Grand Rapids, Michigan, UPMC Children&#39;s Hospital in Pittsburgh, Pennsylvania and Blythedale Children&#39;s Hospital in Valhalla, New York.</p><p> </p><p><b>Employee Benefits</b></p><p>We also offer our employees a comprehensive suite of benefits and perks, including:</p><ul><li><p><b>Physical Wellness:</b> Comprehensive medical insurance, dental insurance, and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time.</p></li><li><p><b>Mental Wellness:</b> Generous paid time off and holidays; Employee Assistance Program (EAP); and a complimentary Calm app subscription.</p></li><li><p><b>Financial Wellness:</b> Immediate vesting in a 401(k) plan; Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs.</p></li><li><p><b>Family Care:</b> Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage.</p></li><li><p><b>… and so much more!</b></p></li></ul><p><i>This list is not exhaustive of all available benefits. Eligibility and waiting periods may apply to certain offerings. Benefits may vary based on subsidiary entity and geographic location.</i></p><p> </p><p><b>Acrisure is an Equal Opportunity Employer.</b> We consider qualified applicants without regard to race, color, religion, sex, national origin, disability, or protected veteran status. Applicants may request reasonable accommodation by contacting <i>leaves&#64;acrisure.com</i>.</p><p></p><p>Final candidates will be required to complete post-offer verification processes related to the role and in accordance with applicable laws.</p><p> </p><p><b>California Residents:</b> Learn more about our privacy practices for applicants by visiting the <a target=\"_blank\" href=\"https://www.acrisure.com/privacy/caapplicant\"><span style=\"color:#005cb9\"><u>Acrisure California Applicant Privacy Policy</u></span></a>.</p><p> </p><p><b>Recruitment Fraud: </b>Please visit here to learn more about our <a target=\"_blank\" href=\"https://www.acrisure.com/careers\"><span style=\"color:#005cb9\"><u>Recruitment Fraud Notice</u></span></a><span style=\"color:#005cb9\">.</span></p><p> </p><p><b>Welcome, your new opportunity awaits you.</b></p><p></p>",
    "questionnaireId": "08591557fed51001af5725adba020000",
    "jobPostingSiteId": "Acrisure",
    "includeResumeParsing": true,
    "jobRequisitionLocation": {
      "country": {
        "id": "bc33aa3152ec42d4995f4791a106ed09",
        "alpha2Code": "US",
        "descriptor": "United States of America"
      },
      "descriptor": "100 East Main Street - OKLAHOMA CITY, OK"
    }
  }
}